Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
18-05-2024 08:02
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
b17f5efdffb7cec96a5ecc30522eb9e0_NeikiAnalytics.exe
Resource
win7-20240508-en
windows7-x64
5 signatures
150 seconds
General
-
Target
b17f5efdffb7cec96a5ecc30522eb9e0_NeikiAnalytics.exe
-
Size
75KB
-
MD5
b17f5efdffb7cec96a5ecc30522eb9e0
-
SHA1
70cc82ab6fcf4f58b8571d7895582a3a39235961
-
SHA256
673a0588285f7297eee1d93a426bed44a8a48b1a4a8d24f525eb89b2c83788ab
-
SHA512
741b96b26733f1dc96b7e473c0a40af7f62c099c798e1aa674e5062d3b79f9420631ddd82edbc7220cfb3e6181019f47c601ac8d344f515b1479da491bf3cf6f
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIsIpWCz+FR4RzWqC5c:ymb3NkkiQ3mdBjFIsIpZ+R4RzWqCC
Malware Config
Signatures
-
Detect Blackmoon payload 19 IoCs
Processes:
resource yara_rule behavioral1/memory/2436-3-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/3032-22-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2716-33-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2284-43-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2264-62-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2544-68-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2524-82-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2524-81-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/3020-86-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2536-101-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2892-111-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1048-137-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2176-147-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1600-183-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/848-192-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/676-219-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1032-227-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1860-236-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1780-245-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
Processes:
vvpvp.exe9tnntb.exepjvdj.exerrfrxxl.exetthtbb.exepjddj.exefxlrrrx.exe7ffxrll.exennbhth.exedpjpd.exexxlxrfr.exelfxffxf.exe7ntbnn.exetntbbh.exe3vjjv.exe7rrflrf.exefxlfllx.exetnntbn.exe5bntnh.exedvppv.exe9rxfflr.exerlllllr.exetntbnt.exe3thbhn.exevvdvv.exefxxfrrf.exe3nhhnb.exepjppv.exe3vjjv.exexrlrxlr.exebttnnn.exe5nhhnb.exevpvdj.exe9dvvd.exelfrrxfl.exeffrrxxf.exehhthtb.exenhbhht.exejdjpp.exevpjpv.exe9llrfxl.exexrllflr.exehbnntt.exethntth.exe9ppvp.exe1dvvj.exerllrxfr.exe7xrxxrx.exenhhhnt.exebhhntn.exejdvjj.exeppddp.exerrrllrr.exe1rrxffl.exe1tnbnn.exenhttnn.exejjvvd.exedvvjj.exefxlrrrx.exe9rxfrrl.exehthnth.exehbhnnn.exelxllxfr.exe3lllrrx.exepid process 1280 vvpvp.exe 3032 9tnntb.exe 2716 pjvdj.exe 2284 rrfrxxl.exe 2264 tthtbb.exe 2544 pjddj.exe 