Analysis
-
max time kernel
150s -
max time network
114s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
18-05-2024 06:17
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
a12e352e8cd27ff7da407d3b0b79f370_NeikiAnalytics.exe
Resource
win7-20231129-en
windows7-x64
5 signatures
150 seconds
General
-
Target
a12e352e8cd27ff7da407d3b0b79f370_NeikiAnalytics.exe
-
Size
69KB
-
MD5
a12e352e8cd27ff7da407d3b0b79f370
-
SHA1
b830ce40672c1d1442c194aaa8fbda07290b93e3
-
SHA256
476c9a1faa2aef960e233a96ef6f703cf210d60217e23e8eee57d18f4a67b5a5
-
SHA512
1ee3e452b0a9d505b6e0a7b4698df45195a956126d707feab3dbf3d8b2eef5a706400c15dc335c026c92f516be3eb3440184f55634eeda59623e123fa8f28bba
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yUwcsbY/7:ymb3NkkiQ3mdBjF0yjcsMz
Malware Config
Signatures
-
Detect Blackmoon payload 22 IoCs
Processes:
resource yara_rule behavioral2/memory/2348-4-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2248-11-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2600-18-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/436-26-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1924-33-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3544-41-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/332-47-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4344-54-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4792-77-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4144-74-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4772-86-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/344-91-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5044-104-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4736-115-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2764-122-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4672-134-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3176-159-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4216-164-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3248-170-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2692-175-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4168-182-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3432-194-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
Processes:
tnbbbh.exepjjjd.exelxlxxrr.exefxrllff.exenbhbtt.exedvvpd.exedvvpp.exehtbtnn.exebtbtbb.exepjdvp.exerfrlfxr.exebbbhbh.exedppjd.exe7frlxxl.exebbnbnb.exe5dvdp.exevvjdj.exefffrfff.exenhbtnn.exedvjdj.exeffffxxr.exebbttnn.exevpvvv.exe5xrlffx.exellxxrrr.exennnttb.exe9vddv.exerlxrflr.exennhhhh.exetbhbbn.exedvvjd.exe3flfrrl.exelfllfff.exebntnbb.exejppdp.exeppdvj.exerrrlxfr.exehbbnnb.exedjvjd.exejppvj.exe3vdvp.exexrfxrxx.exebthhtt.exedvpdp.exedvppd.exefrxrfxx.exefxllffr.exethnnhn.exe3djdp.exeppppd.exebhthnn.exenbbttt.exejdpdv.exejjjjd.exe7fxxlff.exe5lrrrrl.exehhbtnn.exedvjjp.exe5vjdp.exefxxrffr.exelfxrllf.exe9btbbn.exenbtthh.exepppjd.exepid