Analysis
-
max time kernel
150s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
18-05-2024 04:48
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
90427f817571c738157df1314dcfdb60_NeikiAnalytics.exe
Resource
win7-20240221-en
windows7-x64
5 signatures
150 seconds
General
-
Target
90427f817571c738157df1314dcfdb60_NeikiAnalytics.exe
-
Size
277KB
-
MD5
90427f817571c738157df1314dcfdb60
-
SHA1
e7cbb97f33bbe8609aa716d20416f310773df823
-
SHA256
b661a02574debab3798d49e66051ca4bce042df33a2a44afaab407a66d78c229
-
SHA512
f0e69cdb64d4b9d165ce3e8e990bae5f479c6774c2c5e26c5a9229ee38cec6e22bc01efe667fc9c20fd7a4362f20d2add8c36d26a33d706a6eacdde588d7910d
-
SSDEEP
6144:n3C9BRIG0asYFm71m8+GdkB9yMu7Vvemx:n3C9uYA71kSMuH
Malware Config
Signatures
-
Detect Blackmoon payload 25 IoCs
Processes:
resource yara_rule behavioral2/memory/2108-3-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1236-11-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3312-18-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3200-46-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4348-51-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1124-74-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4492-98-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4180-92-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2040-86-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2184-73-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1860-106-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2080-105-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2184-72-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4184-66-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4184-65-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3196-38-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4752-37-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/800-25-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2684-113-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4024-128-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3096-143-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4864-174-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3704-186-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4912-192-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4172-200-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
Processes:
jdjjd.exeffrrrxx.exerlrrrxx.exenttntt.exevddjj.exe3jppp.exexfrrxff.exebbbhhh.exepvvvv.exeppppj.exe9llllll.exe3xffxxx.exe3bbbtb.exe3pvpj.exeddjpv.exe3xfllrr.exeddvpp.exelfxxxrf.exenhhhhh.exeppdvv.exe1hhhhn.exevdjjj.exerlxxxxx.exe5bhnnb.exefxffxrl.exebbtnhb.exedjdvp.exe3rrlffr.exepvvjd.exe7rrllrr.exehhnhhh.exe1hhhhn.exejdjpd.exehhnnhn.exejvdjd.exelxffffl.exebbntbh.exehtbbnb.exevpdvp.exerfffxfr.exefxxrrrr.exehbbtnn.exepdjjj.exevpppd.exelrrlffx.exebtbttt.exe1ntnbb.exe5ppdp.exehthbbh.exetbhtbt.exe1djjp.exerfrlxrf.exelflxxfx.exeppvpd.exexrxrrrr.exexrlfxxr.exe9btnhb.exevvppp.exelxlxxxx.exethhhbh.exehntbbh.exe7jdvp.exe7fxllxl.exehttnhb.exepid