2524 fxlrrrx.exe 3020 7ffxrll.exe 2536 nnbhth.exe 2892 dpjpd.exe 2996 xxlxrfr.exe 1756 lfxffxf.exe 1048 7ntbnn.exe 2176 tntbbh.exe 288 3vjjv.exe 2824 7rrflrf.exe 2084 fxlfllx.exe 1600 tnntbn.exe 848 5bntnh.exe 2928 dvppv.exe 2940 9rxfflr.exe 676 rlllllr.exe 1032 tntbnt.exe 1860 3thbhn.exe 1780 vvdvv.exe 620 fxxfrrf.exe 2952 3nhhnb.exe 2472 pjppv.exe 2128 3vjjv.exe 2396 xrlrxlr.exe 888 bttnnn.exe 2604 5nhhnb.exe 2436 vpvdj.exe 1508 9dvvd.exe 2068 lfrrxfl.exe 2648 ffrrxxf.exe 2748 hhthtb.exe 2624 nhbhht.exe 2784 jdjpp.exe 2608 vpjpv.exe 2684 9llrfxl.exe 2540 xrllflr.exe 1212 hbnntt.exe 2400 thntth.exe 1996 9ppvp.exe 2872 1dvvj.exe 2988 rllrxfr.exe 1396 7xrxxrx.exe 2580 nhhhnt.exe 2180 bhhntn.exe 2004 jdvjj.exe 1960 ppddp.exe 2860 rrrllrr.exe 2844 1rrxffl.exe 1660 1tnbnn.exe 1760 nhttnn.exe 1568 jjvvd.exe 2252 dvvjj.exe 1800 fxlrrrx.exe 2192 9rxfrrl.exe 560 hthnth.exe 676 hbhnnn.exe 1032 lxllxfr.exe 1828 3lllrrx.exe -
Processes:
resource yara_rule behavioral1/memory/2436-3-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/3032-22-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2716-33-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2716-31-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2284-43-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2264-55-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2264-53-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2264-52-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2264-62-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2544-68-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2524-81-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/3020-86-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2536-101-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2892-111-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1048-137-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2176-147-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1600-183-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/848-192-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/676-219-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1032-227-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1860-236-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1780-245-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
b17f5efdffb7cec96a5ecc30522eb9e0_NeikiAnalytics.exevvpvp.exe9tnntb.exepjvdj.exerrfrxxl.exetthtbb.exepjddj.exefxlrrrx.exe7ffxrll.exennbhth.exedpjpd.exexxlxrfr.exelfxffxf.exe7ntbnn.exetntbbh.exe3vjjv.exedescription pid process target process PID 2436 wrote to memory of 1280 2436 b17f5efdffb7cec96a5ecc30522eb9e0_NeikiAnalytics.exe vvpvp.exe PID 2436 wrote to memory of 1280 2436 b17f5efdffb7cec96a5ecc30522eb9e0_NeikiAnalytics.exe