process 2248 tnbbbh.exe 2600 pjjjd.exe 436 lxlxxrr.exe 1924 fxrllff.exe 3544 nbhbtt.exe 332 dvvpd.exe 4344 dvvpp.exe 548 htbtnn.exe 4144 btbtbb.exe 4792 pjdvp.exe 4772 rfrlfxr.exe 344 bbbhbh.exe 5076 dppjd.exe 5044 7frlxxl.exe 3552 bbnbnb.exe 4736 5dvdp.exe 2764 vvjdj.exe 4900 fffrfff.exe 4672 nhbtnn.exe 1720 dvjdj.exe 3536 ffffxxr.exe 3896 bbttnn.exe 3176 vpvvv.exe 4216 5xrlffx.exe 3248 llxxrrr.exe 2692 nnnttb.exe 4168 9vddv.exe 3612 rlxrflr.exe 3432 nnhhhh.exe 3708 tbhbbn.exe 2756 dvvjd.exe 4788 3flfrrl.exe 4844 lfllfff.exe 4604 bntnbb.exe 4960 jppdp.exe 4532 ppdvj.exe 4332 rrrlxfr.exe 2328 hbbnnb.exe 4996 djvjd.exe 2248 jppvj.exe 1364 3vdvp.exe 2452 xrfxrxx.exe 772 bthhtt.exe 1636 dvpdp.exe 3748 dvppd.exe 3424 frxrfxx.exe 3012 fxllffr.exe 1348 thnnhn.exe 3372 3djdp.exe 748 ppppd.exe 1016 bhthnn.exe 1444 nbbttt.exe 744 jdpdv.exe 1052 jjjjd.exe 1128 7fxxlff.exe 5052 5lrrrrl.exe 2456 hhbtnn.exe 568 dvjjp.exe 1912 5vjdp.exe 2832 fxxrffr.exe 1260 lfxrllf.exe 2160 9btbbn.exe 4352 nbtthh.exe 4672 pppjd.exe -
Processes:
resource yara_rule behavioral2/memory/2348-4-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2248-11-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2600-18-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/436-26-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1924-33-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1924-31-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3544-41-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/332-47-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4344-54-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4144-68-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4144-67-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4144-66-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4792-77-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4144-74-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4772-86-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/344-91-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5044-104-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4736-115-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2764-122-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4672-134-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3176-159-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4216-164-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3248-170-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2692-175-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4168-182-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3432-194-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