process 1236 jdjjd.exe 3312 ffrrrxx.exe 800 rlrrrxx.exe 3196 nttntt.exe 4752 vddjj.exe 3200 3jppp.exe 4348 xfrrxff.exe 4184 bbbhhh.exe 2184 pvvvv.exe 1124 ppppj.exe 2040 9llllll.exe 4180 3xffxxx.exe 4492 3bbbtb.exe 1860 3pvpj.exe 2080 ddjpv.exe 2684 3xfllrr.exe 4936 ddvpp.exe 4024 lfxxxrf.exe 1164 nhhhhh.exe 3368 ppdvv.exe 3096 1hhhhn.exe 4924 vdjjj.exe 2172 rlxxxxx.exe 2088 5bhnnb.exe 3968 fxffxrl.exe 4864 bbtnhb.exe 4884 djdvp.exe 3704 3rrlffr.exe 4912 pvvjd.exe 4172 7rrllrr.exe 4596 hhnhhh.exe 2876 1hhhhn.exe 3932 jdjpd.exe 4272 hhnnhn.exe 1968 jvdjd.exe 4772 lxffffl.exe 1720 bbntbh.exe 1612 htbbnb.exe 1532 vpdvp.exe 3356 rfffxfr.exe 4760 fxxrrrr.exe 1476 hbbtnn.exe 2572 pdjjj.exe 1888 vpppd.exe 4820 lrrlffx.exe 4752 btbttt.exe 4124 1ntnbb.exe 1408 5ppdp.exe 1140 hthbbh.exe 4556 tbhtbt.exe 3736 1djjp.exe 2528 rfrlxrf.exe 3532 lflxxfx.exe 3720 ppvpd.exe 3056 xrxrrrr.exe 5012 xrlfxxr.exe 4376 9btnhb.exe 4704 vvppp.exe 1068 lxlxxxx.exe 4936 thhhbh.exe 5024 hntbbh.exe 2788 7jdvp.exe 3924 7fxllxl.exe 4136 httnhb.exe -
Processes:
resource yara_rule behavioral2/memory/2108-3-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1236-11-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3312-18-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3200-46-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4348-51-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1124-74-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4492-98-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4180-92-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2040-86-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1860-106-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2080-105-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2184-72-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4184-65-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3196-38-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4752-37-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/800-25-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2684-113-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4024-128-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3096-143-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4864-174-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3704-186-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4912-192-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4172-200-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