vvpvp.exe PID 2436 wrote to memory of 1280 2436 b17f5efdffb7cec96a5ecc30522eb9e0_NeikiAnalytics.exe vvpvp.exe PID 2436 wrote to memory of 1280 2436 b17f5efdffb7cec96a5ecc30522eb9e0_NeikiAnalytics.exe vvpvp.exe PID 1280 wrote to memory of 3032 1280 vvpvp.exe 9tnntb.exe PID 1280 wrote to memory of 3032 1280 vvpvp.exe 9tnntb.exe PID 1280 wrote to memory of 3032 1280 vvpvp.exe 9tnntb.exe PID 1280 wrote to memory of 3032 1280 vvpvp.exe 9tnntb.exe PID 3032 wrote to memory of 2716 3032 9tnntb.exe pjvdj.exe PID 3032 wrote to memory of 2716 3032 9tnntb.exe pjvdj.exe PID 3032 wrote to memory of 2716 3032 9tnntb.exe pjvdj.exe PID 3032 wrote to memory of 2716 3032 9tnntb.exe pjvdj.exe PID 2716 wrote to memory of 2284 2716 pjvdj.exe rrfrxxl.exe PID 2716 wrote to memory of 2284 2716 pjvdj.exe rrfrxxl.exe PID 2716 wrote to memory of 2284 2716 pjvdj.exe rrfrxxl.exe PID 2716 wrote to memory of 2284 2716 pjvdj.exe rrfrxxl.exe PID 2284 wrote to memory of 2264 2284 rrfrxxl.exe tthtbb.exe PID 2284 wrote to memory of 2264 2284 rrfrxxl.exe tthtbb.exe PID 2284 wrote to memory of 2264 2284 rrfrxxl.exe tthtbb.exe PID 2284 wrote to memory of 2264 2284 rrfrxxl.exe tthtbb.exe PID 2264 wrote to memory of 2544 2264 tthtbb.exe pjddj.exe PID 2264 wrote to memory of 2544 2264 tthtbb.exe pjddj.exe PID 2264 wrote to memory of 2544 2264 tthtbb.exe pjddj.exe PID 2264 wrote to memory of 2544 2264 tthtbb.exe pjddj.exe PID 2544 wrote to memory of 2524 2544 pjddj.exe fxlrrrx.exe PID 2544 wrote to memory of 2524 2544 pjddj.exe fxlrrrx.exe PID 2544 wrote to memory of 2524 2544 pjddj.exe fxlrrrx.exe PID 2544 wrote to memory of 2524 2544 pjddj.exe fxlrrrx.exe PID 2524 wrote to memory of 3020 2524 fxlrrrx.exe 7ffxrll.exe PID 2524 wrote to memory of 3020 2524 fxlrrrx.exe 7ffxrll.exe PID 2524 wrote to memory of 3020 2524 fxlrrrx.exe 7ffxrll.exe PID 2524 wrote to memory of 3020 2524 fxlrrrx.exe 7ffxrll.exe PID 3020 wrote to memory of 2536 3020 7ffxrll.exe nnbhth.exe PID 3020 wrote to memory of 2536 3020 7ffxrll.exe nnbhth.exe PID 3020 wrote to memory of 2536 3020 7ffxrll.exe nnbhth.exe PID 3020 wrote to memory of 2536 3020 7ffxrll.exe nnbhth.exe PID 2536 wrote to memory of 2892 2536 nnbhth.exe dpjpd.exe PID 2536 wrote to memory of 2892 2536 nnbhth.exe dpjpd.exe PID 2536 wrote to memory of 2892 2536 nnbhth.exe dpjpd.exe PID 2536 wrote to memory of 2892 2536 nnbhth.exe dpjpd.exe PID 2892 wrote to memory of 2996 2892 dpjpd.exe xxlxrfr.exe PID 2892 wrote to memory of 2996 2892 dpjpd.exe xxlxrfr.exe PID 2892 wrote to memory of 2996 2892 dpjpd.exe xxlxrfr.exe PID 2892 wrote to memory of 2996 2892 dpjpd.exe xxlxrfr.exe PID 2996 wrote to memory of 1756 2996 xxlxrfr.exe lfxffxf.exe PID 2996 wrote to memory of 1756 2996 xxlxrfr.exe lfxffxf.exe PID 2996 wrote to