Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
18-05-2024 08:00
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
b15b2e40bd5cd3b97098f4cf94e40210_NeikiAnalytics.exe
Resource
win7-20240215-en
windows7-x64
5 signatures
150 seconds
General
-
Target
b15b2e40bd5cd3b97098f4cf94e40210_NeikiAnalytics.exe
-
Size
392KB
-
MD5
b15b2e40bd5cd3b97098f4cf94e40210
-
SHA1
6ae0e427fc719e95aab13fdd3ab1b48c5801a112
-
SHA256
0c9c7f159d597fe6a8d9d832358a57de25bad7857add204ddbc0cc903bde5482
-
SHA512
6eaa8eac643005ca8eeb748750c003fc19d33169abddf7b87b74b97d4996a4944224c4e5807f75d47742eebfdd9498b7ac7256f74d7574146622fb7a853e7bdf
-
SSDEEP
6144:n3C9BRIG0asYFm71mPfkVB8dKwaO5CVwOP:n3C9uYA7okVqdKwaO5CVJ
Malware Config
Signatures
-
Detect Blackmoon payload 22 IoCs
Processes:
resource yara_rule behavioral2/memory/3820-10-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3900-4-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1560-18-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4020-24-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1468-41-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1036-47-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/336-54-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1260-61-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5104-68-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1084-73-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4548-90-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4312-102-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1240-110-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2096-114-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1064-120-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4412-126-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4752-149-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3880-156-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2936-168-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/620-186-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1440-197-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4628-203-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
Processes:
rrrrlrx.exejpjvv.exe5ttthn.exevvvpj.exellxxxxx.exerlrfxlr.exellllllf.exethtthh.exe3jppp.exepdvpd.exejvjpd.exennnttb.exe5htnnb.exeppddd.exellllllr.exe7vpvj.exe7xfflxf.exejjvdp.exeddddd.exedjvvj.exeflxxflr.exe7jjjj.exerxxfxfr.exevddjj.exefffllll.exevpjdd.exejjpvd.exellrfxxx.exe1vvjj.exe3rxlxxx.exe9hnnnt.exe7lrllrx.exepjvvj.exellxxlff.exe3tttnt.exejdvjd.exevjvvp.exe1xfxrrl.exenththn.exejvvpp.exevjvvj.exefxxlrxx.exehnbtth.exehthnbh.exevjvdv.exefrxrxff.exettttnb.exenbhhnt.exedpvjj.exexflxxrr.exe9lrxrrl.exennbhnn.exedpddv.exepjjdd.exe9flllll.exehtbbbn.exebhhnth.exejjdvv.exelrffflr.exettnhhh.exentbntt.exejjvdj.exebtnttt.exeddjjj.exepid