a12e352e8cd27ff7da407d3b0b79f370_NeikiAnalytics.exetnbbbh.exepjjjd.exelxlxxrr.exefxrllff.exenbhbtt.exedvvpd.exedvvpp.exehtbtnn.exebtbtbb.exepjdvp.exerfrlfxr.exebbbhbh.exedppjd.exe7frlxxl.exebbnbnb.exe5dvdp.exevvjdj.exefffrfff.exenhbtnn.exedvjdj.exeffffxxr.exedescription pid process target process PID 2348 wrote to memory of 2248 2348 a12e352e8cd27ff7da407d3b0b79f370_NeikiAnalytics.exe tnbbbh.exe PID 2348 wrote to memory of 2248 2348 a12e352e8cd27ff7da407d3b0b79f370_NeikiAnalytics.exe tnbbbh.exe PID 2348 wrote to memory of 2248 2348 a12e352e8cd27ff7da407d3b0b79f370_NeikiAnalytics.exe tnbbbh.exe PID 2248 wrote to memory of 2600 2248 tnbbbh.exe pjjjd.exe PID 2248 wrote to memory of 2600 2248 tnbbbh.exe pjjjd.exe PID 2248 wrote to memory of 2600 2248 tnbbbh.exe pjjjd.exe PID 2600 wrote to memory of 436 2600 pjjjd.exe lxlxxrr.exe PID 2600 wrote to memory of 436 2600 pjjjd.exe lxlxxrr.exe PID 2600 wrote to memory of 436 2600 pjjjd.exe lxlxxrr.exe PID 436 wrote to memory of 1924 436 lxlxxrr.exe fxrllff.exe PID 436 wrote to memory of 1924 436 lxlxxrr.exe fxrllff.exe PID 436 wrote to memory of 1924 436 lxlxxrr.exe fxrllff.exe PID 1924 wrote to memory of 3544 1924 fxrllff.exe nbhbtt.exe PID 1924 wrote to memory of 3544 1924 fxrllff.exe nbhbtt.exe PID 1924 wrote to memory of 3544 1924 fxrllff.exe nbhbtt.exe PID 3544 wrote to memory of 332 3544 nbhbtt.exe dvvpd.exe PID 3544 wrote to memory of 332 3544 nbhbtt.exe dvvpd.exe PID 3544 wrote to memory of 332 3544 nbhbtt.exe dvvpd.exe PID 332 wrote to memory of 4344 332 dvvpd.exe dvvpp.exe PID 332 wrote to memory of 4344 332 dvvpd.exe dvvpp.exe PID 332 wrote to memory of 4344 332 dvvpd.exe dvvpp.exe PID 4344 wrote to memory of 548 4344 dvvpp.exe htbtnn.exe PID 4344 wrote to memory of 548 4344 dvvpp.exe htbtnn.exe PID 4344 wrote to memory of 548 4344 dvvpp.exe htbtnn.exe PID 548 wrote to memory of 4144 548 htbtnn.exe btbtbb.exe PID 548 wrote to memory of 4144 548 htbtnn.exe btbtbb.exe PID 548 wrote to memory of 4144 548 htbtnn.exe btbtbb.exe PID 4144 wrote to memory of 4792 4144 btbtbb.exe pjdvp.exe PID 4144 wrote to memory of 4792 4144 btbtbb.exe pjdvp.exe PID 4144 wrote to memory of 4792 4144 btbtbb.exe pjdvp.exe PID 4792 wrote to memory of 4772 4792 pjdvp.exe rfrlfxr.exe PID 4792 wrote to memory of 4772 4792 pjdvp.exe rfrlfxr.exe PID 4792 wrote to memory of 4772 4792 pjdvp.exe rfrlfxr.exe PID 4772 wrote to memory of 344 4772 rfrlfxr.exe bbbhbh.exe PID 4772 wrote to memory of 344 4772 rfrlfxr.exe bbbhbh.exe PID 4772 wrote to memory of 344 4772 rfrlfxr.exe bbbhbh.exe PID 344 wrote to memory of 5076 344 bbbhbh.exe dppjd.exe PID 344 wrote to memory of 5076 344 bbbhbh.exe dppjd.exe PID 344 wrote to memory of 5076 344 bbbhbh.exe dppjd.exe PID 5076 wrote to memory of 5044 5076 dppjd.exe 7frlxxl.exe PID 5076 wrote to memory of 5044 5076 dppjd.exe 7frlxxl.exe PID 5076 wrote to memory of 5044 5076 dppjd.exe 7frlxxl.exe PID 5044 wrote to memory of 3552 5044 7frlxxl.exe