Analysis
-
max time kernel
149s -
max time network
117s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
18-05-2024 05:25
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
977ff72bdcdceee1ffd219b0a9d092b0_NeikiAnalytics.exe
Resource
win7-20240220-en
windows7-x64
5 signatures
150 seconds
General
-
Target
977ff72bdcdceee1ffd219b0a9d092b0_NeikiAnalytics.exe
-
Size
91KB
-
MD5
977ff72bdcdceee1ffd219b0a9d092b0
-
SHA1
d7cf810c6ad9e039dcf2c20af34f7ab7599a1762
-
SHA256
dbbd14369d13561b31353c431cb2a5eb43ece4871919fc8a7ac41d9ea10840b7
-
SHA512
f6daced375a2b77f64d45f26b1e1158f79894c72d996a627a9a05df41715cf5dedcfb009676862f6d290e0bfaaea8e4660744a830935624d55bf213827a510f6
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDodtzac0Hobv0byLufTJfJVV:ymb3NkkiQ3mdBjFodt27HobvcyLufNf5
Malware Config
Signatures
-
Detect Blackmoon payload 22 IoCs
Processes:
resource yara_rule behavioral2/memory/4992-4-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/932-10-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1192-24-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4832-38-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4088-45-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4208-58-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1748-62-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3460-75-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4380-84-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/888-90-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3208-96-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3088-101-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3156-120-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2756-126-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/628-132-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1152-138-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/620-144-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3268-151-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/668-161-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2556-168-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2648-174-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/408-204-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
Processes:
flfllxr.exe3lrfrrf.exexrlflfr.exexllfxrf.exehhnhtn.exetbbtbb.exe4868288.exevpjvp.exe08482.exe06864.exedpdpv.exe4008608.exe6066862.exeg6604.exefrlxlfx.exelxxfrxl.exe4848660.exe24042.exexxrfxlx.exedjdjj.exe488260.exe666420.exe084648.exerlxlxlx.exehththb.exebnbtbt.exe200408.exerrrlxlf.exedvppj.exefxfxlff.exejppdp.exejddpp.exe44060.exellllxlf.exe6444044.exe82006.exew22082.exe604082.exedvpvp.exexxrfrlf.exek68224.exedpdvp.exe42242.exevjvpd.exeu448260.exe624206.exeflxfffx.exejpdpj.exe2620826.exe22420.exe84864.exe0804662.exe4408686.exexllfrlx.exerlxrxrr.exe2648822.exe484882.exefllfrlf.exe082660.exenhtntn.exethbbth.exenbnbnb.exe206064.exetbbnhb.exepid