process 3820 rrrrlrx.exe 1560 jpjvv.exe 4020 5ttthn.exe 4588 vvvpj.exe 1468 llxxxxx.exe 1036 rlrfxlr.exe 336 llllllf.exe 1260 thtthh.exe 5104 3jppp.exe 1084 pdvpd.exe 1352 jvjpd.exe 4548 nnnttb.exe 4772 5htnnb.exe 4312 ppddd.exe 1240 llllllr.exe 2096 7vpvj.exe 1064 7xfflxf.exe 4412 jjvdp.exe 368 ddddd.exe 4508 djvvj.exe 2548 flxxflr.exe 4752 7jjjj.exe 3880 rxxfxfr.exe 2872 vddjj.exe 2936 fffllll.exe 4296 vpjdd.exe 5108 jjpvd.exe 620 llrfxxx.exe 2492 1vvjj.exe 1440 3rxlxxx.exe 4628 9hnnnt.exe 4348 7lrllrx.exe 4456 pjvvj.exe 3200 llxxlff.exe 1464 3tttnt.exe 5012 jdvjd.exe 1676 vjvvp.exe 2812 1xfxrrl.exe 1220 nththn.exe 4332 jvvpp.exe 3812 vjvvj.exe 4564 fxxlrxx.exe 4060 hnbtth.exe 2272 hthnbh.exe 3780 vjvdv.exe 3764 frxrxff.exe 4828 ttttnb.exe 1004 nbhhnt.exe 1352 dpvjj.exe 4548 xflxxrr.exe 2356 9lrxrrl.exe 4672 nnbhnn.exe 4308 dpddv.exe 1564 pjjdd.exe 2692 9flllll.exe 4748 htbbbn.exe 4116 bhhnth.exe 4848 jjdvv.exe 4980 lrffflr.exe 3204 ttnhhh.exe 744 ntbntt.exe 4508 jjvdj.exe 3740 btnttt.exe 5040 ddjjj.exe -
Processes:
resource yara_rule behavioral2/memory/3820-10-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3900-4-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1560-18-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4020-24-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4588-32-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1468-41-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1036-47-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/336-54-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1260-61-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5104-68-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1084-73-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4548-90-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4312-102-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1240-110-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2096-114-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1064-120-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4412-126-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4752-149-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3880-156-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2936-168-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/620-186-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1440-197-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4628-203-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