memory of 1756 2996 xxlxrfr.exe lfxffxf.exe PID 2996 wrote to memory of 1756 2996 xxlxrfr.exe lfxffxf.exe PID 1756 wrote to memory of 1048 1756 lfxffxf.exe 7ntbnn.exe PID 1756 wrote to memory of 1048 1756 lfxffxf.exe 7ntbnn.exe PID 1756 wrote to memory of 1048 1756 lfxffxf.exe 7ntbnn.exe PID 1756 wrote to memory of 1048 1756 lfxffxf.exe 7ntbnn.exe PID 1048 wrote to memory of 2176 1048 7ntbnn.exe tntbbh.exe PID 1048 wrote to memory of 2176 1048 7ntbnn.exe tntbbh.exe PID 1048 wrote to memory of 2176 1048 7ntbnn.exe tntbbh.exe PID 1048 wrote to memory of 2176 1048 7ntbnn.exe tntbbh.exe PID 2176 wrote to memory of 288 2176 tntbbh.exe 3vjjv.exe PID 2176 wrote to memory of 288 2176 tntbbh.exe 3vjjv.exe PID 2176 wrote to memory of 288 2176 tntbbh.exe 3vjjv.exe PID 2176 wrote to memory of 288 2176 tntbbh.exe 3vjjv.exe PID 288 wrote to memory of 2824 288 3vjjv.exe 7rrflrf.exe PID 288 wrote to memory of 2824 288 3vjjv.exe 7rrflrf.exe PID 288 wrote to memory of 2824 288 3vjjv.exe 7rrflrf.exe PID 288 wrote to memory of 2824 288 3vjjv.exe 7rrflrf.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\b17f5efdffb7cec96a5ecc30522eb9e0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\b17f5efdffb7cec96a5ecc30522eb9e0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2436 -
\??\c:\vvpvp.exec:\vvpvp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1280 -
\??\c:\9tnntb.exec:\9tnntb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3032 -
\??\c:\pjvdj.exec:\pjvdj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2716 -
\??\c:\rrfrxxl.exec:\rrfrxxl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2284 -
\??\c:\tthtbb.exec:\tthtbb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2264 -
\??\c:\pjddj.exec:\pjddj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2544 -
\??\c:\fxlrrrx.exec:\fxlrrrx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2524 -
\??\c:\7ffxrll.exec:\7ffxrll.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3020 -
\??\c:\nnbhth.exec:\nnbhth.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2536 -
\??\c:\dpjpd.exec:\dpjpd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2892 -
\??\c:\xxlxrfr.exec:\xxlxrfr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2996 -
\??\c:\lfxffxf.exec:\lfxffxf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1756 -
\??\c:\7ntbnn.exec:\7ntbnn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1048 -
\??\c:\tntbbh.exec:\tntbbh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2176 -
\??\c:\3vjjv.exec:\3vjjv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:288 -
\??\c:\7rrflrf.exec:\7rrflrf.exe17⤵
- Executes dropped EXE
PID:2824 -
\??\c:\fxlfllx.exec:\fxlfllx.exe18⤵
- Executes dropped EXE
PID:2084 -
\??\c:\tnntbn.exec:\tnntbn.exe19⤵
- Executes dropped EXE