process 932 flfllxr.exe 1096 3lrfrrf.exe 1192 xrlflfr.exe 1684 xllfxrf.exe 4832 hhnhtn.exe 4088 tbbtbb.exe 4208 4868288.exe 1748 vpjvp.exe 2584 08482.exe 3460 06864.exe 4380 dpdpv.exe 888 4008608.exe 3208 6066862.exe 3088 g6604.exe 3968 frlxlfx.exe 3400 lxxfrxl.exe 3156 4848660.exe 2756 24042.exe 628 xxrfxlx.exe 1152 djdjj.exe 620 488260.exe 3268 666420.exe 2736 084648.exe 668 rlxlxlx.exe 2556 hththb.exe 2648 bnbtbt.exe 3628 200408.exe 4552 rrrlxlf.exe 3904 dvppj.exe 4796 fxfxlff.exe 408 jppdp.exe 1336 jddpp.exe 3440 44060.exe 3688 llllxlf.exe 4672 6444044.exe 3824 82006.exe 4524 w22082.exe 2740 604082.exe 4840 dvpvp.exe 4388 xxrfrlf.exe 1096 k68224.exe 2468 dpdvp.exe 1280 42242.exe 5108 vjvpd.exe 3996 u448260.exe 2128 624206.exe 1876 flxfffx.exe 4000 jpdpj.exe 4556 2620826.exe 4220 22420.exe 2584 84864.exe 2716 0804662.exe 5072 4408686.exe 1368 xllfrlx.exe 888 rlxrxrr.exe 3364 2648822.exe 4728 484882.exe 2280 fllfrlf.exe 4532 082660.exe 3400 nhtntn.exe 3436 thbbth.exe 4336 nbnbnb.exe 2952 206064.exe 2604 tbbnhb.exe -
Processes:
resource yara_rule behavioral2/memory/4992-4-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/932-10-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1192-24-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1684-30-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4832-38-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4088-45-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4208-52-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4208-53-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4208-51-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4208-58-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1748-62-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3460-75-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4380-84-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/888-90-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3208-96-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3088-101-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3156-120-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2756-126-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/628-132-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1152-138-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/620-144-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3268-151-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/668-161-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2556-168-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2648-174-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/408-204-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