bbnbnb.exe PID 5044 wrote to memory of 3552 5044 7frlxxl.exe bbnbnb.exe PID 5044 wrote to memory of 3552 5044 7frlxxl.exe bbnbnb.exe PID 3552 wrote to memory of 4736 3552 bbnbnb.exe 5dvdp.exe PID 3552 wrote to memory of 4736 3552 bbnbnb.exe 5dvdp.exe PID 3552 wrote to memory of 4736 3552 bbnbnb.exe 5dvdp.exe PID 4736 wrote to memory of 2764 4736 5dvdp.exe vvjdj.exe PID 4736 wrote to memory of 2764 4736 5dvdp.exe vvjdj.exe PID 4736 wrote to memory of 2764 4736 5dvdp.exe vvjdj.exe PID 2764 wrote to memory of 4900 2764 vvjdj.exe fffrfff.exe PID 2764 wrote to memory of 4900 2764 vvjdj.exe fffrfff.exe PID 2764 wrote to memory of 4900 2764 vvjdj.exe fffrfff.exe PID 4900 wrote to memory of 4672 4900 fffrfff.exe nhbtnn.exe PID 4900 wrote to memory of 4672 4900 fffrfff.exe nhbtnn.exe PID 4900 wrote to memory of 4672 4900 fffrfff.exe nhbtnn.exe PID 4672 wrote to memory of 1720 4672 nhbtnn.exe dvjdj.exe PID 4672 wrote to memory of 1720 4672 nhbtnn.exe dvjdj.exe PID 4672 wrote to memory of 1720 4672 nhbtnn.exe dvjdj.exe PID 1720 wrote to memory of 3536 1720 dvjdj.exe ffffxxr.exe PID 1720 wrote to memory of 3536 1720 dvjdj.exe ffffxxr.exe PID 1720 wrote to memory of 3536 1720 dvjdj.exe ffffxxr.exe PID 3536 wrote to memory of 3896 3536 ffffxxr.exe bbttnn.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\a12e352e8cd27ff7da407d3b0b79f370_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\a12e352e8cd27ff7da407d3b0b79f370_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2348 -
\??\c:\tnbbbh.exec:\tnbbbh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2248 -
\??\c:\pjjjd.exec:\pjjjd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2600 -
\??\c:\lxlxxrr.exec:\lxlxxrr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:436 -
\??\c:\fxrllff.exec:\fxrllff.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1924 -
\??\c:\nbhbtt.exec:\nbhbtt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3544 -
\??\c:\dvvpd.exec:\dvvpd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:332 -
\??\c:\dvvpp.exec:\dvvpp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4344 -
\??\c:\htbtnn.exec:\htbtnn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:548 -
\??\c:\btbtbb.exec:\btbtbb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4144 -
\??\c:\pjdvp.exec:\pjdvp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4792 -
\??\c:\rfrlfxr.exec:\rfrlfxr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4772 -
\??\c:\bbbhbh.exec:\bbbhbh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:344 -
\??\c:\dppjd.exec:\dppjd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5076 -
\??\c:\7frlxxl.exec:\7frlxxl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5044 -
\??\c:\bbnbnb.exec:\bbnbnb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3552 -
