Analysis
-
max time kernel
149s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 13:25
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
cd3bfe7e6ed63cc4bfde434ed80c9fc0_NeikiAnalytics.exe
Resource
win7-20240508-en
5 signatures
150 seconds
General
-
Target
cd3bfe7e6ed63cc4bfde434ed80c9fc0_NeikiAnalytics.exe
-
Size
95KB
-
MD5
cd3bfe7e6ed63cc4bfde434ed80c9fc0
-
SHA1
61b1d05f79d37e12066ad7b69f113bf3ea80c5f0
-
SHA256
a975565ec9c53c2896a716d4e048d652384f7d3239cbe1744600be9b4a6ef6e2
-
SHA512
46cf3a0ff41b05503e0c7f559c917fe742fab3f92efb25b0e081ac0a8a33e11084adce249b71628f394c9aa66b4bac07908578b136612ae98d988c2287bf67bf
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIkpi+qP1hvZo66Ox4oq2SQwfTQL:ymb3NkkiQ3mdBjFIj+qNhvZuHQY0L
Malware Config
Signatures
-
Detect Blackmoon payload 25 IoCs
resource yara_rule behavioral2/memory/4016-3-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2388-11-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2224-17-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2472-27-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3640-32-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4560-39-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2792-47-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1380-54-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2308-60-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3200-72-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3220-82-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3328-88-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2400-94-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1688-100-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2084-106-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4612-113-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4896-118-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3052-130-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/404-142-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3880-148-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2516-154-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1988-166-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4288-172-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3180-178-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2704-183-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 2388 1llllll.exe 2224 tbhhbh.exe 2472 tttttt.exe 3640 xfrrlll.exe 4560 thtbbb.exe 2792 dvdjj.exe 1380 flxxrxx.exe 2308 xrffffr.exe 968 fxfxxxx.exe 3200 hntbbh.exe 3220 ppvvv.exe 3328 9xxlxff.exe 2400 tnhbtt.exe 1688 tnttbb.exe 2084 frlfrlx.exe 4612 5hnhhn.exe 4896 9ttnhh.exe 2808 jdvjv.exe 3052 xfrlflf.exe 4648 nhhhbh.exe 404 jvvvp.exe 3880 ffffrrf.exe 2516 flflfrr.exe 708 bthhnh.exe 1988 3jddj.exe 4288 5fflfff.exe 3180 hbnnhn.exe 2704 vpppd.exe 552 vvppj.exe 1532 5lflxll.exe 976 bnbntb.exe 2864 nnttnn.exe 1596 5dpvv.exe 5100 9dvpj.exe 764 xrrrlrx.exe 1300 frrxrrf.exe 4320 hbnnnn.exe 3104 ddddp.exe 4016 1vjpd.exe 2832 xrxrfff.exe 3040 rxfrrxx.exe 3904 tnhhhh.exe 1076 vvjvj.exe 1428 vvvvj.exe 4516 xxxfxfl.exe 4560 rfllrrr.exe 1380 3hhnhh.exe 1712 vjvvj.exe 4360 vvppj.exe 792 7xfrxll.exe 3840 xlxxxll.exe 3368 nbtnhh.exe 3376 hnttbn.exe 5032 djjdd.exe 3920 lxrrrxx.exe 4108 llrrrxf.exe 2500 bnntnt.exe 4576 nntbbh.exe 4544 9vdpp.exe 3008 jjpjj.exe 4896 llrlfrr.exe 3448 lrllrxx.exe 2188 nhnnhn.exe 884 tthhtb.exe -