977ff72bdcdceee1ffd219b0a9d092b0_NeikiAnalytics.exeflfllxr.exe3lrfrrf.exexrlflfr.exexllfxrf.exehhnhtn.exetbbtbb.exe4868288.exevpjvp.exe08482.exe06864.exedpdpv.exe4008608.exe6066862.exeg6604.exefrlxlfx.exelxxfrxl.exe4848660.exe24042.exexxrfxlx.exedjdjj.exe488260.exedescription pid process target process PID 4992 wrote to memory of 932 4992 977ff72bdcdceee1ffd219b0a9d092b0_NeikiAnalytics.exe flfllxr.exe PID 4992 wrote to memory of 932 4992 977ff72bdcdceee1ffd219b0a9d092b0_NeikiAnalytics.exe flfllxr.exe PID 4992 wrote to memory of 932 4992 977ff72bdcdceee1ffd219b0a9d092b0_NeikiAnalytics.exe flfllxr.exe PID 932 wrote to memory of 1096 932 flfllxr.exe 3lrfrrf.exe PID 932 wrote to memory of 1096 932 flfllxr.exe 3lrfrrf.exe PID 932 wrote to memory of 1096 932 flfllxr.exe 3lrfrrf.exe PID 1096 wrote to memory of 1192 1096 3lrfrrf.exe xrlflfr.exe PID 1096 wrote to memory of 1192 1096 3lrfrrf.exe xrlflfr.exe PID 1096 wrote to memory of 1192 1096 3lrfrrf.exe xrlflfr.exe PID 1192 wrote to memory of 1684 1192 xrlflfr.exe xllfxrf.exe PID 1192 wrote to memory of 1684 1192 xrlflfr.exe xllfxrf.exe PID 1192 wrote to memory of 1684 1192 xrlflfr.exe xllfxrf.exe PID 1684 wrote to memory of 4832 1684 xllfxrf.exe hhnhtn.exe PID 1684 wrote to memory of 4832 1684 xllfxrf.exe hhnhtn.exe PID 1684 wrote to memory of 4832 1684 xllfxrf.exe hhnhtn.exe PID 4832 wrote to memory of 4088 4832 hhnhtn.exe tbbtbb.exe PID 4832 wrote to memory of 4088 4832 hhnhtn.exe tbbtbb.exe PID 4832 wrote to memory of 4088 4832 hhnhtn.exe tbbtbb.exe PID 4088 wrote to memory of 4208 4088 tbbtbb.exe 4868288.exe PID 4088 wrote to memory of 4208 4088 tbbtbb.exe 4868288.exe PID 4088 wrote to memory of 4208 4088 tbbtbb.exe 4868288.exe PID 4208 wrote to memory of 1748 4208 4868288.exe vpjvp.exe PID 4208 wrote to memory of 1748 4208 4868288.exe vpjvp.exe PID 4208 wrote to memory of 1748 4208 4868288.exe vpjvp.exe PID 1748 wrote to memory of 2584 1748 vpjvp.exe 08482.exe PID 1748 wrote to memory of 2584 1748 vpjvp.exe 08482.exe PID 1748 wrote to memory of 2584 1748 vpjvp.exe 08482.exe PID 2584 wrote to memory of 3460 2584 08482.exe 06864.exe PID 2584 wrote to memory of 3460 2584 08482.exe 06864.exe PID 2584 wrote to memory of 3460 2584 08482.exe 06864.exe PID 3460 wrote to memory of 4380 3460 06864.exe dpdpv.exe PID 3460 wrote to memory of 4380 3460 06864.exe dpdpv.exe PID 3460 wrote to memory of 4380 3460 06864.exe dpdpv.exe PID 4380 wrote to memory of 888 4380 dpdpv.exe 4008608.exe PID 4380 wrote to memory of 888 4380 dpdpv.exe 4008608.exe PID 4380 wrote to memory of 888 4380 dpdpv.exe 4008608.exe PID 888 wrote to memory of 3208 888 4008608.exe 6066862.exe PID 888 wrote to memory of 3208 888 4008608.exe 6066862.exe PID 888 wrote to memory of 3208 888 4008608.exe 6066862.exe PID 3208 wrote to memory of 3088 3208 6066862.exe g6604.exe PID 3208 wrote to memory of 3088 3208 6066862.exe g6604.exe PID 3208 wrote to memory of 3088 3208 6066862.exe