b15b2e40bd5cd3b97098f4cf94e40210_NeikiAnalytics.exerrrrlrx.exejpjvv.exe5ttthn.exevvvpj.exellxxxxx.exerlrfxlr.exellllllf.exethtthh.exe3jppp.exepdvpd.exejvjpd.exennnttb.exe5htnnb.exeppddd.exellllllr.exe7vpvj.exe7xfflxf.exejjvdp.exeddddd.exedjvvj.exeflxxflr.exedescription pid process target process PID 3900 wrote to memory of 3820 3900 b15b2e40bd5cd3b97098f4cf94e40210_NeikiAnalytics.exe rrrrlrx.exe PID 3900 wrote to memory of 3820 3900 b15b2e40bd5cd3b97098f4cf94e40210_NeikiAnalytics.exe rrrrlrx.exe PID 3900 wrote to memory of 3820 3900 b15b2e40bd5cd3b97098f4cf94e40210_NeikiAnalytics.exe rrrrlrx.exe PID 3820 wrote to memory of 1560 3820 rrrrlrx.exe jpjvv.exe PID 3820 wrote to memory of 1560 3820 rrrrlrx.exe jpjvv.exe PID 3820 wrote to memory of 1560 3820 rrrrlrx.exe jpjvv.exe PID 1560 wrote to memory of 4020 1560 jpjvv.exe 5ttthn.exe PID 1560 wrote to memory of 4020 1560 jpjvv.exe 5ttthn.exe PID 1560 wrote to memory of 4020 1560 jpjvv.exe 5ttthn.exe PID 4020 wrote to memory of 4588 4020 5ttthn.exe vvvpj.exe PID 4020 wrote to memory of 4588 4020 5ttthn.exe vvvpj.exe PID 4020 wrote to memory of 4588 4020 5ttthn.exe vvvpj.exe PID 4588 wrote to memory of 1468 4588 vvvpj.exe llxxxxx.exe PID 4588 wrote to memory of 1468 4588 vvvpj.exe llxxxxx.exe PID 4588 wrote to memory of 1468 4588 vvvpj.exe llxxxxx.exe PID 1468 wrote to memory of 1036 1468 llxxxxx.exe rlrfxlr.exe PID 1468 wrote to memory of 1036 1468 llxxxxx.exe rlrfxlr.exe PID 1468 wrote to memory of 1036 1468 llxxxxx.exe rlrfxlr.exe PID 1036 wrote to memory of 336 1036 rlrfxlr.exe llllllf.exe PID 1036 wrote to memory of 336 1036 rlrfxlr.exe llllllf.exe PID 1036 wrote to memory of 336 1036 rlrfxlr.exe llllllf.exe PID 336 wrote to memory of 1260 336 llllllf.exe thtthh.exe PID 336 wrote to memory of 1260 336 llllllf.exe thtthh.exe PID 336 wrote to memory of 1260 336 llllllf.exe thtthh.exe PID 1260 wrote to memory of 5104 1260 thtthh.exe 3jppp.exe PID 1260 wrote to memory of 5104 1260 thtthh.exe 3jppp.exe PID 1260 wrote to memory of 5104 1260 thtthh.exe 3jppp.exe PID 5104 wrote to memory of 1084 5104 3jppp.exe pdvpd.exe PID 5104 wrote to memory of 1084 5104 3jppp.exe pdvpd.exe PID 5104 wrote to memory of 1084 5104 3jppp.exe pdvpd.exe PID 1084 wrote to memory of 1352 1084 pdvpd.exe jvjpd.exe PID 1084 wrote to memory of 1352 1084 pdvpd.exe jvjpd.exe PID 1084 wrote to memory of 1352 1084 pdvpd.exe jvjpd.exe PID 1352 wrote to memory of 4548 1352 jvjpd.exe nnnttb.exe PID 1352 wrote to memory of 4548 1352 jvjpd.exe nnnttb.exe PID 1352 wrote to memory of 4548 1352 jvjpd.exe nnnttb.exe PID 4548 wrote to memory of 4772 4548 nnnttb.exe 5htnnb.exe PID 4548 wrote to memory of 4772 4548 nnnttb.exe 5htnnb.exe PID 4548 wrote to memory of 4772 4548 nnnttb.exe 5htnnb.exe PID 4772 wrote to memory of 4312 4772 5htnnb.exe ppddd.exe PID 4772 wrote to memory of 4312 4772 5htnnb.exe ppddd.exe PID 4772 wrote to memory of 4312 4772 5htnnb.exe ppddd.exe PID 4312 wrote to memory of 1240 4312 ppddd.exe llllllr.exe PID 4312 wrote to memory of 1240 4312 ppddd.exe llllllr.exe PID 4312 wrote to memory of 1240 4312 ppddd.exe llllllr.exe