PID:1600 -
\??\c:\5bntnh.exec:\5bntnh.exe20⤵
- Executes dropped EXE
PID:848 -
\??\c:\dvppv.exec:\dvppv.exe21⤵
- Executes dropped EXE
PID:2928 -
\??\c:\9rxfflr.exec:\9rxfflr.exe22⤵
- Executes dropped EXE
PID:2940 -
\??\c:\rlllllr.exec:\rlllllr.exe23⤵
- Executes dropped EXE
PID:676 -
\??\c:\tntbnt.exec:\tntbnt.exe24⤵
- Executes dropped EXE
PID:1032 -
\??\c:\3thbhn.exec:\3thbhn.exe25⤵
- Executes dropped EXE
PID:1860 -
\??\c:\vvdvv.exec:\vvdvv.exe26⤵
- Executes dropped EXE
PID:1780 -
\??\c:\fxxfrrf.exec:\fxxfrrf.exe27⤵
- Executes dropped EXE
PID:620 -
\??\c:\3nhhnb.exec:\3nhhnb.exe28⤵
- Executes dropped EXE
PID:2952 -
\??\c:\pjppv.exec:\pjppv.exe29⤵
- Executes dropped EXE
PID:2472 -
\??\c:\3vjjv.exec:\3vjjv.exe30⤵
- Executes dropped EXE
PID:2128 -
\??\c:\xrlrxlr.exec:\xrlrxlr.exe31⤵
- Executes dropped EXE
PID:2396 -
\??\c:\bttnnn.exec:\bttnnn.exe32⤵
- Executes dropped EXE
PID:888 -
\??\c:\5nhhnb.exec:\5nhhnb.exe33⤵
- Executes dropped EXE
PID:2604 -
\??\c:\vpvdj.exec:\vpvdj.exe34⤵
- Executes dropped EXE
PID:2436 -
\??\c:\9dvvd.exec:\9dvvd.exe35⤵
- Executes dropped EXE
PID:1508 -
\??\c:\lfrrxfl.exec:\lfrrxfl.exe36⤵
- Executes dropped EXE
PID:2068 -
\??\c:\ffrrxxf.exec:\ffrrxxf.exe37⤵
- Executes dropped EXE
PID:2648 -
\??\c:\hhthtb.exec:\hhthtb.exe38⤵
- Executes dropped EXE
PID:2748 -
\??\c:\nhbhht.exec:\nhbhht.exe39⤵
- Executes dropped EXE
PID:2624 -
\??\c:\jdjpp.exec:\jdjpp.exe40⤵
- Executes dropped EXE
PID:2784 -
\??\c:\vpjpv.exec:\vpjpv.exe41⤵
- Executes dropped EXE
PID:2608 -
\??\c:\9llrfxl.exec:\9llrfxl.exe42⤵
- Executes dropped EXE
PID:2684 -
\??\c:\xrllflr.exec:\xrllflr.exe43⤵
- Executes dropped EXE
PID:2540 -
\??\c:\hbnntt.exec:\hbnntt.exe44⤵
- Executes dropped EXE
PID:1212 -
\??\c:\thntth.exec:\thntth.exe45⤵
- Executes dropped EXE
PID:2400 -
\??\c:\9ppvp.exec:\9ppvp.exe46⤵
- Executes dropped EXE
PID:1996 -
\??\c:\1dvvj.exec:\1dvvj.exe47⤵
- Executes dropped EXE
PID:2872 -
\??\c:\rllrxfr.exec:\rllrxfr.exe48⤵
- Executes dropped EXE
PID:2988 -
\??\c:\7xrxxrx.exec:\7xrxxrx.exe49⤵
- Executes dropped EXE
PID:1396 -
\??\c:\nhhhnt.exec:\nhhhnt.exe50⤵
- Executes dropped EXE
PID:2580 -
\??\c:\bhhntn.exec:\bhhntn.exe51⤵
- Executes dropped EXE
PID:2180 -
\??\c:\jdvjj.exec:\jdvjj.exe52⤵
- Executes dropped EXE
PID:2004 -
\??\c:\ppddp.exec:\ppddp.exe53⤵
- Executes dropped EXE
PID:1960 -
\??\c:\rrrllrr.exec:\rrrllrr.exe54⤵
- Executes dropped EXE
PID:2860 -
\??\c:\1rrxffl.exec:\1rrxffl.exe55⤵
- Executes dropped EXE
PID:2844 -
\??\c:\1tnbnn.exec:\1tnbnn.exe56⤵
- Executes dropped EXE
PID:1660 -
\??\c:\nhttnn.exec:\nhttnn.exe57⤵
- Executes dropped EXE
PID:1760 -
\??\c:\jjvvd.exec:\jjvvd.exe58⤵
- Executes dropped EXE
PID:1568 -
\??\c:\dvvjj.exec:\dvvjj.exe59⤵
- Executes dropped EXE
PID:2252 -
\??\c:\fxlrrrx.exec:\fxlrrrx.exe60⤵