resource yara_rule behavioral2/memory/4016-3-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2388-11-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2472-24-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2224-17-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2472-27-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3640-32-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4560-39-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2792-47-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1380-54-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2308-60-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3200-72-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3220-82-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3328-88-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2400-94-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1688-100-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2084-106-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4612-113-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4896-118-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3052-130-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/404-142-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3880-148-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2516-154-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1988-166-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4288-172-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3180-178-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2704-183-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4016 wrote to memory of 2388 4016 cd3bfe7e6ed63cc4bfde434ed80c9fc0_NeikiAnalytics.exe 84 PID 4016 wrote to memory of 2388 4016 cd3bfe7e6ed63cc4bfde434ed80c9fc0_NeikiAnalytics.exe 84 PID 4016 wrote to memory of 2388 4016 cd3bfe7e6ed63cc4bfde434ed80c9fc0_NeikiAnalytics.exe 84 PID 2388 wrote to memory of 2224 2388 1llllll.exe 85 PID 2388 wrote to memory of 2224 2388 1llllll.exe 85 PID 2388 wrote to memory of 2224 2388 1llllll.exe 85 PID 2224 wrote to memory of 2472 2224 tbhhbh.exe 86 PID 2224 wrote to memory of 2472 2224 tbhhbh.exe 86 PID 2224 wrote to memory of 2472 2224 tbhhbh.exe 86 PID 2472 wrote to memory of 3640 2472 tttttt.exe 87 PID 2472 wrote to memory of 3640 2472 tttttt.exe 87 PID 2472 wrote to memory of 3640 2472 tttttt.exe 87 PID 3640 wrote to memory of 4560 3640 xfrrlll.exe 88 PID 3640 wrote to memory of 4560 3640 xfrrlll.exe 88 PID 3640 wrote to memory of 4560 3640 xfrrlll.exe 88 PID 4560 wrote to memory of 2792 4560 thtbbb.exe 89 PID 4560 wrote to memory of 2792 4560 thtbbb.exe 89 PID 4560 wrote to memory of 2792 4560 thtbbb.exe 89 PID 2792 wrote to memory of 1380 2792 dvdjj.exe 90 PID 2792 wrote to memory of 1380 2792 dvdjj.exe 90 PID 2792 wrote to memory of 1380 2792 dvdjj.exe 90 PID 1380 wrote to memory of 2308 1380 flxxrxx.exe 91 PID 1380 wrote to memory of 2308 1380 flxxrxx.exe 91 PID 1380 wrote to memory of 2308 1380 flxxrxx.exe 91 PID 2308 