PID 1240 wrote to memory of 2096 1240 llllllr.exe 7vpvj.exe PID 1240 wrote to memory of 2096 1240 llllllr.exe 7vpvj.exe PID 1240 wrote to memory of 2096 1240 llllllr.exe 7vpvj.exe PID 2096 wrote to memory of 1064 2096 7vpvj.exe 7xfflxf.exe PID 2096 wrote to memory of 1064 2096 7vpvj.exe 7xfflxf.exe PID 2096 wrote to memory of 1064 2096 7vpvj.exe 7xfflxf.exe PID 1064 wrote to memory of 4412 1064 7xfflxf.exe jjvdp.exe PID 1064 wrote to memory of 4412 1064 7xfflxf.exe jjvdp.exe PID 1064 wrote to memory of 4412 1064 7xfflxf.exe jjvdp.exe PID 4412 wrote to memory of 368 4412 jjvdp.exe ddddd.exe PID 4412 wrote to memory of 368 4412 jjvdp.exe ddddd.exe PID 4412 wrote to memory of 368 4412 jjvdp.exe ddddd.exe PID 368 wrote to memory of 4508 368 ddddd.exe djvvj.exe PID 368 wrote to memory of 4508 368 ddddd.exe djvvj.exe PID 368 wrote to memory of 4508 368 ddddd.exe djvvj.exe PID 4508 wrote to memory of 2548 4508 djvvj.exe flxxflr.exe PID 4508 wrote to memory of 2548 4508 djvvj.exe flxxflr.exe PID 4508 wrote to memory of 2548 4508 djvvj.exe flxxflr.exe PID 2548 wrote to memory of 4752 2548 flxxflr.exe 7jjjj.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\b15b2e40bd5cd3b97098f4cf94e40210_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\b15b2e40bd5cd3b97098f4cf94e40210_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3900 -
\??\c:\rrrrlrx.exec:\rrrrlrx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3820 -
\??\c:\jpjvv.exec:\jpjvv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1560 -
\??\c:\5ttthn.exec:\5ttthn.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4020 -
\??\c:\vvvpj.exec:\vvvpj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4588 -
\??\c:\llxxxxx.exec:\llxxxxx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1468 -
\??\c:\rlrfxlr.exec:\rlrfxlr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1036 -
\??\c:\llllllf.exec:\llllllf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:336 -
\??\c:\thtthh.exec:\thtthh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1260 -
\??\c:\3jppp.exec:\3jppp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5104 -
\??\c:\pdvpd.exec:\pdvpd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1084 -
\??\c:\jvjpd.exec:\jvjpd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1352 -
\??\c:\nnnttb.exec:\nnnttb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4548 -
\??\c:\5htnnb.exec:\5htnnb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4772 -
\??\c:\ppddd.exec:\ppddd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4312 -
\??\c:\llllllr.exec:\llllllr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1240 -
\??\c:\7vpvj.exec:\7vpvj.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2096 -
\??\c:\7xfflxf.exec:\7xfflxf.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1064 -