90427f817571c738157df1314dcfdb60_NeikiAnalytics.exejdjjd.exeffrrrxx.exerlrrrxx.exenttntt.exevddjj.exe3jppp.exexfrrxff.exebbbhhh.exepvvvv.exeppppj.exe9llllll.exe3xffxxx.exe3bbbtb.exe3pvpj.exeddjpv.exe3xfllrr.exeddvpp.exelfxxxrf.exenhhhhh.exeppdvv.exe1hhhhn.exedescription pid process target process PID 2108 wrote to memory of 1236 2108 90427f817571c738157df1314dcfdb60_NeikiAnalytics.exe jdjjd.exe PID 2108 wrote to memory of 1236 2108 90427f817571c738157df1314dcfdb60_NeikiAnalytics.exe jdjjd.exe PID 2108 wrote to memory of 1236 2108 90427f817571c738157df1314dcfdb60_NeikiAnalytics.exe jdjjd.exe PID 1236 wrote to memory of 3312 1236 jdjjd.exe ffrrrxx.exe PID 1236 wrote to memory of 3312 1236 jdjjd.exe ffrrrxx.exe PID 1236 wrote to memory of 3312 1236 jdjjd.exe ffrrrxx.exe PID 3312 wrote to memory of 800 3312 ffrrrxx.exe rlrrrxx.exe PID 3312 wrote to memory of 800 3312 ffrrrxx.exe rlrrrxx.exe PID 3312 wrote to memory of 800 3312 ffrrrxx.exe rlrrrxx.exe PID 800 wrote to memory of 3196 800 rlrrrxx.exe nttntt.exe PID 800 wrote to memory of 3196 800 rlrrrxx.exe nttntt.exe PID 800 wrote to memory of 3196 800 rlrrrxx.exe nttntt.exe PID 3196 wrote to memory of 4752 3196 nttntt.exe vddjj.exe PID 3196 wrote to memory of 4752 3196 nttntt.exe vddjj.exe PID 3196 wrote to memory of 4752 3196 nttntt.exe vddjj.exe PID 4752 wrote to memory of 3200 4752 vddjj.exe 3jppp.exe PID 4752 wrote to memory of 3200 4752 vddjj.exe 3jppp.exe PID 4752 wrote to memory of 3200 4752 vddjj.exe 3jppp.exe PID 3200 wrote to memory of 4348 3200 3jppp.exe xfrrxff.exe PID 3200 wrote to memory of 4348 3200 3jppp.exe xfrrxff.exe PID 3200 wrote to memory of 4348 3200 3jppp.exe xfrrxff.exe PID 4348 wrote to memory of 4184 4348 xfrrxff.exe bbbhhh.exe PID 4348 wrote to memory of 4184 4348 xfrrxff.exe bbbhhh.exe PID 4348 wrote to memory of 4184 4348 xfrrxff.exe bbbhhh.exe PID 4184 wrote to memory of 2184 4184 bbbhhh.exe pvvvv.exe PID 4184 wrote to memory of 2184 4184 bbbhhh.exe pvvvv.exe PID 4184 wrote to memory of 2184 4184 bbbhhh.exe pvvvv.exe PID 2184 wrote to memory of 1124 2184 pvvvv.exe ppppj.exe PID 2184 wrote to memory of 1124 2184 pvvvv.exe ppppj.exe PID 2184 wrote to memory of 1124 2184 pvvvv.exe ppppj.exe PID 1124 wrote to memory of 2040 1124 ppppj.exe 9llllll.exe PID 1124 wrote to memory of 2040 1124 ppppj.exe 9llllll.exe PID 1124 wrote to memory of 2040 1124 ppppj.exe 9llllll.exe PID 2040 wrote to memory of 4180 2040 9llllll.exe 3xffxxx.exe PID 2040 wrote to memory of 4180 2040 9llllll.exe 3xffxxx.exe PID 2040 wrote to memory of 4180 2040 9llllll.exe 3xffxxx.exe PID 4180 wrote to memory of 4492 4180 3xffxxx.exe 3bbbtb.exe PID 4180 wrote to memory of 4492 4180 3xffxxx.exe 3bbbtb.exe PID 4180 wrote to memory of 4492 4180 3xffxxx.exe 3bbbtb.exe PID 4492 wrote to memory of 1860 4492 3bbbtb.exe 3pvpj.exe PID 4492 wrote to memory of 1860 4492 3bbbtb.exe 3pvpj.exe PID 4492 wrote to memory of 1860 4492 3bbbtb.exe 3pvpj.exe PID 1860 wrote to memory of 2080 1860 3pvpj.exe