\??\c:\5dvdp.exec:\5dvdp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4736 -
\??\c:\vvjdj.exec:\vvjdj.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2764 -
\??\c:\fffrfff.exec:\fffrfff.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4900 -
\??\c:\nhbtnn.exec:\nhbtnn.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4672 -
\??\c:\dvjdj.exec:\dvjdj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1720 -
\??\c:\ffffxxr.exec:\ffffxxr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3536 -
\??\c:\bbttnn.exec:\bbttnn.exe23⤵
- Executes dropped EXE
PID:3896 -
\??\c:\vpvvv.exec:\vpvvv.exe24⤵
- Executes dropped EXE
PID:3176 -
\??\c:\5xrlffx.exec:\5xrlffx.exe25⤵
- Executes dropped EXE
PID:4216 -
\??\c:\llxxrrr.exec:\llxxrrr.exe26⤵
- Executes dropped EXE
PID:3248 -
\??\c:\nnnttb.exec:\nnnttb.exe27⤵
- Executes dropped EXE
PID:2692 -
\??\c:\9vddv.exec:\9vddv.exe28⤵
- Executes dropped EXE
PID:4168 -
\??\c:\rlxrflr.exec:\rlxrflr.exe29⤵
- Executes dropped EXE
PID:3612 -
\??\c:\nnhhhh.exec:\nnhhhh.exe30⤵
- Executes dropped EXE
PID:3432 -
\??\c:\tbhbbn.exec:\tbhbbn.exe31⤵
- Executes dropped EXE
PID:3708 -
\??\c:\dvvjd.exec:\dvvjd.exe32⤵
- Executes dropped EXE
PID:2756 -
\??\c:\3flfrrl.exec:\3flfrrl.exe33⤵
- Executes dropped EXE
PID:4788 -
\??\c:\lfllfff.exec:\lfllfff.exe34⤵
- Executes dropped EXE
PID:4844 -
\??\c:\bntnbb.exec:\bntnbb.exe35⤵
- Executes dropped EXE
PID:4604 -
\??\c:\jppdp.exec:\jppdp.exe36⤵
- Executes dropped EXE
PID:4960 -
\??\c:\ppdvj.exec:\ppdvj.exe37⤵
- Executes dropped EXE
PID:4532 -
\??\c:\rrrlxfr.exec:\rrrlxfr.exe38⤵
- Executes dropped EXE
PID:4332 -
\??\c:\hbbnnb.exec:\hbbnnb.exe39⤵
- Executes dropped EXE
PID:2328 -
\??\c:\djvjd.exec:\djvjd.exe40⤵
- Executes dropped EXE
PID:4996 -
\??\c:\jppvj.exec:\jppvj.exe41⤵
- Executes dropped EXE
PID:2248 -
\??\c:\3vdvp.exec:\3vdvp.exe42⤵
- Executes dropped EXE
PID:1364 -
\??\c:\xrfxrxx.exec:\xrfxrxx.exe43⤵
- Executes dropped EXE
PID:2452 -
\??\c:\bthhtt.exec:\bthhtt.exe44⤵
- Executes dropped EXE
PID:772 -
\??\c:\dvpdp.exec:\dvpdp.exe45⤵
- Executes dropped EXE
PID:1636 -
\??\c:\dvppd.exec:\dvppd.exe46⤵
- Executes dropped EXE
PID:3748 -
\??\c:\frxrfxx.exec:\frxrfxx.exe47⤵
- Executes dropped EXE
PID:3424 -
\??\c:\fxllffr.exec:\fxllffr.exe48⤵
- Executes dropped EXE
PID:3012 -
\??\c:\thnnhn.exec:\thnnhn.exe49⤵
- Executes dropped EXE
PID:1348 -
\??\c:\3djdp.exec:\3djdp.exe50⤵
- Executes dropped EXE
PID:3372 -
\??\c:\ppppd.exec:\ppppd.exe51⤵
- Executes dropped EXE
PID:748 -
\??\c:\bhthnn.exec:\bhthnn.exe52⤵
- Executes dropped EXE
PID:1016 -
\??\c:\nbbttt.exec:\nbbttt.exe53⤵
- Executes dropped EXE
PID:1444 -
\??\c:\jdpdv.exec:\jdpdv.exe54⤵
- Executes dropped EXE
PID:744 -
\??\c:\jjjjd.exec:\jjjjd.exe55⤵
- Executes dropped EXE
PID:1052 -
\??\c:\7fxxlff.exec:\7fxxlff.exe56⤵
- Executes dropped EXE
PID:1128 -
\??\c:\5lrrrrl.exec:\5lrrrrl.exe57⤵