\??\c:\jjvdp.exec:\jjvdp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4412 -
\??\c:\ddddd.exec:\ddddd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:368 -
\??\c:\djvvj.exec:\djvvj.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4508 -
\??\c:\flxxflr.exec:\flxxflr.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2548 -
\??\c:\7jjjj.exec:\7jjjj.exe23⤵
- Executes dropped EXE
PID:4752 -
\??\c:\rxxfxfr.exec:\rxxfxfr.exe24⤵
- Executes dropped EXE
PID:3880 -
\??\c:\vddjj.exec:\vddjj.exe25⤵
- Executes dropped EXE
PID:2872 -
\??\c:\fffllll.exec:\fffllll.exe26⤵
- Executes dropped EXE
PID:2936 -
\??\c:\vpjdd.exec:\vpjdd.exe27⤵
- Executes dropped EXE
PID:4296 -
\??\c:\jjpvd.exec:\jjpvd.exe28⤵
- Executes dropped EXE
PID:5108 -
\??\c:\llrfxxx.exec:\llrfxxx.exe29⤵
- Executes dropped EXE
PID:620 -
\??\c:\1vvjj.exec:\1vvjj.exe30⤵
- Executes dropped EXE
PID:2492 -
\??\c:\3rxlxxx.exec:\3rxlxxx.exe31⤵
- Executes dropped EXE
PID:1440 -
\??\c:\9hnnnt.exec:\9hnnnt.exe32⤵
- Executes dropped EXE
PID:4628 -
\??\c:\7lrllrx.exec:\7lrllrx.exe33⤵
- Executes dropped EXE
PID:4348 -
\??\c:\pjvvj.exec:\pjvvj.exe34⤵
- Executes dropped EXE
PID:4456 -
\??\c:\llxxlff.exec:\llxxlff.exe35⤵
- Executes dropped EXE
PID:3200 -
\??\c:\3tttnt.exec:\3tttnt.exe36⤵
- Executes dropped EXE
PID:1464 -
\??\c:\jdvjd.exec:\jdvjd.exe37⤵
- Executes dropped EXE
PID:5012 -
\??\c:\vjvvp.exec:\vjvvp.exe38⤵
- Executes dropped EXE
PID:1676 -
\??\c:\1xfxrrl.exec:\1xfxrrl.exe39⤵
- Executes dropped EXE
PID:2812 -
\??\c:\nththn.exec:\nththn.exe40⤵
- Executes dropped EXE
PID:1220 -
\??\c:\jvvpp.exec:\jvvpp.exe41⤵
- Executes dropped EXE
PID:4332 -
\??\c:\vjvvj.exec:\vjvvj.exe42⤵
- Executes dropped EXE
PID:3812 -
\??\c:\fxxlrxx.exec:\fxxlrxx.exe43⤵
- Executes dropped EXE
PID:4564 -
\??\c:\hnbtth.exec:\hnbtth.exe44⤵
- Executes dropped EXE
PID:4060 -
\??\c:\hthnbh.exec:\hthnbh.exe45⤵
- Executes dropped EXE
PID:2272 -
\??\c:\vjvdv.exec:\vjvdv.exe46⤵
- Executes dropped EXE
PID:3780 -
\??\c:\frxrxff.exec:\frxrxff.exe47⤵
- Executes dropped EXE
PID:3764 -
\??\c:\ttttnb.exec:\ttttnb.exe48⤵
- Executes dropped EXE
PID:4828 -
\??\c:\nbhhnt.exec:\nbhhnt.exe49⤵
- Executes dropped EXE
PID:1004 -
\??\c:\dpvjj.exec:\dpvjj.exe50⤵
- Executes dropped EXE
PID:1352 -
\??\c:\xflxxrr.exec:\xflxxrr.exe51⤵
- Executes dropped EXE
PID:4548 -
\??\c:\9lrxrrl.exec:\9lrxrrl.exe52⤵
- Executes dropped EXE
PID:2356 -
\??\c:\nnbhnn.exec:\nnbhnn.exe53⤵
- Executes dropped EXE
PID:4672 -
\??\c:\dpddv.exec:\dpddv.exe54⤵
- Executes dropped EXE
PID:4308 -
\??\c:\pjjdd.exec:\pjjdd.exe55⤵
- Executes dropped EXE
PID:1564 -
\??\c:\9flllll.exec:\9flllll.exe56⤵
- Executes dropped EXE
PID:2692 -
\??\c:\htbbbn.exec:\htbbbn.exe57⤵
- Executes dropped EXE
PID:4748 -
\??\c:\bhhnth.exec:\bhhnth.exe58⤵
- Executes dropped EXE