g6604.exe PID 3088 wrote to memory of 3968 3088 g6604.exe frlxlfx.exe PID 3088 wrote to memory of 3968 3088 g6604.exe frlxlfx.exe PID 3088 wrote to memory of 3968 3088 g6604.exe frlxlfx.exe PID 3968 wrote to memory of 3400 3968 frlxlfx.exe lxxfrxl.exe PID 3968 wrote to memory of 3400 3968 frlxlfx.exe lxxfrxl.exe PID 3968 wrote to memory of 3400 3968 frlxlfx.exe lxxfrxl.exe PID 3400 wrote to memory of 3156 3400 lxxfrxl.exe 4848660.exe PID 3400 wrote to memory of 3156 3400 lxxfrxl.exe 4848660.exe PID 3400 wrote to memory of 3156 3400 lxxfrxl.exe 4848660.exe PID 3156 wrote to memory of 2756 3156 4848660.exe 24042.exe PID 3156 wrote to memory of 2756 3156 4848660.exe 24042.exe PID 3156 wrote to memory of 2756 3156 4848660.exe 24042.exe PID 2756 wrote to memory of 628 2756 24042.exe xxrfxlx.exe PID 2756 wrote to memory of 628 2756 24042.exe xxrfxlx.exe PID 2756 wrote to memory of 628 2756 24042.exe xxrfxlx.exe PID 628 wrote to memory of 1152 628 xxrfxlx.exe djdjj.exe PID 628 wrote to memory of 1152 628 xxrfxlx.exe djdjj.exe PID 628 wrote to memory of 1152 628 xxrfxlx.exe djdjj.exe PID 1152 wrote to memory of 620 1152 djdjj.exe 488260.exe PID 1152 wrote to memory of 620 1152 djdjj.exe 488260.exe PID 1152 wrote to memory of 620 1152 djdjj.exe 488260.exe PID 620 wrote to memory of 3268 620 488260.exe 666420.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\977ff72bdcdceee1ffd219b0a9d092b0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\977ff72bdcdceee1ffd219b0a9d092b0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4992 -
\??\c:\flfllxr.exec:\flfllxr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:932 -
\??\c:\3lrfrrf.exec:\3lrfrrf.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1096 -
\??\c:\xrlflfr.exec:\xrlflfr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1192 -
\??\c:\xllfxrf.exec:\xllfxrf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1684 -
\??\c:\hhnhtn.exec:\hhnhtn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4832 -
\??\c:\tbbtbb.exec:\tbbtbb.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4088 -
\??\c:\4868288.exec:\4868288.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4208 -
\??\c:\vpjvp.exec:\vpjvp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1748 -
\??\c:\08482.exec:\08482.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2584 -
\??\c:\06864.exec:\06864.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3460 -
\??\c:\dpdpv.exec:\dpdpv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4380 -
\??\c:\4008608.exec:\4008608.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:888 -
\??\c:\6066862.exec:\6066862.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3208 -
\??\c:\g6604.exec:\g6604.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3088 -
\??\c:\frlxlfx.exec:\frlxlfx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3968 -