- Executes dropped EXE
PID:5052 -
\??\c:\hhbtnn.exec:\hhbtnn.exe58⤵
- Executes dropped EXE
PID:2456 -
\??\c:\dvjjp.exec:\dvjjp.exe59⤵
- Executes dropped EXE
PID:568 -
\??\c:\5vjdp.exec:\5vjdp.exe60⤵
- Executes dropped EXE
PID:1912 -
\??\c:\fxxrffr.exec:\fxxrffr.exe61⤵
- Executes dropped EXE
PID:2832 -
\??\c:\lfxrllf.exec:\lfxrllf.exe62⤵
- Executes dropped EXE
PID:1260 -
\??\c:\9btbbn.exec:\9btbbn.exe63⤵
- Executes dropped EXE
PID:2160 -
\??\c:\nbtthh.exec:\nbtthh.exe64⤵
- Executes dropped EXE
PID:4352 -
\??\c:\pppjd.exec:\pppjd.exe65⤵
- Executes dropped EXE
PID:4672 -
\??\c:\rfrlxfl.exec:\rfrlxfl.exe66⤵PID:2932
-
\??\c:\flxrfxf.exec:\flxrfxf.exe67⤵PID:4440
-
\??\c:\thnhhb.exec:\thnhhb.exe68⤵PID:4268
-
\??\c:\jjdpv.exec:\jjdpv.exe69⤵PID:396
-
\??\c:\vpdpd.exec:\vpdpd.exe70⤵PID:4628
-
\??\c:\xrlfxrf.exec:\xrlfxrf.exe71⤵PID:3952
-
\??\c:\5nbtnn.exec:\5nbtnn.exe72⤵PID:1388
-
\??\c:\9nhbnn.exec:\9nhbnn.exe73⤵PID:4288
-
\??\c:\3pvvp.exec:\3pvvp.exe74⤵PID:3980
-
\??\c:\5djdp.exec:\5djdp.exe75⤵PID:1088
-
\??\c:\xrllxrl.exec:\xrllxrl.exe76⤵PID:4112
-
\??\c:\xlxlfrl.exec:\xlxlfrl.exe77⤵PID:3644
-
\??\c:\dpppp.exec:\dpppp.exe78⤵PID:3948
-
\??\c:\vvdvj.exec:\vvdvj.exe79⤵PID:3956
-
\??\c:\ffrrlrf.exec:\ffrrlrf.exe80⤵PID:456
-
\??\c:\tnntht.exec:\tnntht.exe81⤵PID:2756
-
\??\c:\nhhbbn.exec:\nhhbbn.exe82⤵PID:1940
-
\??\c:\3vjdp.exec:\3vjdp.exe83⤵PID:836
-
\??\c:\xxllffl.exec:\xxllffl.exe84⤵PID:640
-
\??\c:\nhbtnn.exec:\nhbtnn.exe85⤵PID:4868
-
\??\c:\3bbtnn.exec:\3bbtnn.exe86⤵PID:1056
-
\??\c:\dvvpj.exec:\dvvpj.exe87⤵PID:4372
-
\??\c:\jvjjj.exec:\jvjjj.exe88⤵PID:3664
-
\??\c:\xxxrrrf.exec:\xxxrrrf.exe89⤵PID:2064
-
\??\c:\hhnnnn.exec:\hhnnnn.exe90⤵PID:3192
-
\??\c:\ttttnn.exec:\ttttnn.exe91⤵PID:4148
-
\??\c:\5pvdv.exec:\5pvdv.exe92⤵PID:3052
-
\??\c:\rrrlxxl.exec:\rrrlxxl.exe93⤵PID:2820
-
\??\c:\tnnhht.exec:\tnnhht.exe94⤵PID:1584
-
\??\c:\hbhhbb.exec:\hbhhbb.exe95⤵PID:3748
-
\??\c:\7dvjv.exec:\7dvjv.exe96⤵PID:2208
-
\??\c:\lxxfrrx.exec:\lxxfrrx.exe97⤵PID:1432
-
\??\c:\fxllrrf.exec:\fxllrrf.exe98⤵PID:1348
-
\??\c:\bbhbtt.exec:\bbhbtt.exe99⤵PID:1448
-
\??\c:\vdjpd.exec:\vdjpd.exe100⤵PID:2396
-
\??\c:\3rrlfll.exec:\3rrlfll.exe101⤵PID:2540
-
\??\c:\rlxxffr.exec:\rlxxffr.exe102⤵PID:4772
-
\??\c:\bntnhb.exec:\bntnhb.exe103⤵PID:2796
-
\??\c:\dpjjd.exec:\dpjjd.exe104⤵PID:760
-
\??\c:\dvvpp.exec:\dvvpp.exe105⤵PID:1408
-
\??\c:\lfffxfl.exec:\lfffxfl.exe106⤵PID:2532
-
\??\c:\hbbnbb.exec:\hbbnbb.exe107⤵PID:4796
-
\??\c:\7ddvp.exec:\7ddvp.exe108⤵PID:4436
-
\??\c:\ffrlffx.exec:\ffrlffx.exe109⤵PID:1356
-
\??\c:\jddvp.exec:\jddvp.exe110⤵PID:4560
-
\??\c:\jjppv.exec:\jjppv.exe111⤵PID:5104
-
\??\c:\lfrrrrx.exec:\lfrrrrx.exe112⤵PID:4776
-
\??\c:\lrxrlll.exec:\lrxrlll.exe113⤵PID:4208
-
\??\c:\nhtnhh.exec:\nhtnhh.exe114⤵PID:3280
-
\??\c:\hhhbnn.exec:\hhhbnn.exe115⤵PID:1548
-
\??\c:\vjpjv.exec:\vjpjv.exe116⤵PID:5036
-