wrote to memory of 968 2308 xrffffr.exe 92 PID 2308 wrote to memory of 968 2308 xrffffr.exe 92 PID 2308 wrote to memory of 968 2308 xrffffr.exe 92 PID 968 wrote to memory of 3200 968 fxfxxxx.exe 93 PID 968 wrote to memory of 3200 968 fxfxxxx.exe 93 PID 968 wrote to memory of 3200 968 fxfxxxx.exe 93 PID 3200 wrote to memory of 3220 3200 hntbbh.exe 94 PID 3200 wrote to memory of 3220 3200 hntbbh.exe 94 PID 3200 wrote to memory of 3220 3200 hntbbh.exe 94 PID 3220 wrote to memory of 3328 3220 ppvvv.exe 95 PID 3220 wrote to memory of 3328 3220 ppvvv.exe 95 PID 3220 wrote to memory of 3328 3220 ppvvv.exe 95 PID 3328 wrote to memory of 2400 3328 9xxlxff.exe 96 PID 3328 wrote to memory of 2400 3328 9xxlxff.exe 96 PID 3328 wrote to memory of 2400 3328 9xxlxff.exe 96 PID 2400 wrote to memory of 1688 2400 tnhbtt.exe 97 PID 2400 wrote to memory of 1688 2400 tnhbtt.exe 97 PID 2400 wrote to memory of 1688 2400 tnhbtt.exe 97 PID 1688 wrote to memory of 2084 1688 tnttbb.exe 98 PID 1688 wrote to memory of 2084 1688 tnttbb.exe 98 PID 1688 wrote to memory of 2084 1688 tnttbb.exe 98 PID 2084 wrote to memory of 4612 2084 frlfrlx.exe 99 PID 2084 wrote to memory of 4612 2084 frlfrlx.exe 99 PID 2084 wrote to memory of 4612 2084 frlfrlx.exe 99 PID 4612 wrote to memory of 4896 4612 5hnhhn.exe 100 PID 4612 wrote to memory of 4896 4612 5hnhhn.exe 100 PID 4612 wrote to memory of 4896 4612 5hnhhn.exe 100 PID 4896 wrote to memory of 2808 4896 9ttnhh.exe 102 PID 4896 wrote to memory of 2808 4896 9ttnhh.exe 102 PID 4896 wrote to memory of 2808 4896 9ttnhh.exe 102 PID 2808 wrote to memory of 3052 2808 jdvjv.exe 103 PID 2808 wrote to memory of 3052 2808 jdvjv.exe 103 PID 2808 wrote to memory of 3052 2808 jdvjv.exe 103 PID 3052 wrote to memory of 4648 3052 xfrlflf.exe 104 PID 3052 wrote to memory of 4648 3052 xfrlflf.exe 104 PID 3052 wrote to memory of 4648 3052 xfrlflf.exe 104 PID 4648 wrote to memory of 404 4648 nhhhbh.exe 105 PID 4648 wrote to memory of 404 4648 nhhhbh.exe 105 PID 4648 wrote to memory of 404 4648 nhhhbh.exe 105 PID 404 wrote to memory of 3880 404 jvvvp.exe 106
Processes
-
C:\Users\Admin\AppData\Local\Temp\cd3bfe7e6ed63cc4bfde434ed80c9fc0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cd3bfe7e6ed63cc4bfde434ed80c9fc0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4016 -
\??\c:\1llllll.exec:\1llllll.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2388 -
\??\c:\tbhhbh.exec:\tbhhbh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2224 -
\??\c:\tttttt.exec:\tttttt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2472 -
\??\c:\xfrrlll.exec:\xfrrlll.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3640 -
\??\c:\thtbbb.exec:\thtbbb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4560 -
\??\c:\dvdjj.exec:\dvdjj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2792 -
\??\c:\flxxrxx.exec:\flxxrxx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1380 -
\??\c:\xrffffr.exec:\xrffffr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2308 -
\??\c:\fxfxxxx.exec:\fxfxxxx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:968 -
\??\c:\hntbbh.exec:\hntbbh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3200 -