\??\c:\lxxfrxl.exec:\lxxfrxl.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3400 -
\??\c:\4848660.exec:\4848660.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3156 -
\??\c:\24042.exec:\24042.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2756 -
\??\c:\xxrfxlx.exec:\xxrfxlx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:628 -
\??\c:\djdjj.exec:\djdjj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1152 -
\??\c:\488260.exec:\488260.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:620 -
\??\c:\666420.exec:\666420.exe23⤵
- Executes dropped EXE
PID:3268 -
\??\c:\084648.exec:\084648.exe24⤵
- Executes dropped EXE
PID:2736 -
\??\c:\rlxlxlx.exec:\rlxlxlx.exe25⤵
- Executes dropped EXE
PID:668 -
\??\c:\hththb.exec:\hththb.exe26⤵
- Executes dropped EXE
PID:2556 -
\??\c:\bnbtbt.exec:\bnbtbt.exe27⤵
- Executes dropped EXE
PID:2648 -
\??\c:\200408.exec:\200408.exe28⤵
- Executes dropped EXE
PID:3628 -
\??\c:\rrrlxlf.exec:\rrrlxlf.exe29⤵
- Executes dropped EXE
PID:4552 -
\??\c:\dvppj.exec:\dvppj.exe30⤵
- Executes dropped EXE
PID:3904 -
\??\c:\fxfxlff.exec:\fxfxlff.exe31⤵
- Executes dropped EXE
PID:4796 -
\??\c:\jppdp.exec:\jppdp.exe32⤵
- Executes dropped EXE
PID:408 -
\??\c:\jddpp.exec:\jddpp.exe33⤵
- Executes dropped EXE
PID:1336 -
\??\c:\44060.exec:\44060.exe34⤵
- Executes dropped EXE
PID:3440 -
\??\c:\llllxlf.exec:\llllxlf.exe35⤵
- Executes dropped EXE
PID:3688 -
\??\c:\6444044.exec:\6444044.exe36⤵
- Executes dropped EXE
PID:4672 -
\??\c:\82006.exec:\82006.exe37⤵
- Executes dropped EXE
PID:3824 -
\??\c:\w22082.exec:\w22082.exe38⤵
- Executes dropped EXE
PID:4524 -
\??\c:\604082.exec:\604082.exe39⤵
- Executes dropped EXE
PID:2740 -
\??\c:\dvpvp.exec:\dvpvp.exe40⤵
- Executes dropped EXE
PID:4840 -
\??\c:\xxrfrlf.exec:\xxrfrlf.exe41⤵
- Executes dropped EXE
PID:4388 -
\??\c:\k68224.exec:\k68224.exe42⤵
- Executes dropped EXE
PID:1096 -
\??\c:\dpdvp.exec:\dpdvp.exe43⤵
- Executes dropped EXE
PID:2468 -
\??\c:\42242.exec:\42242.exe44⤵
- Executes dropped EXE
PID:1280 -
\??\c:\vjvpd.exec:\vjvpd.exe45⤵
- Executes dropped EXE
PID:5108 -
\??\c:\u448260.exec:\u448260.exe46⤵
- Executes dropped EXE
PID:3996 -
\??\c:\624206.exec:\624206.exe47⤵
- Executes dropped EXE
PID:2128 -
\??\c:\flxfffx.exec:\flxfffx.exe48⤵
- Executes dropped EXE
PID:1876 -
\??\c:\jpdpj.exec:\jpdpj.exe49⤵
- Executes dropped EXE
PID:4000 -
\??\c:\2620826.exec:\2620826.exe50⤵
- Executes dropped EXE
PID:4556 -
\??\c:\22420.exec:\22420.exe51⤵
- Executes dropped EXE
PID:4220 -
\??\c:\84864.exec:\84864.exe52⤵
- Executes dropped EXE
PID:2584 -
\??\c:\0804662.exec:\0804662.exe53⤵
- Executes dropped EXE
PID:2716 -
\??\c:\4408686.exec:\4408686.exe54⤵
- Executes dropped EXE
PID:5072 -
\??\c:\xllfrlx.exec:\xllfrlx.exe55⤵
- Executes dropped EXE
PID:1368 -
\??\c:\rlxrxrr.exec:\rlxrxrr.exe56⤵
- Executes dropped EXE