\??\c:\dddvp.exec:\dddvp.exe117⤵PID:5024
-
\??\c:\lxxllxx.exec:\lxxllxx.exe118⤵PID:2508
-
\??\c:\rflxxxr.exec:\rflxxxr.exe119⤵PID:4412
-
\??\c:\1ffxrrf.exec:\1ffxrrf.exe120⤵PID:3104
-
\??\c:\5rxrlff.exec:\5rxrlff.exe121⤵PID:4660
-
\??\c:\vvvvp.exec:\vvvvp.exe122⤵PID:3412
-
\??\c:\jvvpj.exec:\jvvpj.exe123⤵PID:4656
-
\??\c:\llrrfxx.exec:\llrrfxx.exe124⤵PID:5048
-
\??\c:\hbhtbb.exec:\hbhtbb.exe125⤵PID:5108
-
\??\c:\thhtnb.exec:\thhtnb.exe126⤵PID:4516
-
\??\c:\vppjd.exec:\vppjd.exe127⤵PID:3920
-
\??\c:\vpdvv.exec:\vpdvv.exe128⤵PID:2320
-
\??\c:\xrfllxl.exec:\xrfllxl.exe129⤵PID:2828
-
\??\c:\xffxlxl.exec:\xffxlxl.exe130⤵PID:4604
-
\??\c:\nbtbnt.exec:\nbtbnt.exe131⤵PID:1396
-
\??\c:\vppjd.exec:\vppjd.exe132⤵PID:4356
-
\??\c:\dddvp.exec:\dddvp.exe133⤵PID:2348
-
\??\c:\ffrfllr.exec:\ffrfllr.exe134⤵PID:2524
-
\??\c:\bhhnnn.exec:\bhhnnn.exe135⤵PID:3632
-
\??\c:\bthbtb.exec:\bthbtb.exe136⤵PID:4300
-
\??\c:\ntbbbt.exec:\ntbbbt.exe137⤵PID:4476
-
\??\c:\pdpjd.exec:\pdpjd.exe138⤵PID:436
-
\??\c:\vvpdj.exec:\vvpdj.exe139⤵PID:2616
-
\??\c:\rrfxrrf.exec:\rrfxrrf.exe140⤵PID:332
-
\??\c:\1xrrlxr.exec:\1xrrlxr.exe141⤵PID:3056
-
\??\c:\bthhnn.exec:\bthhnn.exe142⤵PID:1284
-
\??\c:\hbbtnn.exec:\hbbtnn.exe143⤵PID:3772
-
\??\c:\jjjdv.exec:\jjjdv.exe144⤵PID:1448
-
\??\c:\fxrfxxr.exec:\fxrfxxr.exe145⤵PID:1324
-
\??\c:\xfrlffx.exec:\xfrlffx.exe146⤵PID:4824
-
\??\c:\xrrlffr.exec:\xrrlffr.exe147⤵PID:4480
-
\??\c:\hthntb.exec:\hthntb.exe148⤵PID:648
-
\??\c:\nbhbht.exec:\nbhbht.exe149⤵PID:2464
-
\??\c:\jvddp.exec:\jvddp.exe150⤵PID:5044
-
\??\c:\dpjpd.exec:\dpjpd.exe151⤵PID:3552
-
\??\c:\xffxffl.exec:\xffxffl.exe152⤵PID:1008
-
\??\c:\5hhbtt.exec:\5hhbtt.exe153⤵PID:3360
-
\??\c:\nnhtbt.exec:\nnhtbt.exe154⤵PID:4528
-
\??\c:\ddpdp.exec:\ddpdp.exe155⤵PID:4784
-
\??\c:\jppvv.exec:\jppvv.exe156⤵PID:4916
-
\??\c:\lrlxrfl.exec:\lrlxrfl.exe157⤵PID:2700
-
\??\c:\bhnhhh.exec:\bhnhhh.exe158⤵PID:3536
-
\??\c:\thnhbb.exec:\thnhbb.exe159⤵PID:3604
-
\??\c:\dvpvj.exec:\dvpvj.exe160⤵PID:2000
-
\??\c:\fxlfxxf.exec:\fxlfxxf.exe161⤵PID:3352
-
\??\c:\xllffxx.exec:\xllffxx.exe162⤵PID:4412
-
\??\c:\nbhhhh.exec:\nbhhhh.exe163⤵PID:4104
-
\??\c:\pjjdd.exec:\pjjdd.exe164⤵PID:3500
-
\??\c:\vpjpp.exec:\vpjpp.exe165⤵PID:4860
-
\??\c:\rlrxrlr.exec:\rlrxrlr.exe166⤵PID:4236
-
\??\c:\lfllfff.exec:\lfllfff.exe167⤵PID:4416
-
\??\c:\3nhbtt.exec:\3nhbtt.exe168⤵PID:2320
-
\??\c:\hthhth.exec:\hthhth.exe169⤵PID:4960
-
\??\c:\btbttt.exec:\btbttt.exe170⤵PID:1280
-
\??\c:\5jjjd.exec:\5jjjd.exe171⤵PID:2328
-
\??\c:\9pjjj.exec:\9pjjj.exe172⤵PID:2348
-
\??\c:\xlffrfr.exec:\xlffrfr.exe173⤵PID:2600
-
\??\c:\ttbttn.exec:\ttbttn.exe174⤵PID:3192
-
\??\c:\tbhhbh.exec:\tbhhbh.exe175⤵PID:4688
-
\??\c:\pjjdv.exec:\pjjdv.exe176⤵PID:3544
-
\??\c:\xxflfff.exec:\xxflfff.exe177⤵PID:1608
-
\??\c:\hhbbbb.exec:\hhbbbb.exe178⤵PID:3120
-
\??\c:\jjvpp.exec:\jjvpp.exe179⤵PID:768
-