PID:4116 -
\??\c:\jjdvv.exec:\jjdvv.exe59⤵
- Executes dropped EXE
PID:4848 -
\??\c:\lrffflr.exec:\lrffflr.exe60⤵
- Executes dropped EXE
PID:4980 -
\??\c:\ttnhhh.exec:\ttnhhh.exe61⤵
- Executes dropped EXE
PID:3204 -
\??\c:\ntbntt.exec:\ntbntt.exe62⤵
- Executes dropped EXE
PID:744 -
\??\c:\jjvdj.exec:\jjvdj.exe63⤵
- Executes dropped EXE
PID:4508 -
\??\c:\btnttt.exec:\btnttt.exe64⤵
- Executes dropped EXE
PID:3740 -
\??\c:\ddjjj.exec:\ddjjj.exe65⤵
- Executes dropped EXE
PID:5040 -
\??\c:\llfffxr.exec:\llfffxr.exe66⤵PID:1484
-
\??\c:\dvppv.exec:\dvppv.exe67⤵PID:4300
-
\??\c:\djvpp.exec:\djvpp.exe68⤵PID:3388
-
\??\c:\flxrlfx.exec:\flxrlfx.exe69⤵PID:1472
-
\??\c:\bhttbb.exec:\bhttbb.exe70⤵PID:4036
-
\??\c:\3hbbtn.exec:\3hbbtn.exe71⤵PID:2592
-
\??\c:\vdjvp.exec:\vdjvp.exe72⤵PID:2600
-
\??\c:\frflxff.exec:\frflxff.exe73⤵PID:3116
-
\??\c:\tbtbnb.exec:\tbtbnb.exe74⤵PID:2492
-
\??\c:\pvjjj.exec:\pvjjj.exe75⤵PID:444
-
\??\c:\ppvpp.exec:\ppvpp.exe76⤵PID:4292
-
\??\c:\llrxrrx.exec:\llrxrrx.exe77⤵PID:4984
-
\??\c:\bhnnnn.exec:\bhnnnn.exe78⤵PID:508
-
\??\c:\vjppd.exec:\vjppd.exe79⤵PID:436
-
\??\c:\jvjjj.exec:\jvjjj.exe80⤵PID:4132
-
\??\c:\9xxxxxr.exec:\9xxxxxr.exe81⤵PID:3544
-
\??\c:\thntbb.exec:\thntbb.exe82⤵PID:3380
-
\??\c:\hhbttt.exec:\hhbttt.exe83⤵PID:4136
-
\??\c:\vvjjd.exec:\vvjjd.exe84⤵PID:2280
-
\??\c:\lrlllrr.exec:\lrlllrr.exe85⤵PID:1652
-
\??\c:\ntbnbb.exec:\ntbnbb.exe86⤵PID:4460
-
\??\c:\vvpjp.exec:\vvpjp.exe87⤵PID:3348
-
\??\c:\jdvpp.exec:\jdvpp.exe88⤵PID:1036
-
\??\c:\1flfffx.exec:\1flfffx.exe89⤵PID:4564
-
\??\c:\ttbttb.exec:\ttbttb.exe90⤵PID:4652
-
\??\c:\hnbbbt.exec:\hnbbbt.exe91⤵PID:2272
-
\??\c:\jvdvp.exec:\jvdvp.exe92⤵PID:3780
-
\??\c:\rxfffxr.exec:\rxfffxr.exe93⤵PID:3764
-
\??\c:\hnttnn.exec:\hnttnn.exe94⤵PID:4724
-
\??\c:\bhthbt.exec:\bhthbt.exe95⤵PID:4540
-
\??\c:\jpvpj.exec:\jpvpj.exe96⤵PID:4772
-
\??\c:\jdddv.exec:\jdddv.exe97⤵PID:2568
-
\??\c:\llrrxrr.exec:\llrrxrr.exe98⤵PID:5028
-
\??\c:\bhnhbt.exec:\bhnhbt.exe99⤵PID:2036
-
\??\c:\vppjv.exec:\vppjv.exe100⤵PID:4844
-
\??\c:\jvpjd.exec:\jvpjd.exe101⤵PID:224
-
\??\c:\lffxxxx.exec:\lffxxxx.exe102⤵PID:4712
-
\??\c:\hbhbbh.exec:\hbhbbh.exe103⤵PID:1936
-
\??\c:\vdpjj.exec:\vdpjj.exe104⤵PID:3968
-
\??\c:\3fllrrl.exec:\3fllrrl.exe105⤵PID:396
-
\??\c:\hbnbth.exec:\hbnbth.exe106⤵PID:3704
-
\??\c:\tbntnb.exec:\tbntnb.exe107⤵PID:1840
-
\??\c:\9vdvd.exec:\9vdvd.exe108⤵PID:4528
-
\??\c:\5fflflf.exec:\5fflflf.exe109⤵PID:3184
-
\??\c:\nhnhhh.exec:\nhnhhh.exe110⤵PID:3732
-
\??\c:\jdddv.exec:\jdddv.exe111⤵PID:3880
-
\??\c:\7xfxffx.exec:\7xfxffx.exe112⤵PID:2732
-
\??\c:\nhbbhh.exec:\nhbbhh.exe113⤵PID:772
-
\??\c:\1pvpp.exec:\1pvpp.exe114⤵PID:920
-
\??\c:\3flffrr.exec:\3flffrr.exe115⤵PID:2744
-
\??\c:\fxlxlxx.exec:\fxlxlxx.exe116⤵PID:4444
-
\??\c:\htbttn.exec:\htbttn.exe117⤵PID:1848
-
\??\c:\pvjdp.exec:\pvjdp.exe118⤵PID:620