\??\c:\ppvvv.exec:\ppvvv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3220 -
\??\c:\9xxlxff.exec:\9xxlxff.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3328 -
\??\c:\tnhbtt.exec:\tnhbtt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2400 -
\??\c:\tnttbb.exec:\tnttbb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1688 -
\??\c:\frlfrlx.exec:\frlfrlx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2084 -
\??\c:\5hnhhn.exec:\5hnhhn.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4612 -
\??\c:\9ttnhh.exec:\9ttnhh.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4896 -
\??\c:\jdvjv.exec:\jdvjv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2808 -
\??\c:\xfrlflf.exec:\xfrlflf.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3052 -
\??\c:\nhhhbh.exec:\nhhhbh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4648 -
\??\c:\jvvvp.exec:\jvvvp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:404 -
\??\c:\ffffrrf.exec:\ffffrrf.exe23⤵
- Executes dropped EXE
PID:3880 -
\??\c:\flflfrr.exec:\flflfrr.exe24⤵
- Executes dropped EXE
PID:2516 -
\??\c:\bthhnh.exec:\bthhnh.exe25⤵
- Executes dropped EXE
PID:708 -
\??\c:\3jddj.exec:\3jddj.exe26⤵
- Executes dropped EXE
PID:1988 -
\??\c:\5fflfff.exec:\5fflfff.exe27⤵
- Executes dropped EXE
PID:4288 -
\??\c:\hbnnhn.exec:\hbnnhn.exe28⤵
- Executes dropped EXE
PID:3180 -
\??\c:\vpppd.exec:\vpppd.exe29⤵
- Executes dropped EXE
PID:2704 -
\??\c:\vvppj.exec:\vvppj.exe30⤵
- Executes dropped EXE
PID:552 -
\??\c:\5lflxll.exec:\5lflxll.exe31⤵
- Executes dropped EXE
PID:1532 -
\??\c:\bnbntb.exec:\bnbntb.exe32⤵
- Executes dropped EXE
PID:976 -
\??\c:\nnttnn.exec:\nnttnn.exe33⤵
- Executes dropped EXE
PID:2864 -
\??\c:\5dpvv.exec:\5dpvv.exe34⤵
- Executes dropped EXE
PID:1596 -
\??\c:\9dvpj.exec:\9dvpj.exe35⤵
- Executes dropped EXE
PID:5100 -
\??\c:\xrrrlrx.exec:\xrrrlrx.exe36⤵
- Executes dropped EXE
PID:764 -
\??\c:\frrxrrf.exec:\frrxrrf.exe37⤵
- Executes dropped EXE
PID:1300 -
\??\c:\hbnnnn.exec:\hbnnnn.exe38⤵
- Executes dropped EXE
PID:4320 -
\??\c:\ddddp.exec:\ddddp.exe39⤵
- Executes dropped EXE
PID:3104 -
\??\c:\1vjpd.exec:\1vjpd.exe40⤵
- Executes dropped EXE
PID:4016 -
\??\c:\xrxrfff.exec:\xrxrfff.exe41⤵
- Executes dropped EXE
PID:2832 -
\??\c:\rxfrrxx.exec:\rxfrrxx.exe42⤵
- Executes dropped EXE
PID:3040 -
\??\c:\tnhhhh.exec:\tnhhhh.exe43⤵
- Executes dropped EXE
PID:3904 -
\??\c:\vvjvj.exec:\vvjvj.exe44⤵
- Executes dropped EXE
PID:1076 -
\??\c:\vvvvj.exec:\vvvvj.exe45⤵
- Executes dropped EXE
PID:1428 -
\??\c:\xxxfxfl.exec:\xxxfxfl.exe46⤵
- Executes dropped EXE
PID:4516 -
\??\c:\rfllrrr.exec:\rfllrrr.exe47⤵
- Executes dropped EXE
PID:4560 -
\??\c:\3hhnhh.exec:\3hhnhh.exe48⤵
- Executes dropped EXE
PID:1380 -
\??\c:\vjvvj.exec:\vjvvj.exe49⤵
- Executes dropped EXE
PID:1712 -
\??\c:\vvppj.exec:\vvppj.exe50⤵
- Executes dropped EXE
PID:4360 -
\??\c:\7xfrxll.exec:\7xfrxll.exe51⤵
- Executes dropped EXE
PID:792 -
\??\c:\xlxxxll.exec:\xlxxxll.exe52⤵
- Executes dropped EXE
PID:3840 -
\??\c:\nbtnhh.exec:\nbtnhh.exe53⤵
- Executes dropped EXE
PID:3368 -
\??\c:\hnttbn.exec:\hnttbn.exe54⤵
- Executes dropped EXE
PID:3376 -
\??\c:\djjdd.exec:\djjdd.exe55⤵
- Executes dropped EXE
PID:5032 -
\??\c:\lxrrrxx.exec:\lxrrrxx.exe56⤵
- Executes dropped EXE