- Executes dropped EXE
PID:1800 -
\??\c:\9rxfrrl.exec:\9rxfrrl.exe61⤵
- Executes dropped EXE
PID:2192 -
\??\c:\hthnth.exec:\hthnth.exe62⤵
- Executes dropped EXE
PID:560 -
\??\c:\hbhnnn.exec:\hbhnnn.exe63⤵
- Executes dropped EXE
PID:676 -
\??\c:\lxllxfr.exec:\lxllxfr.exe64⤵
- Executes dropped EXE
PID:1032 -
\??\c:\3lllrrx.exec:\3lllrrx.exe65⤵
- Executes dropped EXE
PID:1828 -
\??\c:\fxffrrx.exec:\fxffrrx.exe66⤵PID:2288
-
\??\c:\nbhnbh.exec:\nbhnbh.exe67⤵PID:1920
-
\??\c:\pjvvv.exec:\pjvvv.exe68⤵PID:620
-
\??\c:\3ppvd.exec:\3ppvd.exe69⤵PID:1932
-
\??\c:\xlxrfxr.exec:\xlxrfxr.exe70⤵PID:2188
-
\??\c:\ffrfxff.exec:\ffrfxff.exe71⤵PID:1808
-
\??\c:\9rlrflx.exec:\9rlrflx.exe72⤵PID:468
-
\??\c:\9nbhtn.exec:\9nbhtn.exe73⤵PID:2396
-
\??\c:\ddpdv.exec:\ddpdv.exe74⤵PID:1744
-
\??\c:\9vjpd.exec:\9vjpd.exe75⤵PID:3068
-
\??\c:\lfrflfr.exec:\lfrflfr.exe76⤵PID:1596
-
\??\c:\rlrxflx.exec:\rlrxflx.exe77⤵PID:1280
-
\??\c:\frfrxxx.exec:\frfrxxx.exe78⤵PID:2208
-
\??\c:\thbnnt.exec:\thbnnt.exe79⤵PID:2752
-
\??\c:\jvjvp.exec:\jvjvp.exe80⤵PID:2716
-
\??\c:\7dvjj.exec:\7dvjj.exe81⤵PID:2528
-
\??\c:\7flflrf.exec:\7flflrf.exe82⤵PID:2680
-
\??\c:\xxrxlxl.exec:\xxrxlxl.exe83⤵PID:2232
-
\??\c:\bnbbtn.exec:\bnbbtn.exe84⤵PID:2520
-
\??\c:\3hnnbb.exec:\3hnnbb.exe85⤵PID:2584
-
\??\c:\pjjjd.exec:\pjjjd.exe86⤵PID:2372
-
\??\c:\7vvjd.exec:\7vvjd.exe87⤵PID:3012
-
\??\c:\rlfxrlr.exec:\rlfxrlr.exe88⤵PID:2536
-
\??\c:\1lxxxrf.exec:\1lxxxrf.exe89⤵PID:3008
-
\??\c:\3bbntb.exec:\3bbntb.exe90⤵PID:2892
-
\??\c:\btttnn.exec:\btttnn.exe91⤵PID:892
-
\??\c:\vpvvd.exec:\vpvvd.exe92⤵PID:1756
-
\??\c:\dvddd.exec:\dvddd.exe93⤵PID:2412
-
\??\c:\vpjpv.exec:\vpjpv.exe94⤵PID:2768
-
\??\c:\fxllrxf.exec:\fxllrxf.exe95⤵PID:764
-
\??\c:\lflrxfr.exec:\lflrxfr.exe96⤵PID:2856
-
\??\c:\nhbbnn.exec:\nhbbnn.exe97⤵PID:2824
-
\??\c:\tbnhnh.exec:\tbnhnh.exe98⤵PID:2084
-
\??\c:\vjvvv.exec:\vjvvv.exe99⤵PID:1348
-
\??\c:\jjvvd.exec:\jjvvd.exe100⤵PID:320
-
\??\c:\dpjjp.exec:\dpjjp.exe101⤵PID:2360
-
\??\c:\frlllff.exec:\frlllff.exe102⤵PID:2936
-
\??\c:\7frrxrx.exec:\7frrxrx.exe103⤵PID:2064
-
\??\c:\hthhnt.exec:\hthhnt.exe104⤵PID:1360
-
\??\c:\nnbnhn.exec:\nnbnhn.exe105⤵PID:824
-
\??\c:\dpvvd.exec:\dpvvd.exe106⤵PID:1120
-
\??\c:\7dvvv.exec:\7dvvv.exe107⤵PID:2312
-
\??\c:\lxxrxrx.exec:\lxxrxrx.exe108⤵PID:1868
-
\??\c:\ffrxxxf.exec:\ffrxxxf.exe109⤵PID:1872
-
\??\c:\3rflrxl.exec:\3rflrxl.exe110⤵PID:972
-
\??\c:\nbhnbb.exec:\nbhnbb.exe111⤵PID:2352
-
\??\c:\5hhhnn.exec:\5hhhnn.exe112⤵PID:2336
-
\??\c:\3jdjp.exec:\3jdjp.exe113⤵PID:2196
-
\??\c:\vpdpj.exec:\vpdpj.exe114⤵PID:1820
-
\??\c:\rlrrflr.exec:\rlrrflr.exe115⤵PID:2600
-
\??\c:\rffflfl.exec:\rffflfl.exe116⤵PID:2420
-
\??\c:\thnbhh.exec:\thnbhh.exe117⤵PID:2376
-
\??\c:\9bbntt.exec:\9bbntt.exe118⤵PID:2332
-
\??\c:\bnbtbn.exec:\bnbtbn.exe119⤵PID:2104