PID:888 -
\??\c:\2648822.exec:\2648822.exe57⤵
- Executes dropped EXE
PID:3364 -
\??\c:\484882.exec:\484882.exe58⤵
- Executes dropped EXE
PID:4728 -
\??\c:\fllfrlf.exec:\fllfrlf.exe59⤵
- Executes dropped EXE
PID:2280 -
\??\c:\082660.exec:\082660.exe60⤵
- Executes dropped EXE
PID:4532 -
\??\c:\nhtntn.exec:\nhtntn.exe61⤵
- Executes dropped EXE
PID:3400 -
\??\c:\thbbth.exec:\thbbth.exe62⤵
- Executes dropped EXE
PID:3436 -
\??\c:\nbnbnb.exec:\nbnbnb.exe63⤵
- Executes dropped EXE
PID:4336 -
\??\c:\206064.exec:\206064.exe64⤵
- Executes dropped EXE
PID:2952 -
\??\c:\tbbnhb.exec:\tbbnhb.exe65⤵
- Executes dropped EXE
PID:2604 -
\??\c:\s0204.exec:\s0204.exe66⤵PID:1152
-
\??\c:\0620824.exec:\0620824.exe67⤵PID:940
-
\??\c:\u468864.exec:\u468864.exe68⤵PID:864
-
\??\c:\llfrrlf.exec:\llfrrlf.exe69⤵PID:1104
-
\??\c:\860644.exec:\860644.exe70⤵PID:2312
-
\??\c:\q60482.exec:\q60482.exe71⤵PID:1260
-
\??\c:\thbhnn.exec:\thbhnn.exe72⤵PID:2264
-
\??\c:\2042042.exec:\2042042.exe73⤵PID:4272
-
\??\c:\42608.exec:\42608.exe74⤵PID:372
-
\??\c:\o660486.exec:\o660486.exe75⤵PID:3632
-
\??\c:\4428468.exec:\4428468.exe76⤵PID:2256
-
\??\c:\862846.exec:\862846.exe77⤵PID:1188
-
\??\c:\02824.exec:\02824.exe78⤵PID:1668
-
\??\c:\20220.exec:\20220.exe79⤵PID:3044
-
\??\c:\vjppv.exec:\vjppv.exe80⤵PID:4436
-
\??\c:\djjvp.exec:\djjvp.exe81⤵PID:408
-
\??\c:\hbtbtb.exec:\hbtbtb.exe82⤵PID:2232
-
\??\c:\ffxrfxr.exec:\ffxrfxr.exe83⤵PID:2132
-
\??\c:\46080.exec:\46080.exe84⤵PID:996
-
\??\c:\ntnhtn.exec:\ntnhtn.exe85⤵PID:3688
-
\??\c:\066666.exec:\066666.exe86⤵PID:4672
-
\??\c:\644648.exec:\644648.exe87⤵PID:868
-
\??\c:\8482660.exec:\8482660.exe88⤵PID:1816
-
\??\c:\o620600.exec:\o620600.exe89⤵PID:2740
-
\??\c:\00420.exec:\00420.exe90⤵PID:2364
-
\??\c:\tbnbhh.exec:\tbnbhh.exe91⤵PID:3672
-
\??\c:\08040.exec:\08040.exe92⤵PID:2744
-
\??\c:\402644.exec:\402644.exe93⤵PID:3128
-
\??\c:\hththn.exec:\hththn.exe94⤵PID:3840
-
\??\c:\nhnhtn.exec:\nhnhtn.exe95⤵PID:4512
-
\??\c:\862648.exec:\862648.exe96⤵PID:2824
-
\??\c:\5llxfxl.exec:\5llxfxl.exe97⤵PID:4600
-
\??\c:\jdjvp.exec:\jdjvp.exe98⤵PID:4208
-
\??\c:\6286604.exec:\6286604.exe99⤵PID:1844
-
\??\c:\hntnhb.exec:\hntnhb.exe100⤵PID:3676
-
\??\c:\bhhthh.exec:\bhhthh.exe101⤵PID:2584
-
\??\c:\6064226.exec:\6064226.exe102⤵PID:1596
-
\??\c:\vjvjd.exec:\vjvjd.exe103⤵PID:4216
-
\??\c:\vjvjp.exec:\vjvjp.exe104⤵PID:448
-
\??\c:\1pdpj.exec:\1pdpj.exe105⤵PID:4844
-
\??\c:\5dddv.exec:\5dddv.exe106⤵PID:3780
-
\??\c:\86086.exec:\86086.exe107⤵PID:2376
-
\??\c:\208200.exec:\208200.exe108⤵PID:1008
-
\??\c:\0008608.exec:\0008608.exe109⤵PID:3968
-
\??\c:\jvpjv.exec:\jvpjv.exe110⤵PID:3400
-
\??\c:\c064044.exec:\c064044.exe111⤵PID:3108
-
\??\c:\xlxrfxl.exec:\xlxrfxl.exe112⤵PID:1764
-
\??\c:\nnnhtn.exec:\nnnhtn.exe113⤵PID:916
-
\??\c:\0882600.exec:\0882600.exe114⤵PID:4636
-
\??\c:\200082.exec:\200082.exe115⤵PID:1880
-