ddjpv.exe PID 1860 wrote to memory of 2080 1860 3pvpj.exe ddjpv.exe PID 1860 wrote to memory of 2080 1860 3pvpj.exe ddjpv.exe PID 2080 wrote to memory of 2684 2080 ddjpv.exe 3xfllrr.exe PID 2080 wrote to memory of 2684 2080 ddjpv.exe 3xfllrr.exe PID 2080 wrote to memory of 2684 2080 ddjpv.exe 3xfllrr.exe PID 2684 wrote to memory of 4936 2684 3xfllrr.exe ddvpp.exe PID 2684 wrote to memory of 4936 2684 3xfllrr.exe ddvpp.exe PID 2684 wrote to memory of 4936 2684 3xfllrr.exe ddvpp.exe PID 4936 wrote to memory of 4024 4936 ddvpp.exe lfxxxrf.exe PID 4936 wrote to memory of 4024 4936 ddvpp.exe lfxxxrf.exe PID 4936 wrote to memory of 4024 4936 ddvpp.exe lfxxxrf.exe PID 4024 wrote to memory of 1164 4024 lfxxxrf.exe nhhhhh.exe PID 4024 wrote to memory of 1164 4024 lfxxxrf.exe nhhhhh.exe PID 4024 wrote to memory of 1164 4024 lfxxxrf.exe nhhhhh.exe PID 1164 wrote to memory of 3368 1164 nhhhhh.exe ppdvv.exe PID 1164 wrote to memory of 3368 1164 nhhhhh.exe ppdvv.exe PID 1164 wrote to memory of 3368 1164 nhhhhh.exe ppdvv.exe PID 3368 wrote to memory of 3096 3368 ppdvv.exe 1hhhhn.exe PID 3368 wrote to memory of 3096 3368 ppdvv.exe 1hhhhn.exe PID 3368 wrote to memory of 3096 3368 ppdvv.exe 1hhhhn.exe PID 3096 wrote to memory of 4924 3096 1hhhhn.exe vdjjj.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\90427f817571c738157df1314dcfdb60_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\90427f817571c738157df1314dcfdb60_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2108 -
\??\c:\jdjjd.exec:\jdjjd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1236 -
\??\c:\ffrrrxx.exec:\ffrrrxx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3312 -
\??\c:\rlrrrxx.exec:\rlrrrxx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:800 -
\??\c:\nttntt.exec:\nttntt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3196 -
\??\c:\vddjj.exec:\vddjj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4752 -
\??\c:\3jppp.exec:\3jppp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3200 -
\??\c:\xfrrxff.exec:\xfrrxff.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4348 -
\??\c:\bbbhhh.exec:\bbbhhh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4184 -
\??\c:\pvvvv.exec:\pvvvv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2184 -
\??\c:\ppppj.exec:\ppppj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1124 -
\??\c:\9llllll.exec:\9llllll.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2040 -
\??\c:\3xffxxx.exec:\3xffxxx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4180 -
\??\c:\3bbbtb.exec:\3bbbtb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4492 -
\??\c:\3pvpj.exec:\3pvpj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1860 -
\??\c:\ddjpv.exec:\ddjpv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2080 -
\??\c:\3xfllrr.exec:\3xfllrr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2684 -