-
\??\c:\9jddj.exec:\9jddj.exe120⤵PID:3032
-
\??\c:\vpdjp.exec:\vpdjp.exe121⤵PID:2676
-
\??\c:\lfrxrxl.exec:\lfrxrxl.exe122⤵PID:2760
-
\??\c:\xllxffr.exec:\xllxffr.exe123⤵PID:2800
-
\??\c:\hthhhn.exec:\hthhhn.exe124⤵PID:2712
-
\??\c:\hbtbnt.exec:\hbtbnt.exe125⤵PID:2632
-
\??\c:\9jvjp.exec:\9jvjp.exe126⤵PID:2592
-
\??\c:\5pddd.exec:\5pddd.exe127⤵PID:2572
-
\??\c:\9rfllrx.exec:\9rfllrx.exe128⤵PID:1792
-
\??\c:\ffllxrf.exec:\ffllxrf.exe129⤵PID:2696
-
\??\c:\btbhnn.exec:\btbhnn.exe130⤵PID:2984
-
\??\c:\bntbtt.exec:\bntbtt.exe131⤵PID:2340
-
\??\c:\htnnbh.exec:\htnnbh.exe132⤵PID:2616
-
\??\c:\vpddv.exec:\vpddv.exe133⤵PID:700
-
\??\c:\jddjd.exec:\jddjd.exe134⤵PID:316
-
\??\c:\frfllll.exec:\frfllll.exe135⤵PID:1852
-
\??\c:\hbhhtt.exec:\hbhhtt.exe136⤵PID:2508
-
\??\c:\btnttb.exec:\btnttb.exe137⤵PID:2832
-
\??\c:\tnbbbh.exec:\tnbbbh.exe138⤵PID:2852
-
\??\c:\vpppd.exec:\vpppd.exe139⤵PID:552
-
\??\c:\jpddd.exec:\jpddd.exe140⤵PID:1300
-
\??\c:\fxrllrx.exec:\fxrllrx.exe141⤵PID:1192
-
\??\c:\fxlllrx.exec:\fxlllrx.exe142⤵PID:848
-
\??\c:\hthhtt.exec:\hthhtt.exe143⤵PID:1972
-
\??\c:\3nbttn.exec:\3nbttn.exe144⤵PID:536
-
\??\c:\3tnthn.exec:\3tnthn.exe145⤵PID:1232
-
\??\c:\dpvvp.exec:\dpvvp.exe146⤵PID:1480
-
\??\c:\pdvpj.exec:\pdvpj.exe147⤵PID:564
-
\??\c:\fxffxrx.exec:\fxffxrx.exe148⤵PID:1860
-
\??\c:\fxrxlrf.exec:\fxrxlrf.exe149⤵PID:944
-
\??\c:\7btbhn.exec:\7btbhn.exe150⤵PID:2500
-
\??\c:\tnbbnn.exec:\tnbbnn.exe151⤵PID:940
-
\??\c:\pjvdp.exec:\pjvdp.exe152⤵PID:1536
-
\??\c:\ppjdv.exec:\ppjdv.exe153⤵PID:1720
-
\??\c:\frrrxxl.exec:\frrrxxl.exe154⤵PID:2124
-
\??\c:\9rfxlll.exec:\9rfxlll.exe155⤵PID:1740
-
\??\c:\bnbhhn.exec:\bnbhhn.exe156⤵PID:1788
-
\??\c:\jvjpv.exec:\jvjpv.exe157⤵PID:2424
-
\??\c:\pjdvv.exec:\pjdvv.exe158⤵PID:2604
-
\??\c:\lfllxxf.exec:\lfllxxf.exe159⤵PID:2900
-
\??\c:\5rfxxxf.exec:\5rfxxxf.exe160⤵PID:2704
-
\??\c:\nhntbh.exec:\nhntbh.exe161⤵PID:2728
-
\??\c:\htbbhh.exec:\htbbhh.exe162⤵PID:2648
-
\??\c:\nnbnhn.exec:\nnbnhn.exe163⤵PID:2756
-
\??\c:\dvjdp.exec:\dvjdp.exe164⤵PID:2272
-
\??\c:\dvppj.exec:\dvppj.exe165⤵PID:2884
-
\??\c:\fxrfllr.exec:\fxrfllr.exe166⤵PID:2744
-
\??\c:\lrrlrff.exec:\lrrlrff.exe167⤵PID:3060
-
\??\c:\hthntt.exec:\hthntt.exe168⤵PID:2552
-
\??\c:\hbhnbt.exec:\hbhnbt.exe169⤵PID:3028
-
\??\c:\vpvvv.exec:\vpvvv.exe170⤵PID:2840
-
\??\c:\pjvvd.exec:\pjvvd.exe171⤵PID:2968
-
\??\c:\9fffllr.exec:\9fffllr.exe172⤵PID:3048
-
\??\c:\lfrrflr.exec:\lfrrflr.exe173⤵PID:1944
-
\??\c:\nbbbbt.exec:\nbbbbt.exe174⤵PID:2300
-
\??\c:\nbttnh.exec:\nbttnh.exe175⤵PID:2580
-
\??\c:\1vppv.exec:\1vppv.exe176⤵PID:816
-
\??\c:\3djdd.exec:\3djdd.exe177⤵PID:1052
-
\??\c:\xxlfffl.exec:\xxlfffl.exe178⤵PID:1960
-
\??\c:\5lxxffl.exec:\5lxxffl.exe179⤵PID:1252
-
\??\c:\tnbbnh.exec:\tnbbnh.exe180⤵PID:1664
-