\??\c:\60200.exec:\60200.exe116⤵PID:4548
-
\??\c:\24480.exec:\24480.exe117⤵PID:3268
-
\??\c:\04826.exec:\04826.exe118⤵PID:3504
-
\??\c:\btbhth.exec:\btbhth.exe119⤵PID:2976
-
\??\c:\frxrlfx.exec:\frxrlfx.exe120⤵PID:4124
-
\??\c:\dddvp.exec:\dddvp.exe121⤵PID:4476
-
\??\c:\xrrflfx.exec:\xrrflfx.exe122⤵PID:3848
-
\??\c:\7tthtn.exec:\7tthtn.exe123⤵PID:2956
-
\??\c:\g4468.exec:\g4468.exe124⤵PID:3404
-
\??\c:\bhbtnh.exec:\bhbtnh.exe125⤵PID:4700
-
\??\c:\20206.exec:\20206.exe126⤵PID:3904
-
\??\c:\2008826.exec:\2008826.exe127⤵PID:3152
-
\??\c:\c048886.exec:\c048886.exe128⤵PID:4796
-
\??\c:\2660826.exec:\2660826.exe129⤵PID:744
-
\??\c:\frrlfrl.exec:\frrlfrl.exe130⤵PID:2428
-
\??\c:\ddvdj.exec:\ddvdj.exe131⤵PID:3536
-
\??\c:\680228.exec:\680228.exe132⤵PID:2632
-
\??\c:\pvdpd.exec:\pvdpd.exe133⤵PID:2160
-
\??\c:\00486.exec:\00486.exe134⤵PID:3832
-
\??\c:\s0480.exec:\s0480.exe135⤵PID:2680
-
\??\c:\pdjvj.exec:\pdjvj.exe136⤵PID:3556
-
\??\c:\rfrlrll.exec:\rfrlrll.exe137⤵PID:1444
-
\??\c:\24288.exec:\24288.exe138⤵PID:1228
-
\??\c:\866404.exec:\866404.exe139⤵PID:3204
-
\??\c:\ttnnth.exec:\ttnnth.exe140⤵PID:3520
-
\??\c:\llrfxrl.exec:\llrfxrl.exe141⤵PID:1684
-
\??\c:\4260826.exec:\4260826.exe142⤵PID:516
-
\??\c:\2888264.exec:\2888264.exe143⤵PID:2936
-
\??\c:\0226442.exec:\0226442.exe144⤵PID:1528
-
\??\c:\7vdvv.exec:\7vdvv.exe145⤵PID:1912
-
\??\c:\jvpdd.exec:\jvpdd.exe146⤵PID:1568
-
\??\c:\442648.exec:\442648.exe147⤵PID:4220
-
\??\c:\hnhnht.exec:\hnhnht.exe148⤵PID:3676
-
\??\c:\hbtnbt.exec:\hbtnbt.exe149⤵PID:1536
-
\??\c:\48444.exec:\48444.exe150⤵PID:1368
-
\??\c:\2282048.exec:\2282048.exe151⤵PID:1624
-
\??\c:\0800448.exec:\0800448.exe152⤵PID:4448
-
\??\c:\440482.exec:\440482.exe153⤵PID:1012
-
\??\c:\thtnbt.exec:\thtnbt.exe154⤵PID:2328
-
\??\c:\62264.exec:\62264.exe155⤵PID:2668
-
\??\c:\tnhbhb.exec:\tnhbhb.exe156⤵PID:2756
-
\??\c:\82822.exec:\82822.exe157⤵PID:4920
-
\??\c:\vvpjv.exec:\vvpjv.exe158⤵PID:3108
-
\??\c:\00222.exec:\00222.exe159⤵PID:1608
-
\??\c:\w00460.exec:\w00460.exe160⤵PID:776
-
\??\c:\9bthbt.exec:\9bthbt.exe161⤵PID:940
-
\??\c:\o026404.exec:\o026404.exe162⤵PID:832
-
\??\c:\20426.exec:\20426.exe163⤵PID:5080
-
\??\c:\pvjvj.exec:\pvjvj.exe164⤵PID:4860
-
\??\c:\2686626.exec:\2686626.exe165⤵PID:412
-
\??\c:\002288.exec:\002288.exe166⤵PID:2264
-
\??\c:\3hhtnh.exec:\3hhtnh.exe167⤵PID:4004
-
\??\c:\nnnhtt.exec:\nnnhtt.exe168⤵PID:5060
-
\??\c:\k00826.exec:\k00826.exe169⤵PID:4268
-
\??\c:\7jjvd.exec:\7jjvd.exe170⤵PID:3620
-
\??\c:\vddpd.exec:\vddpd.exe171⤵PID:2256
-
\??\c:\hhhthh.exec:\hhhthh.exe172⤵PID:3392
-
\??\c:\2482602.exec:\2482602.exe173⤵PID:1324
-
\??\c:\htbhbb.exec:\htbhbb.exe174⤵PID:4544
-
\??\c:\2004604.exec:\2004604.exe175⤵PID:1468
-
\??\c:\lxrrffx.exec:\lxrrffx.exe176⤵PID:968
-
\??\c:\6408204.exec:\6408204.exe177⤵PID:704
-
\??\c:\djjvp.exec:\djjvp.exe178⤵PID:4836
-
\??\c:\bntthh.exec:\bntthh.exe179⤵PID:696