\??\c:\ddvpp.exec:\ddvpp.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4936 -
\??\c:\lfxxxrf.exec:\lfxxxrf.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4024 -
\??\c:\nhhhhh.exec:\nhhhhh.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1164 -
\??\c:\ppdvv.exec:\ppdvv.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3368 -
\??\c:\1hhhhn.exec:\1hhhhn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3096 -
\??\c:\vdjjj.exec:\vdjjj.exe23⤵
- Executes dropped EXE
PID:4924 -
\??\c:\rlxxxxx.exec:\rlxxxxx.exe24⤵
- Executes dropped EXE
PID:2172 -
\??\c:\5bhnnb.exec:\5bhnnb.exe25⤵
- Executes dropped EXE
PID:2088 -
\??\c:\fxffxrl.exec:\fxffxrl.exe26⤵
- Executes dropped EXE
PID:3968 -
\??\c:\bbtnhb.exec:\bbtnhb.exe27⤵
- Executes dropped EXE
PID:4864 -
\??\c:\djdvp.exec:\djdvp.exe28⤵
- Executes dropped EXE
PID:4884 -
\??\c:\3rrlffr.exec:\3rrlffr.exe29⤵
- Executes dropped EXE
PID:3704 -
\??\c:\pvvjd.exec:\pvvjd.exe30⤵
- Executes dropped EXE
PID:4912 -
\??\c:\7rrllrr.exec:\7rrllrr.exe31⤵
- Executes dropped EXE
PID:4172 -
\??\c:\hhnhhh.exec:\hhnhhh.exe32⤵
- Executes dropped EXE
PID:4596 -
\??\c:\1hhhhn.exec:\1hhhhn.exe33⤵
- Executes dropped EXE
PID:2876 -
\??\c:\jdjpd.exec:\jdjpd.exe34⤵
- Executes dropped EXE
PID:3932 -
\??\c:\hhnnhn.exec:\hhnnhn.exe35⤵
- Executes dropped EXE
PID:4272 -
\??\c:\jvdjd.exec:\jvdjd.exe36⤵
- Executes dropped EXE
PID:1968 -
\??\c:\lxffffl.exec:\lxffffl.exe37⤵
- Executes dropped EXE
PID:4772 -
\??\c:\bbntbh.exec:\bbntbh.exe38⤵
- Executes dropped EXE
PID:1720 -
\??\c:\htbbnb.exec:\htbbnb.exe39⤵
- Executes dropped EXE
PID:1612 -
\??\c:\vpdvp.exec:\vpdvp.exe40⤵
- Executes dropped EXE
PID:1532 -
\??\c:\rfffxfr.exec:\rfffxfr.exe41⤵
- Executes dropped EXE
PID:3356 -
\??\c:\fxxrrrr.exec:\fxxrrrr.exe42⤵
- Executes dropped EXE
PID:4760 -
\??\c:\hbbtnn.exec:\hbbtnn.exe43⤵
- Executes dropped EXE
PID:1476 -
\??\c:\pdjjj.exec:\pdjjj.exe44⤵
- Executes dropped EXE
PID:2572 -
\??\c:\vpppd.exec:\vpppd.exe45⤵
- Executes dropped EXE
PID:1888 -
\??\c:\lrrlffx.exec:\lrrlffx.exe46⤵
- Executes dropped EXE
PID:4820 -
\??\c:\btbttt.exec:\btbttt.exe47⤵
- Executes dropped EXE
PID:4752 -
\??\c:\1ntnbb.exec:\1ntnbb.exe48⤵
- Executes dropped EXE
PID:4124 -
\??\c:\5ppdp.exec:\5ppdp.exe49⤵
- Executes dropped EXE
PID:1408 -
\??\c:\hthbbh.exec:\hthbbh.exe50⤵
- Executes dropped EXE
PID:1140 -
\??\c:\tbhtbt.exec:\tbhtbt.exe51⤵
- Executes dropped EXE
PID:4556 -
\??\c:\1djjp.exec:\1djjp.exe52⤵
- Executes dropped EXE
PID:3736 -
\??\c:\rfrlxrf.exec:\rfrlxrf.exe53⤵
- Executes dropped EXE
PID:2528 -
\??\c:\lflxxfx.exec:\lflxxfx.exe54⤵
- Executes dropped EXE
PID:3532 -
\??\c:\ppvpd.exec:\ppvpd.exe55⤵
- Executes dropped EXE
PID:3720 -
\??\c:\xrxrrrr.exec:\xrxrrrr.exe56⤵
- Executes dropped EXE
PID:3056 -
\??\c:\xrlfxxr.exec:\xrlfxxr.exe57⤵