PID:3920 -
\??\c:\llrrrxf.exec:\llrrrxf.exe57⤵
- Executes dropped EXE
PID:4108 -
\??\c:\bnntnt.exec:\bnntnt.exe58⤵
- Executes dropped EXE
PID:2500 -
\??\c:\nntbbh.exec:\nntbbh.exe59⤵
- Executes dropped EXE
PID:4576 -
\??\c:\9vdpp.exec:\9vdpp.exe60⤵
- Executes dropped EXE
PID:4544 -
\??\c:\jjpjj.exec:\jjpjj.exe61⤵
- Executes dropped EXE
PID:3008 -
\??\c:\llrlfrr.exec:\llrlfrr.exe62⤵
- Executes dropped EXE
PID:4896 -
\??\c:\lrllrxx.exec:\lrllrxx.exe63⤵
- Executes dropped EXE
PID:3448 -
\??\c:\nhnnhn.exec:\nhnnhn.exe64⤵
- Executes dropped EXE
PID:2188 -
\??\c:\tthhtb.exec:\tthhtb.exe65⤵
- Executes dropped EXE
PID:884 -
\??\c:\vpvvv.exec:\vpvvv.exe66⤵PID:4272
-
\??\c:\vjvvp.exec:\vjvvp.exe67⤵PID:404
-
\??\c:\rllllrr.exec:\rllllrr.exe68⤵PID:1648
-
\??\c:\rrxfffl.exec:\rrxfffl.exe69⤵PID:4308
-
\??\c:\nhnhnn.exec:\nhnhnn.exe70⤵PID:3464
-
\??\c:\bbbbhh.exec:\bbbbhh.exe71⤵PID:3944
-
\??\c:\dpjjj.exec:\dpjjj.exe72⤵PID:2180
-
\??\c:\rxffxrl.exec:\rxffxrl.exe73⤵PID:2892
-
\??\c:\flrfrlf.exec:\flrfrlf.exe74⤵PID:4660
-
\??\c:\bnbhht.exec:\bnbhht.exe75⤵PID:2476
-
\??\c:\dpvvd.exec:\dpvvd.exe76⤵PID:4336
-
\??\c:\jdddv.exec:\jdddv.exe77⤵PID:2704
-
\??\c:\ffxfflr.exec:\ffxfflr.exe78⤵PID:552
-
\??\c:\nbnnnn.exec:\nbnnnn.exe79⤵PID:2548
-
\??\c:\vvvvp.exec:\vvvvp.exe80⤵PID:3012
-
\??\c:\djvvd.exec:\djvvd.exe81⤵PID:3632
-
\??\c:\lxlrfxr.exec:\lxlrfxr.exe82⤵PID:1844
-
\??\c:\ntttnn.exec:\ntttnn.exe83⤵PID:744
-
\??\c:\nhhbbb.exec:\nhhbbb.exe84⤵PID:1776
-
\??\c:\5vdvp.exec:\5vdvp.exe85⤵PID:4316
-
\??\c:\xffrllf.exec:\xffrllf.exe86⤵PID:2676
-
\??\c:\xrrfffx.exec:\xrrfffx.exe87⤵PID:4332
-
\??\c:\hhnbtn.exec:\hhnbtn.exe88⤵PID:3272
-
\??\c:\jpvdd.exec:\jpvdd.exe89⤵PID:4956
-
\??\c:\djjdj.exec:\djjdj.exe90⤵PID:836
-
\??\c:\frlrfrx.exec:\frlrfrx.exe91⤵PID:740
-
\??\c:\ppvpp.exec:\ppvpp.exe92⤵PID:4064
-
\??\c:\pjjjj.exec:\pjjjj.exe93⤵PID:4752
-
\??\c:\fxrlfff.exec:\fxrlfff.exe94⤵PID:3252
-
\??\c:\nhhbtt.exec:\nhhbtt.exe95⤵PID:2792
-
\??\c:\vjvvj.exec:\vjvvj.exe96⤵PID:2408
-
\??\c:\pjpjp.exec:\pjpjp.exe97⤵PID:3892
-
\??\c:\fxrlllf.exec:\fxrlllf.exe98⤵PID:2232
-
\??\c:\tttttt.exec:\tttttt.exe99⤵PID:4920
-
\??\c:\bhhnbb.exec:\bhhnbb.exe100⤵PID:3060
-
\??\c:\jjvpp.exec:\jjvpp.exe101⤵PID:3552
-
\??\c:\jjjjd.exec:\jjjjd.exe102⤵PID:996
-
\??\c:\ffffllr.exec:\ffffllr.exe103⤵PID:3952
-
\??\c:\fflrlfr.exec:\fflrlfr.exe104⤵PID:1472
-
\??\c:\hbbbtb.exec:\hbbbtb.exe105⤵PID:516
-
\??\c:\dpvpj.exec:\dpvpj.exe106⤵PID:2496
-
\??\c:\rlxffxx.exec:\rlxffxx.exe107⤵PID:4904
-
\??\c:\bhhhbh.exec:\bhhhbh.exe108⤵PID:656
-
\??\c:\7pvvp.exec:\7pvvp.exe109⤵PID:4528
-
\??\c:\jdvpj.exec:\jdvpj.exe110⤵PID:3068
-
\??\c:\xrlllll.exec:\xrlllll.exe111⤵PID:3800
-
\??\c:\btnnhh.exec:\btnnhh.exe112⤵PID:2944
-
\??\c:\thhbtn.exec:\thhbtn.exe113⤵PID:3984
-
\??\c:\3frrlff.exec:\3frrlff.exe114⤵PID:4400
-
\??\c:\xxrlffx.exec:\xxrlffx.exe115⤵PID:4936
-
\??\c:\hbttht.exec:\hbttht.exe116⤵PID:2504
-
\??\c:\3dvpd.exec:\3dvpd.exe117⤵PID:1552
-
\??\c:\pvvpd.exec:\pvvpd.exe118⤵PID:708
-
\??\c:\1rxflxl.exec:\1rxflxl.exe119⤵PID:3944
-
\??\c:\xrxfffl.exec:\xrxfffl.exe120⤵PID:3488
-
\??\c:\5tnnhh.exec:\5tnnhh.exe121⤵PID:3604
-
\??\c:\7lrrlll.exec:\7lrrlll.exe122⤵PID:3032
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-