-
\??\c:\9xlfxxx.exec:\9xlfxxx.exe119⤵PID:4388
-
\??\c:\xfxrrff.exec:\xfxrrff.exe120⤵PID:3384
-
\??\c:\bbbhnn.exec:\bbbhnn.exe121⤵PID:4764
-
\??\c:\3jvvd.exec:\3jvvd.exe122⤵PID:1712
-
\??\c:\frrlflf.exec:\frrlflf.exe123⤵PID:2632
-
\??\c:\frrxllf.exec:\frrxllf.exe124⤵PID:3912
-
\??\c:\bhnnnn.exec:\bhnnnn.exe125⤵PID:524
-
\??\c:\dvdvp.exec:\dvdvp.exe126⤵PID:3200
-
\??\c:\rrlfrxr.exec:\rrlfrxr.exe127⤵PID:4020
-
\??\c:\ttnbhh.exec:\ttnbhh.exe128⤵PID:2588
-
\??\c:\9jpjp.exec:\9jpjp.exe129⤵PID:2916
-
\??\c:\jppjd.exec:\jppjd.exe130⤵PID:4952
-
\??\c:\xxrxlxf.exec:\xxrxlxf.exe131⤵PID:1032
-
\??\c:\thbtnb.exec:\thbtnb.exe132⤵PID:2092
-
\??\c:\djdjd.exec:\djdjd.exe133⤵PID:3084
-
\??\c:\djppp.exec:\djppp.exe134⤵PID:3420
-
\??\c:\rrrrlxf.exec:\rrrrlxf.exe135⤵PID:4668
-
\??\c:\bntttb.exec:\bntttb.exe136⤵PID:2728
-
\??\c:\hbbbnn.exec:\hbbbnn.exe137⤵PID:2724
-
\??\c:\dvjjd.exec:\dvjjd.exe138⤵PID:3780
-
\??\c:\9xrlffx.exec:\9xrlffx.exe139⤵PID:3496
-
\??\c:\ntbtnh.exec:\ntbtnh.exe140⤵PID:1080
-
\??\c:\7hhbbb.exec:\7hhbbb.exe141⤵PID:2356
-
\??\c:\jdpdp.exec:\jdpdp.exe142⤵PID:2568
-
\??\c:\frfxrrr.exec:\frfxrrr.exe143⤵PID:3096
-
\??\c:\xrrlfxx.exec:\xrrlfxx.exe144⤵PID:5072
-
\??\c:\thtttt.exec:\thtttt.exe145⤵PID:900
-
\??\c:\pppjd.exec:\pppjd.exe146⤵PID:1504
-
\??\c:\lffxlll.exec:\lffxlll.exe147⤵PID:4164
-
\??\c:\fxfxxff.exec:\fxfxxff.exe148⤵PID:3128
-
\??\c:\hbhhtt.exec:\hbhhtt.exe149⤵PID:1616
-
\??\c:\ddjjj.exec:\ddjjj.exe150⤵PID:4980
-
\??\c:\3lfxxrr.exec:\3lfxxrr.exe151⤵PID:4360
-
\??\c:\xrfllll.exec:\xrfllll.exe152⤵PID:1972
-
\??\c:\jvpjv.exec:\jvpjv.exe153⤵PID:2548
-
\??\c:\lflrxlx.exec:\lflrxlx.exe154⤵PID:4028
-
\??\c:\xxfxrlx.exec:\xxfxrlx.exe155⤵PID:4832
-
\??\c:\bbbtbb.exec:\bbbtbb.exe156⤵PID:408
-
\??\c:\vpddp.exec:\vpddp.exe157⤵PID:888
-
\??\c:\rxllfxr.exec:\rxllfxr.exe158⤵PID:4296
-
\??\c:\lfrrffr.exec:\lfrrffr.exe159⤵PID:4572
-
\??\c:\ttthhh.exec:\ttthhh.exe160⤵PID:1848
-
\??\c:\pvjpv.exec:\pvjpv.exe161⤵PID:3232
-
\??\c:\rfllrrr.exec:\rfllrrr.exe162⤵PID:3116
-
\??\c:\7ttttb.exec:\7ttttb.exe163⤵PID:4440
-
\??\c:\9jdjv.exec:\9jdjv.exe164⤵PID:4628
-
\??\c:\pjvdd.exec:\pjvdd.exe165⤵PID:2456
-
\??\c:\1ffflrr.exec:\1ffflrr.exe166⤵PID:3164
-
\??\c:\hhtbhn.exec:\hhtbhn.exe167⤵PID:3372
-
\??\c:\jpddd.exec:\jpddd.exe168⤵PID:2880
-
\??\c:\vjvpp.exec:\vjvpp.exe169⤵PID:5012
-
\??\c:\rfrxxff.exec:\rfrxxff.exe170⤵PID:1676
-
\??\c:\btbbnn.exec:\btbbnn.exe171⤵PID:3596
-
\??\c:\jdjdp.exec:\jdjdp.exe172⤵PID:2996
-
\??\c:\fxxfrxl.exec:\fxxfrxl.exe173⤵PID:980
-
\??\c:\xfxrflr.exec:\xfxrflr.exe174⤵PID:460
-
\??\c:\tntbbh.exec:\tntbbh.exe175⤵PID:3348
-
\??\c:\vjpdd.exec:\vjpdd.exe176⤵PID:1036
-
\??\c:\rrflrxx.exec:\rrflrxx.exe177⤵PID:4744
-
\??\c:\3xxrrxr.exec:\3xxrrxr.exe178⤵PID:5104
-
\??\c:\hnbbtb.exec:\hnbbtb.exe179⤵PID:4516
-
\??\c:\vvvvv.exec:\vvvvv.exe180⤵PID:1080