- Executes dropped EXE
PID:5012 -
\??\c:\9btnhb.exec:\9btnhb.exe58⤵
- Executes dropped EXE
PID:4376 -
\??\c:\vvppp.exec:\vvppp.exe59⤵
- Executes dropped EXE
PID:4704 -
\??\c:\lxlxxxx.exec:\lxlxxxx.exe60⤵
- Executes dropped EXE
PID:1068 -
\??\c:\thhhbh.exec:\thhhbh.exe61⤵
- Executes dropped EXE
PID:4936 -
\??\c:\hntbbh.exec:\hntbbh.exe62⤵
- Executes dropped EXE
PID:5024 -
\??\c:\7jdvp.exec:\7jdvp.exe63⤵
- Executes dropped EXE
PID:2788 -
\??\c:\7fxllxl.exec:\7fxllxl.exe64⤵
- Executes dropped EXE
PID:3924 -
\??\c:\httnhb.exec:\httnhb.exe65⤵
- Executes dropped EXE
PID:4136 -
\??\c:\bbbttb.exec:\bbbttb.exe66⤵PID:4280
-
\??\c:\dvvpp.exec:\dvvpp.exe67⤵PID:2176
-
\??\c:\lrlllll.exec:\lrlllll.exe68⤵PID:408
-
\??\c:\frfxlll.exec:\frfxlll.exe69⤵PID:4888
-
\??\c:\bnhhbb.exec:\bnhhbb.exe70⤵PID:3572
-
\??\c:\vdjdd.exec:\vdjdd.exe71⤵PID:1400
-
\??\c:\xrrlffx.exec:\xrrlffx.exe72⤵PID:4544
-
\??\c:\1ntttt.exec:\1ntttt.exe73⤵PID:3372
-
\??\c:\nbhbtn.exec:\nbhbtn.exe74⤵PID:4724
-
\??\c:\5vdpv.exec:\5vdpv.exe75⤵PID:2100
-
\??\c:\btnbth.exec:\btnbth.exe76⤵PID:1528
-
\??\c:\jjjjj.exec:\jjjjj.exe77⤵PID:3496
-
\??\c:\vjddd.exec:\vjddd.exe78⤵PID:744
-
\??\c:\fllfrlf.exec:\fllfrlf.exe79⤵PID:2276
-
\??\c:\tbhhnt.exec:\tbhhnt.exe80⤵PID:4588
-
\??\c:\vvvpj.exec:\vvvpj.exe81⤵PID:4804
-
\??\c:\jdppv.exec:\jdppv.exe82⤵PID:4504
-
\??\c:\fxlfxrl.exec:\fxlfxrl.exe83⤵PID:1160
-
\??\c:\3thbtt.exec:\3thbtt.exe84⤵PID:3132
-
\??\c:\nhthnh.exec:\nhthnh.exe85⤵PID:4652
-
\??\c:\7jpdv.exec:\7jpdv.exe86⤵PID:4624
-
\??\c:\fxfxrxl.exec:\fxfxrxl.exe87⤵PID:4868
-
\??\c:\htbthb.exec:\htbthb.exe88⤵PID:2108
-
\??\c:\dpjdv.exec:\dpjdv.exe89⤵PID:4760
-
\??\c:\jvdvp.exec:\jvdvp.exe90⤵PID:1476
-
\??\c:\rrlffff.exec:\rrlffff.exe91⤵PID:2572
-
\??\c:\hbhbbb.exec:\hbhbbb.exe92⤵PID:2280
-
\??\c:\3dvpp.exec:\3dvpp.exe93⤵PID:1864
-
\??\c:\vpjdv.exec:\vpjdv.exe94⤵PID:3260
-
\??\c:\3xxrrlf.exec:\3xxrrlf.exe95⤵PID:3340
-
\??\c:\lfffxxx.exec:\lfffxxx.exe96⤵PID:2996
-
\??\c:\nbhhbb.exec:\nbhhbb.exe97⤵PID:4184
-
\??\c:\pddvp.exec:\pddvp.exe98⤵PID:1140
-
\??\c:\7tbtbh.exec:\7tbtbh.exe99⤵PID:4556
-
\??\c:\vdvjd.exec:\vdvjd.exe100⤵PID:3736
-
\??\c:\pvppp.exec:\pvppp.exe101⤵PID:1244
-
\??\c:\flxrlfx.exec:\flxrlfx.exe102⤵PID:4712
-
\??\c:\tnhbtt.exec:\tnhbtt.exe103⤵PID:4380
-
\??\c:\tnnhtn.exec:\tnnhtn.exe104⤵PID:1536
-
\??\c:\3djdj.exec:\3djdj.exe105⤵PID:4612
-
\??\c:\fflffxx.exec:\fflffxx.exe106⤵PID:1076
-
\??\c:\1flfxxr.exec:\1flfxxr.exe107⤵PID:2920
-
\??\c:\hbbbtt.exec:\hbbbtt.exe108⤵PID:2248
-
\??\c:\djjdv.exec:\djjdv.exe109⤵PID:4968
-
\??\c:\xfxlxlx.exec:\xfxlxlx.exe110⤵PID:2788
-
\??\c:\3jdvv.exec:\3jdvv.exe111⤵PID:4764
-
\??\c:\3vvpp.exec:\3vvpp.exe112⤵PID:4352
-
\??\c:\3fllfff.exec:\3fllfff.exe113⤵PID:2164
-
\??\c:\9nntht.exec:\9nntht.exe114⤵PID:4584
-
\??\c:\hthhhh.exec:\hthhhh.exe115⤵PID:4768
-
\??\c:\vppjp.exec:\vppjp.exe116⤵PID:1176
-