-
\??\c:\xllxllx.exec:\xllxllx.exe180⤵PID:312
-
\??\c:\bntttt.exec:\bntttt.exe181⤵PID:2740
-
\??\c:\vpvpd.exec:\vpvpd.exe182⤵PID:2452
-
\??\c:\e60862.exec:\e60862.exe183⤵PID:1096
-
\??\c:\4444260.exec:\4444260.exe184⤵PID:2992
-
\??\c:\1djdv.exec:\1djdv.exe185⤵PID:516
-
\??\c:\60202.exec:\60202.exe186⤵PID:4852
-
\??\c:\6848042.exec:\6848042.exe187⤵PID:4208
-
\??\c:\q80666.exec:\q80666.exe188⤵PID:2844
-
\??\c:\xrrrrxl.exec:\xrrrrxl.exe189⤵PID:1596
-
\??\c:\3xrxflf.exec:\3xrxflf.exe190⤵PID:4216
-
\??\c:\606004.exec:\606004.exe191⤵PID:512
-
\??\c:\nbbnhb.exec:\nbbnhb.exe192⤵PID:2440
-
\??\c:\frfrfxl.exec:\frfrfxl.exe193⤵PID:3088
-
\??\c:\tnhbnn.exec:\tnhbnn.exe194⤵PID:1008
-
\??\c:\djpjd.exec:\djpjd.exe195⤵PID:2328
-
\??\c:\44044.exec:\44044.exe196⤵PID:3244
-
\??\c:\486442.exec:\486442.exe197⤵PID:4336
-
\??\c:\064848.exec:\064848.exe198⤵PID:5032
-
\??\c:\jvjdj.exec:\jvjdj.exe199⤵PID:3608
-
\??\c:\468644.exec:\468644.exe200⤵PID:4500
-
\??\c:\i660426.exec:\i660426.exe201⤵PID:4152
-
\??\c:\8248606.exec:\8248606.exe202⤵PID:1104
-
\??\c:\7ntnnn.exec:\7ntnnn.exe203⤵PID:2312
-
\??\c:\g4002.exec:\g4002.exe204⤵PID:1260
-
\??\c:\lfflxfr.exec:\lfflxfr.exe205⤵PID:4124
-
\??\c:\bhbbtt.exec:\bhbbtt.exe206⤵PID:2264
-
\??\c:\nhbhbn.exec:\nhbhbn.exe207⤵PID:3848
-
\??\c:\888866.exec:\888866.exe208⤵PID:5060
-
\??\c:\llrrxxf.exec:\llrrxxf.exe209⤵PID:3404
-
\??\c:\dpvdj.exec:\dpvdj.exe210⤵PID:1188
-
\??\c:\4266662.exec:\4266662.exe211⤵PID:4700
-
\??\c:\thhbnb.exec:\thhbnb.exe212⤵PID:3820
-
\??\c:\20446.exec:\20446.exe213⤵PID:1256
-
\??\c:\s8000.exec:\s8000.exe214⤵PID:2428
-
\??\c:\xrxrllf.exec:\xrxrllf.exe215⤵PID:440
-
\??\c:\4860488.exec:\4860488.exe216⤵PID:4356
-
\??\c:\60004.exec:\60004.exe217⤵PID:4332
-
\??\c:\xrllffx.exec:\xrllffx.exe218⤵PID:868
-
\??\c:\466086.exec:\466086.exe219⤵PID:764
-
\??\c:\24660.exec:\24660.exe220⤵PID:244
-
\??\c:\pddjv.exec:\pddjv.exe221⤵PID:3204
-
\??\c:\vpvjj.exec:\vpvjj.exe222⤵PID:4664
-
\??\c:\jddpj.exec:\jddpj.exe223⤵PID:2888
-
\??\c:\880088.exec:\880088.exe224⤵PID:3020
-
\??\c:\4004260.exec:\4004260.exe225⤵PID:1120
-
\??\c:\66868.exec:\66868.exe226⤵PID:5064
-
\??\c:\3frlfff.exec:\3frlfff.exe227⤵PID:2584
-
\??\c:\840488.exec:\840488.exe228⤵PID:4720
-
\??\c:\5pjdv.exec:\5pjdv.exe229⤵PID:2056
-
\??\c:\nhbtnn.exec:\nhbtnn.exe230⤵PID:4728
-
\??\c:\nhhbnn.exec:\nhhbnn.exe231⤵PID:2024
-
\??\c:\7hbbnh.exec:\7hbbnh.exe232⤵PID:4532
-
\??\c:\lxffrxr.exec:\lxffrxr.exe233⤵PID:1008
-
\??\c:\62826.exec:\62826.exe234⤵PID:3156
-
\??\c:\lxfrfxl.exec:\lxfrfxl.exe235⤵PID:4920
-
\??\c:\7ntnhb.exec:\7ntnhb.exe236⤵PID:3112
-
\??\c:\44420.exec:\44420.exe237⤵PID:3220
-
\??\c:\jdjvj.exec:\jdjvj.exe238⤵PID:4568
-
\??\c:\xrfrfrl.exec:\xrfrfrl.exe239⤵PID:2736
-
\??\c:\e22882.exec:\e22882.exe240⤵PID:3268
-
\??\c:\84048.exec:\84048.exe241⤵PID:380
-
\??\c:\822424.exec:\822424.exe242⤵PID:2820