-
\??\c:\djddj.exec:\djddj.exe181⤵PID:5028
-
\??\c:\7lfxrrl.exec:\7lfxrrl.exe182⤵PID:2568
-
\??\c:\1bhhnb.exec:\1bhhnb.exe183⤵PID:3096
-
\??\c:\pjvvd.exec:\pjvvd.exe184⤵PID:3076
-
\??\c:\pjdpp.exec:\pjdpp.exe185⤵PID:4612
-
\??\c:\lllrxfl.exec:\lllrxfl.exe186⤵PID:1504
-
\??\c:\5ttbhb.exec:\5ttbhb.exe187⤵PID:528
-
\??\c:\jjjpp.exec:\jjjpp.exe188⤵PID:3128
-
\??\c:\jjjdd.exec:\jjjdd.exe189⤵PID:1860
-
\??\c:\frxxffl.exec:\frxxffl.exe190⤵PID:8
-
\??\c:\bbnnnh.exec:\bbnnnh.exe191⤵PID:1368
-
\??\c:\pjvpp.exec:\pjvpp.exe192⤵PID:220
-
\??\c:\llxxxll.exec:\llxxxll.exe193⤵PID:2732
-
\??\c:\xxrlxxf.exec:\xxrlxxf.exe194⤵PID:2592
-
\??\c:\hbhbhn.exec:\hbhbhn.exe195⤵PID:1124
-
\??\c:\djvvd.exec:\djvvd.exe196⤵PID:3376
-
\??\c:\ffxxrxr.exec:\ffxxrxr.exe197⤵PID:4452
-
\??\c:\lrrfxff.exec:\lrrfxff.exe198⤵PID:4440
-
\??\c:\nnhbth.exec:\nnhbth.exe199⤵PID:4088
-
\??\c:\xfffflr.exec:\xfffflr.exe200⤵PID:668
-
\??\c:\fxlxxfl.exec:\fxlxxfl.exe201⤵PID:1560
-
\??\c:\9ttttb.exec:\9ttttb.exe202⤵PID:5012
-
\??\c:\dppvv.exec:\dppvv.exe203⤵PID:3568
-
\??\c:\5llfxxr.exec:\5llfxxr.exe204⤵PID:4136
-
\??\c:\tbhhbb.exec:\tbhhbb.exe205⤵PID:1468
-
\??\c:\bnhntb.exec:\bnhntb.exe206⤵PID:4344
-
\??\c:\ddppp.exec:\ddppp.exe207⤵PID:4552
-
\??\c:\rllxxff.exec:\rllxxff.exe208⤵PID:4580
-
\??\c:\3hhbbb.exec:\3hhbbb.exe209⤵PID:4724
-
\??\c:\vvvpj.exec:\vvvpj.exe210⤵PID:4548
-
\??\c:\7xxrrfx.exec:\7xxrrfx.exe211⤵PID:4540
-
\??\c:\hnnnhh.exec:\hnnnhh.exe212⤵PID:1904
-
\??\c:\vjvjj.exec:\vjvjj.exe213⤵PID:536
-
\??\c:\3rrlffx.exec:\3rrlffx.exe214⤵PID:1240
-
\??\c:\1rrrlll.exec:\1rrrlll.exe215⤵PID:2096
-
\??\c:\tnbttt.exec:\tnbttt.exe216⤵PID:2692
-
\??\c:\pjjdv.exec:\pjjdv.exe217⤵PID:4748
-
\??\c:\pjjdv.exec:\pjjdv.exe218⤵PID:2816
-
\??\c:\rfrrlfx.exec:\rfrrlfx.exe219⤵PID:2716
-
\??\c:\tttbhn.exec:\tttbhn.exe220⤵PID:3476
-
\??\c:\vvpjv.exec:\vvpjv.exe221⤵PID:4848
-
\??\c:\9pjdv.exec:\9pjdv.exe222⤵PID:3444
-
\??\c:\rxfxxrf.exec:\rxfxxrf.exe223⤵PID:1860
-
\??\c:\nhhbhb.exec:\nhhbhb.exe224⤵PID:876
-
\??\c:\hhhhbb.exec:\hhhhbb.exe225⤵PID:392
-
\??\c:\llrrrff.exec:\llrrrff.exe226⤵PID:4204
-
\??\c:\5bntnt.exec:\5bntnt.exe227⤵PID:2732
-
\??\c:\jdppp.exec:\jdppp.exe228⤵PID:4572
-
\??\c:\rrrrrxf.exec:\rrrrrxf.exe229⤵PID:2492
-
\??\c:\hhbtbb.exec:\hhbtbb.exe230⤵PID:3152
-
\??\c:\vjvvd.exec:\vjvvd.exe231⤵PID:4292
-
\??\c:\jjddd.exec:\jjddd.exe232⤵PID:4348
-
\??\c:\fxlllll.exec:\fxlllll.exe233⤵PID:2456
-
\??\c:\rlrrllf.exec:\rlrrllf.exe234⤵PID:4036
-
\??\c:\thtbhn.exec:\thtbhn.exe235⤵PID:4496
-
\??\c:\vjjjd.exec:\vjjjd.exe236⤵PID:4020
-
\??\c:\lrfxxxx.exec:\lrfxxxx.exe237⤵PID:4332
-
\??\c:\xxfffll.exec:\xxfffll.exe238⤵PID:4776
-
\??\c:\nnthhh.exec:\nnthhh.exe239⤵PID:2916
-
\??\c:\nnbntn.exec:\nnbntn.exe240⤵PID:3104
-
\??\c:\ppddd.exec:\ppddd.exe241⤵PID:4404
-
\??\c:\lrffflr.exec:\lrffflr.exe242⤵PID:1624