\??\c:\lxlfrxr.exec:\lxlfrxr.exe117⤵PID:2180
-
\??\c:\9htttb.exec:\9htttb.exe118⤵PID:3704
-
\??\c:\btnhbb.exec:\btnhbb.exe119⤵PID:912
-
\??\c:\vpjjv.exec:\vpjjv.exe120⤵PID:744
-
\??\c:\3fxrllr.exec:\3fxrllr.exe121⤵PID:3308
-
\??\c:\fxxfrxx.exec:\fxxfrxx.exe122⤵PID:4944
-
\??\c:\nttnhb.exec:\nttnhb.exe123⤵PID:1724
-
\??\c:\vvvdd.exec:\vvvdd.exe124⤵PID:4772
-
\??\c:\bthnbt.exec:\bthnbt.exe125⤵PID:4648
-
\??\c:\tbnhhh.exec:\tbnhhh.exe126⤵PID:4652
-
\??\c:\ppvvd.exec:\ppvvd.exe127⤵PID:2096
-
\??\c:\vjpjj.exec:\vjpjj.exe128⤵PID:2620
-
\??\c:\9lfxrlf.exec:\9lfxrlf.exe129⤵PID:1236
-
\??\c:\3hnhbt.exec:\3hnhbt.exe130⤵PID:4736
-
\??\c:\1pvpj.exec:\1pvpj.exe131⤵PID:2044
-
\??\c:\frxlffx.exec:\frxlffx.exe132⤵PID:1888
-
\??\c:\tnttbh.exec:\tnttbh.exe133⤵PID:1048
-
\??\c:\lfllllf.exec:\lfllllf.exe134⤵PID:436
-
\??\c:\7bbbht.exec:\7bbbht.exe135⤵PID:1184
-
\??\c:\dvpjv.exec:\dvpjv.exe136⤵PID:3920
-
\??\c:\bttbtn.exec:\bttbtn.exe137⤵PID:904
-
\??\c:\jjjdd.exec:\jjjdd.exe138⤵PID:2708
-
\??\c:\rffxllf.exec:\rffxllf.exe139⤵PID:4036
-
\??\c:\7ttnnt.exec:\7ttnnt.exe140⤵PID:2348
-
\??\c:\httnhb.exec:\httnhb.exe141⤵PID:1952
-
\??\c:\9vdvv.exec:\9vdvv.exe142⤵PID:1244
-
\??\c:\pvvvj.exec:\pvvvj.exe143⤵PID:4712
-
\??\c:\llflffl.exec:\llflffl.exe144⤵PID:4380
-
\??\c:\xxrflrr.exec:\xxrflrr.exe145⤵PID:3300
-
\??\c:\bnbbtt.exec:\bnbbtt.exe146⤵PID:4612
-
\??\c:\jdjjd.exec:\jdjjd.exe147⤵PID:1576
-
\??\c:\5jdvj.exec:\5jdvj.exe148⤵PID:4472
-
\??\c:\rflffff.exec:\rflffff.exe149⤵PID:1228
-
\??\c:\7ffxffx.exec:\7ffxffx.exe150⤵PID:3172
-
\??\c:\7tttth.exec:\7tttth.exe151⤵PID:2176
-
\??\c:\bhnhbb.exec:\bhnhbb.exe152⤵PID:3592
-
\??\c:\jpddp.exec:\jpddp.exe153⤵PID:644
-
\??\c:\5rrlfrr.exec:\5rrlfrr.exe154⤵PID:4544
-
\??\c:\7fxxrff.exec:\7fxxrff.exe155⤵PID:3108
-
\??\c:\7hbtnb.exec:\7hbtnb.exe156⤵PID:4468
-
\??\c:\9tnntt.exec:\9tnntt.exe157⤵PID:4052
-
\??\c:\dvdvd.exec:\dvdvd.exe158⤵PID:5028
-
\??\c:\frxllrr.exec:\frxllrr.exe159⤵PID:2668
-
\??\c:\1xrlrxf.exec:\1xrlrxf.exe160⤵PID:4192
-
\??\c:\3hnhtt.exec:\3hnhtt.exe161⤵PID:3728
-
\??\c:\dvjjd.exec:\dvjjd.exe162⤵PID:2316
-
\??\c:\dpvdp.exec:\dpvdp.exe163⤵PID:2300
-
\??\c:\3rxrffr.exec:\3rxrffr.exe164⤵PID:3120
-
\??\c:\xxxxxxx.exec:\xxxxxxx.exe165⤵PID:4436
-
\??\c:\bttnhh.exec:\bttnhh.exe166⤵PID:1532
-
\??\c:\vvjjp.exec:\vvjjp.exe167⤵PID:3552
-
\??\c:\jddvv.exec:\jddvv.exe168⤵PID:4948
-
\??\c:\rlllfxx.exec:\rlllfxx.exe169⤵PID:3200
-
\??\c:\9ffffll.exec:\9ffffll.exe170⤵PID:1888
-
\??\c:\nhhhbb.exec:\nhhhbb.exe171⤵PID:4348
-
\??\c:\3btnhh.exec:\3btnhh.exe172⤵PID:436
-
\??\c:\djjdp.exec:\djjdp.exe173⤵PID:3228
-
\??\c:\rlrlrrf.exec:\rlrlrrf.exe174⤵PID:3920
-
\??\c:\9rrfrlf.exec:\9rrfrlf.exe175⤵PID:2740
-
\??\c:\bnnhbt.exec:\bnnhbt.exe176⤵PID:4628
-
\??\c:\vdvjv.exec:\vdvjv.exe177⤵PID:4232
-
\??\c:\1lfxrrl.exec:\1lfxrrl.exe178⤵PID:2772
-
\??\c:\fxfxxxr.exec:\fxfxxxr.exe179⤵PID:3056