\??\c:\hbbhhb.exec:\hbbhhb.exe181⤵PID:2060
-
\??\c:\vjpvv.exec:\vjpvv.exe182⤵PID:2052
-
\??\c:\5dvpp.exec:\5dvpp.exe183⤵PID:2504
-
\??\c:\rfxrrrx.exec:\rfxrrrx.exe184⤵PID:2388
-
\??\c:\7fllrlr.exec:\7fllrlr.exe185⤵PID:2092
-
\??\c:\nhtnbb.exec:\nhtnbb.exe186⤵PID:588
-
\??\c:\hnhbhh.exec:\hnhbhh.exe187⤵PID:2260
-
\??\c:\jdjvd.exec:\jdjvd.exe188⤵PID:1684
-
\??\c:\7pjpp.exec:\7pjpp.exe189⤵PID:908
-
\??\c:\jdvvv.exec:\jdvvv.exe190⤵PID:1828
-
\??\c:\fxffffl.exec:\fxffffl.exe191⤵PID:1948
-
\??\c:\bntntb.exec:\bntntb.exe192⤵PID:900
-
\??\c:\hbhhtn.exec:\hbhhtn.exe193⤵PID:2140
-
\??\c:\pjvpp.exec:\pjvpp.exe194⤵PID:696
-
\??\c:\jvdpp.exec:\jvdpp.exe195⤵PID:2416
-
\??\c:\9xfxfxf.exec:\9xfxfxf.exe196⤵PID:2292
-
\??\c:\xlrrrxf.exec:\xlrrrxf.exe197⤵PID:1940
-
\??\c:\bnhhtt.exec:\bnhhtt.exe198⤵PID:2460
-
\??\c:\nhtbnn.exec:\nhtbnn.exe199⤵PID:1964
-
\??\c:\hbnnbh.exec:\hbnnbh.exe200⤵PID:1560
-
\??\c:\1dvvd.exec:\1dvvd.exe201⤵PID:3052
-
\??\c:\7djjj.exec:\7djjj.exe202⤵PID:1280
-
\??\c:\1frffxr.exec:\1frffxr.exe203⤵PID:2660
-
\??\c:\3llffxf.exec:\3llffxf.exe204⤵PID:2748
-
\??\c:\thbntt.exec:\thbntt.exe205⤵PID:2644
-
\??\c:\bthhnn.exec:\bthhnn.exe206⤵PID:2784
-
\??\c:\pjvpv.exec:\pjvpv.exe207⤵PID:2548
-
\??\c:\jvjpp.exec:\jvjpp.exe208⤵PID:2684
-
\??\c:\rlrrllx.exec:\rlrrllx.exe209⤵PID:1628
-
\??\c:\rlrrxrf.exec:\rlrrxrf.exe210⤵PID:3016
-
\??\c:\9nntbh.exec:\9nntbh.exe211⤵PID:1532
-
\??\c:\3vjdv.exec:\3vjdv.exe212⤵PID:2404
-
\??\c:\jvpjv.exec:\jvpjv.exe213⤵PID:2536
-
\??\c:\1xlrlll.exec:\1xlrlll.exe214⤵PID:2996
-
\??\c:\5tnthb.exec:\5tnthb.exe215⤵PID:1396
-
\??\c:\pjpvj.exec:\pjpvj.exe216⤵PID:2316
-
\??\c:\jdvvj.exec:\jdvvj.exe217⤵PID:2180
-
\??\c:\7xflrrf.exec:\7xflrrf.exe218⤵PID:2004
-
\??\c:\1fxlrxf.exec:\1fxlrxf.exe219⤵PID:288
-
\??\c:\tnbbbh.exec:\tnbbbh.exe220⤵PID:1636
-
\??\c:\tnbbhh.exec:\tnbbhh.exe221⤵PID:2844
-
\??\c:\dvdjd.exec:\dvdjd.exe222⤵PID:1660
-
\??\c:\pjdjv.exec:\pjdjv.exe223⤵PID:1624
-
\??\c:\fxlllrx.exec:\fxlllrx.exe224⤵PID:1568
-
\??\c:\lxflrrf.exec:\lxflrrf.exe225⤵PID:2252
-
\??\c:\9bnnnn.exec:\9bnnnn.exe226⤵PID:2920
-
\??\c:\hbbbbb.exec:\hbbbbb.exe227⤵PID:2256
-
\??\c:\vpdjd.exec:\vpdjd.exe228⤵PID:984
-
\??\c:\pdjpp.exec:\pdjpp.exe229⤵PID:676
-
\??\c:\9fxxrlr.exec:\9fxxrlr.exe230⤵PID:2296
-
\??\c:\lllflrx.exec:\lllflrx.exe231⤵PID:1608
-
\??\c:\thttbb.exec:\thttbb.exe232⤵PID:2944
-
\??\c:\btbbhn.exec:\btbbhn.exe233⤵PID:1920
-
\??\c:\jvddj.exec:\jvddj.exe234⤵PID:2948
-
\??\c:\vjvjd.exec:\vjvjd.exe235⤵PID:1932
-
\??\c:\fxlfrlx.exec:\fxlfrlx.exe236⤵PID:572
-
\??\c:\5rrxlfl.exec:\5rrxlfl.exe237⤵PID:1808
-
\??\c:\fxfflfr.exec:\fxfflfr.exe238⤵PID:880
-
\??\c:\1tnthb.exec:\1tnthb.exe239⤵PID:1820
-
\??\c:\thtbnn.exec:\thtbnn.exe240⤵PID:1744
-
\??\c:\dvddj.exec:\dvddj.exe241⤵PID:1700
-
\??\c:\jvjjj.exec:\jvjjj.exe242⤵PID:1596