\??\c:\pjdvj.exec:\pjdvj.exe180⤵PID:3928
-
\??\c:\rflxrrl.exec:\rflxrrl.exe181⤵PID:1556
-
\??\c:\nbbtnb.exec:\nbbtnb.exe182⤵PID:3028
-
\??\c:\vvpjj.exec:\vvpjj.exe183⤵PID:1716
-
\??\c:\nbnhnh.exec:\nbnhnh.exe184⤵PID:2084
-
\??\c:\rrxffxf.exec:\rrxffxf.exe185⤵PID:3364
-
\??\c:\btbtnn.exec:\btbtnn.exe186⤵PID:372
-
\??\c:\rlfxllf.exec:\rlfxllf.exe187⤵PID:1660
-
\??\c:\tnbbbh.exec:\tnbbbh.exe188⤵PID:2464
-
\??\c:\vvvdp.exec:\vvvdp.exe189⤵PID:5044
-
\??\c:\3tbtbb.exec:\3tbtbb.exe190⤵PID:3552
-
\??\c:\1hnhbt.exec:\1hnhbt.exe191⤵PID:1008
-
\??\c:\3vpjd.exec:\3vpjd.exe192⤵PID:2160
-
\??\c:\9xxxrll.exec:\9xxxrll.exe193⤵PID:4528
-
\??\c:\3xlfllr.exec:\3xlfllr.exe194⤵PID:5104
-
\??\c:\bhnhbb.exec:\bhnhbb.exe195⤵PID:1656
-
\??\c:\tnnhbb.exec:\tnnhbb.exe196⤵PID:3896
-
\??\c:\jvvvd.exec:\jvvvd.exe197⤵PID:4312
-
\??\c:\7rxrffx.exec:\7rxrffx.exe198⤵PID:4904
-
\??\c:\btbthb.exec:\btbthb.exe199⤵PID:4876
-
\??\c:\1tbttb.exec:\1tbttb.exe200⤵PID:2692
-
\??\c:\rxllffr.exec:\rxllffr.exe201⤵PID:1108
-
\??\c:\llxxflr.exec:\llxxflr.exe202⤵PID:1520
-
\??\c:\hnnttt.exec:\hnnttt.exe203⤵PID:3708
-
\??\c:\hbnbnb.exec:\hbnbnb.exe204⤵PID:5048
-
\??\c:\jjddv.exec:\jjddv.exe205⤵PID:456
-
\??\c:\vvddv.exec:\vvddv.exe206⤵PID:2436
-
\??\c:\fxllrrf.exec:\fxllrrf.exe207⤵PID:2548
-
\??\c:\rrxllrl.exec:\rrxllrl.exe208⤵PID:3300
-
\??\c:\tnbbbb.exec:\tnbbbb.exe209⤵PID:4364
-
\??\c:\nbtbtb.exec:\nbtbtb.exe210⤵PID:4372
-
\??\c:\pjvvv.exec:\pjvvv.exe211⤵PID:1552
-
\??\c:\7pppv.exec:\7pppv.exe212⤵PID:928
-
\??\c:\ppjjd.exec:\ppjjd.exe213⤵PID:2452
-
\??\c:\llxxffx.exec:\llxxffx.exe214⤵PID:2820
-
\??\c:\rflrrxx.exec:\rflrrxx.exe215⤵PID:4920
-
\??\c:\bbhhbh.exec:\bbhhbh.exe216⤵PID:1900
-
\??\c:\ntttnn.exec:\ntttnn.exe217⤵PID:3788
-
\??\c:\pjppp.exec:\pjppp.exe218⤵PID:3124
-
\??\c:\pdjjj.exec:\pdjjj.exe219⤵PID:3808
-
\??\c:\rlrrlfx.exec:\rlrrlfx.exe220⤵PID:2540
-
\??\c:\llllllx.exec:\llllllx.exe221⤵PID:432
-
\??\c:\bhbhhh.exec:\bhbhhh.exe222⤵PID:4680
-
\??\c:\9bbnnt.exec:\9bbnnt.exe223⤵PID:1352
-
\??\c:\tbhntb.exec:\tbhntb.exe224⤵PID:1516
-
\??\c:\ddjdd.exec:\ddjdd.exe225⤵PID:5068
-
\??\c:\vppvv.exec:\vppvv.exe226⤵PID:1912
-
\??\c:\lllffxx.exec:\lllffxx.exe227⤵PID:404
-
\??\c:\3lxxlfr.exec:\3lxxlfr.exe228⤵PID:3628
-
\??\c:\nhnhhb.exec:\nhnhhb.exe229⤵PID:1404
-
\??\c:\7ntnhn.exec:\7ntnhn.exe230⤵PID:3524
-
\??\c:\5pjjp.exec:\5pjjp.exe231⤵PID:3384
-
\??\c:\vvvvj.exec:\vvvvj.exe232⤵PID:3960
-
\??\c:\dpdvv.exec:\dpdvv.exe233⤵PID:2700
-
\??\c:\lfxrxxx.exec:\lfxrxxx.exe234⤵PID:4488
-
\??\c:\xlfllrr.exec:\xlfllrr.exe235⤵PID:3356
-
\??\c:\tnnnhn.exec:\tnnnhn.exe236⤵PID:3800
-
\??\c:\hnhhbh.exec:\hnhhbh.exe237⤵PID:1540
-
\??\c:\1vvvv.exec:\1vvvv.exe238⤵PID:544
-
\??\c:\djjjd.exec:\djjjd.exe239⤵PID:4104
-
\??\c:\llrrxff.exec:\llrrxff.exe240⤵PID:4368
-
\??\c:\xxrfxxr.exec:\xxrfxxr.exe241⤵PID:2108
-
\??\c:\nttttb.exec:\nttttb.exe242⤵PID:3920