-
\??\c:\bttntt.exec:\bttntt.exe180⤵PID:2808
-
\??\c:\5ddjj.exec:\5ddjj.exe181⤵PID:2376
-
\??\c:\pvdvj.exec:\pvdvj.exe182⤵PID:1096
-
\??\c:\lrrlfff.exec:\lrrlfff.exe183⤵PID:4936
-
\??\c:\thhbtn.exec:\thhbtn.exe184⤵PID:1012
-
\??\c:\vjpvj.exec:\vjpvj.exe185⤵PID:4728
-
\??\c:\pvjpv.exec:\pvjpv.exe186⤵PID:64
-
\??\c:\rlrlfxr.exec:\rlrlfxr.exe187⤵PID:1544
-
\??\c:\nhbthh.exec:\nhbthh.exe188⤵PID:1164
-
\??\c:\ntnbtt.exec:\ntnbtt.exe189⤵PID:4080
-
\??\c:\dppjd.exec:\dppjd.exe190⤵PID:772
-
\??\c:\xflffxx.exec:\xflffxx.exe191⤵PID:644
-
\??\c:\ntttbb.exec:\ntttbb.exe192⤵PID:4544
-
\??\c:\jvvpj.exec:\jvvpj.exe193⤵PID:3108
-
\??\c:\lfrllfr.exec:\lfrllfr.exe194⤵PID:2244
-
\??\c:\lrrxxxl.exec:\lrrxxxl.exe195⤵PID:2824
-
\??\c:\3nhbtt.exec:\3nhbtt.exe196⤵PID:5028
-
\??\c:\dpvvv.exec:\dpvvv.exe197⤵PID:2668
-
\??\c:\7ppjv.exec:\7ppjv.exe198⤵PID:4192
-
\??\c:\5ffxrrl.exec:\5ffxrrl.exe199⤵PID:3132
-
\??\c:\bttnnn.exec:\bttnnn.exe200⤵PID:796
-
\??\c:\jjppv.exec:\jjppv.exe201⤵PID:2788
-
\??\c:\ddjdp.exec:\ddjdp.exe202⤵PID:2084
-
\??\c:\fxrxffx.exec:\fxrxffx.exe203⤵PID:2096
-
\??\c:\frxrffx.exec:\frxrffx.exe204⤵PID:2564
-
\??\c:\ttbtbb.exec:\ttbtbb.exe205⤵PID:1476
-
\??\c:\bntnnn.exec:\bntnnn.exe206⤵PID:2572
-
\??\c:\jpvpj.exec:\jpvpj.exe207⤵PID:3936
-
\??\c:\3rrfrrr.exec:\3rrfrrr.exe208⤵PID:1048
-
\??\c:\lfrlrff.exec:\lfrlrff.exe209⤵PID:2996
-
\??\c:\9nhbtb.exec:\9nhbtb.exe210⤵PID:3272
-
\??\c:\1tnhtt.exec:\1tnhtt.exe211⤵PID:2040
-
\??\c:\ddpdv.exec:\ddpdv.exe212⤵PID:2544
-
\??\c:\9lrlllf.exec:\9lrlllf.exe213⤵PID:320
-
\??\c:\rfrlfxr.exec:\rfrlfxr.exe214⤵PID:1548
-
\??\c:\bthhnn.exec:\bthhnn.exe215⤵PID:1952
-
\??\c:\httnhh.exec:\httnhh.exe216⤵PID:516
-
\??\c:\5jjjd.exec:\5jjjd.exe217⤵PID:4712
-
\??\c:\rlxrrxr.exec:\rlxrrxr.exe218⤵PID:4100
-
\??\c:\lxfxrrl.exec:\lxfxrrl.exe219⤵PID:2712
-
\??\c:\btnhhh.exec:\btnhhh.exe220⤵PID:2704
-
\??\c:\bhhbnb.exec:\bhhbnb.exe221⤵PID:1376
-
\??\c:\9pvvv.exec:\9pvvv.exe222⤵PID:3500
-
\??\c:\flxrllf.exec:\flxrllf.exe223⤵PID:1056
-
\??\c:\lfxrffr.exec:\lfxrffr.exe224⤵PID:3208
-
\??\c:\nhnhhh.exec:\nhnhhh.exe225⤵PID:2088
-
\??\c:\hhbtnh.exec:\hhbtnh.exe226⤵PID:4884
-
\??\c:\vpjdd.exec:\vpjdd.exe227⤵PID:4864
-
\??\c:\flxfxfx.exec:\flxfxfx.exe228⤵PID:4188
-
\??\c:\fxffxxx.exec:\fxffxxx.exe229⤵PID:1528
-
\??\c:\nntnnn.exec:\nntnnn.exe230⤵PID:3484
-
\??\c:\ddjdd.exec:\ddjdd.exe231⤵PID:2876
-
\??\c:\vjpdv.exec:\vjpdv.exe232⤵PID:4588
-
\??\c:\xrxxffx.exec:\xrxxffx.exe233⤵PID:916
-
\??\c:\hbbhbb.exec:\hbbhbb.exe234⤵PID:4812
-
\??\c:\nbnbtb.exec:\nbnbtb.exe235⤵PID:2316
-
\??\c:\djpjj.exec:\djpjj.exe236⤵PID:3100
-
\??\c:\1vpjd.exec:\1vpjd.exe237⤵PID:2300
-
\??\c:\rllfrxl.exec:\rllfrxl.exe238⤵PID:2396
-
\??\c:\bhbbth.exec:\bhbbth.exe239⤵PID:2108
-
\??\c:\7hhbbb.exec:\7hhbbb.exe240⤵PID:4736
-
\??\c:\jpppv.exec:\jpppv.exe241⤵PID:3824
-
\??\c:\5ffxrxr.exec:\5ffxrxr.exe242⤵PID:1864