Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240611-en -
resource tags
arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system -
submitted
21-06-2024 05:37
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
436347d1b49546a36192a174af200d7deea903a70eebfab72e2632643c4f76b7_NeikiAnalytics.exe
Resource
win7-20240508-en
5 signatures
150 seconds
General
-
Target
436347d1b49546a36192a174af200d7deea903a70eebfab72e2632643c4f76b7_NeikiAnalytics.exe
-
Size
259KB
-
MD5
4d2a3d7ce63946a79e384d1f1c891600
-
SHA1
2c5ffb38be8da2d071e9887701f8f0a376a75093
-
SHA256
436347d1b49546a36192a174af200d7deea903a70eebfab72e2632643c4f76b7
-
SHA512
577c1a63bdd7b2c6de3a1f79deee3d4aa599af77a1cb0d8330e78e2bfb7ce0589f149fa1bcc3319921d7895a2f8ee99d4e7283200129f64765fff0a313b77f8b
-
SSDEEP
6144:n3C9BRo7tvnJ9Fywhk/T4i37K3BoKg0qe:n3C9ytvn8whkb4i3e3GF/e
Malware Config
Signatures
-
Detect Blackmoon payload 22 IoCs
Processes:
resource yara_rule behavioral2/memory/3576-4-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4232-18-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5024-24-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1600-38-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4808-45-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/868-52-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2008-60-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1048-66-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3192-74-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1572-83-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3656-89-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5092-95-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3312-109-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4628-114-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2220-124-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1040-143-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1884-148-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4448-167-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1404-174-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2544-178-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3084-196-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4340-203-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
Processes:
hnbnhh.exejvvjj.exexlfxxrr.exe1bntnn.exepjddv.exerlllrrx.exe1tnnhh.exelflfffx.exebhhhbb.exejjpjd.exexfllffx.exebnbtnh.exepjjjv.exeffrlxxr.exe7pjdd.exe3pddv.exelffffff.exethbbbh.exeppvpp.exerrrlfff.exe9nnnhb.exejdpjp.exelxxffxf.exebhbbbn.exettnbbh.exedvjpj.exelxxrfxr.exebnnnhn.exe1jdvv.exehtbtnn.exedvpdp.exehtnttt.exennhntt.exevdppp.exelfflllf.exelflxfxx.exebnhhbh.exe1jjdv.exetttnbb.exejdvpj.exexxrrlll.exefrxxffr.exehhttbt.exedvjvv.exexlxxfrr.exefllfxxr.exedpdjp.exevppjj.exerrffflr.exe5htnnn.exethtnnn.exepvjjj.exeflllfff.exennhbtt.exejjjjj.exedpjdd.exelxlllxx.exepdpjd.exe7djdj.exelllrrrr.exenbnhhn.exebbhnnb.exevjdvd.exerrlflfx.exepid process 2296 hnbnhh.exe 4232 jvvjj.exe 5024 xlfxxrr.exe 3436 1bntnn.exe 1600 pjddv.exe 4808 rlllrrx.exe 868 1tnnhh.exe 2008 lflfffx.exe 1048 bhhhbb.exe 3192 jjpjd.exe 1572 xfllffx.exe 3656 bnbtnh.exe 5092 pjjjv.exe 4056 ffrlxxr.exe 3312 7pjdd.exe 4628 3pddv.exe 4548 lffffff.exe 2220 thbbbh.exe 4916 ppvpp.exe 2576 rrrlfff.exe 1040 9nnnhb.exe 1884 jdpjp.exe 436 lxxffxf.exe 3244 bhbbbn.exe 4448 ttnbbh.exe 1404 dvjpj.exe 2544 lxxrfxr.exe 1860 bnnnhn.exe 1772 1jdvv.exe 3084 htbtnn.exe 4340 dvpdp.exe 3224 htnttt.exe 5000 nnhntt.exe 2384 vdppp.exe 4596 lfflllf.exe 4880 lflxfxx.exe 4492 bnhhbh.exe 3368 1jjdv.exe 1536 tttnbb.exe 1716 jdvpj.exe 3180 xxrrlll.exe 4952 frxxffr.exe 5024 hhttbt.exe 3876 dvjvv.exe 3652 xlxxfrr.exe 1600 fllfxxr.exe 332 dpdjp.exe 60 vppjj.exe 396 rrffflr.exe 2084 5htnnn.exe 3776 thtnnn.exe 4908 pvjjj.exe 3956 flllfff.exe 4044 nnhbtt.exe 2624 jjjjj.exe 2980 dpjdd.exe 3492 lxlllxx.exe 4928 pdpjd.exe 3212 7djdj.exe 5068 lllrrrr.exe 4904 nbnhhn.exe 2060 bbhnnb.exe 2952 vjdvd.exe 2428 rrlflfx.exe -
Processes:
resource yara_rule behavioral2/memory/3576-4-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2296-10-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4232-18-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5024-24-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1600-38-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4808-45-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/868-52-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2008-60-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1048-66-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3192-74-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1572-83-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3656-89-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5092-95-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3312-109-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4628-114-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2220-124-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1040-143-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1884-148-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4448-167-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1404-174-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2544-178-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3084-196-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4340-203-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
436347d1b49546a36192a174af200d7deea903a70eebfab72e2632643c4f76b7_NeikiAnalytics.exehnbnhh.exejvvjj.exexlfxxrr.exe1bntnn.exepjddv.exerlllrrx.exe1tnnhh.exelflfffx.exebhhhbb.exejjpjd.exexfllffx.exebnbtnh.exepjjjv.exeffrlxxr.exe7pjdd.exe3pddv.exelffffff.exethbbbh.exeppvpp.exerrrlfff.exe9nnnhb.exedescription pid process target process PID 3576 wrote to memory of 2296 3576 436347d1b49546a36192a174af200d7deea903a70eebfab72e2632643c4f76b7_NeikiAnalytics.exe hnbnhh.exe PID 3576 wrote to memory of 2296 3576 436347d1b49546a36192a174af200d7deea903a70eebfab72e2632643c4f76b7_NeikiAnalytics.exe hnbnhh.exe PID 3576 wrote to memory of 2296 3576 436347d1b49546a36192a174af200d7deea903a70eebfab72e2632643c4f76b7_NeikiAnalytics.exe hnbnhh.exe PID 2296 wrote to memory of 4232 2296 hnbnhh.exe jvvjj.exe PID 2296 wrote to memory of 4232 2296 hnbnhh.exe jvvjj.exe PID 2296 wrote to memory of 4232 2296 hnbnhh.exe jvvjj.exe PID 4232 wrote to memory of 5024 4232 jvvjj.exe xlfxxrr.exe PID 4232 wrote to memory of 5024 4232 jvvjj.exe xlfxxrr.exe PID 4232 wrote to memory of 5024 4232 jvvjj.exe xlfxxrr.exe PID 5024 wrote to memory of 3436 5024 xlfxxrr.exe 1bntnn.exe PID 5024 wrote to memory of 3436 5024 xlfxxrr.exe 1bntnn.exe PID 5024 wrote to memory of 3436 5024 xlfxxrr.exe 1bntnn.exe PID 3436 wrote to memory of 1600 3436 1bntnn.exe pjddv.exe PID 3436 wrote to memory of 1600 3436 1bntnn.exe pjddv.exe PID 3436 wrote to memory of 1600 3436 1bntnn.exe pjddv.exe PID 1600 wrote to memory of 4808 1600 pjddv.exe rlllrrx.exe PID 1600 wrote to memory of 4808 1600 pjddv.exe rlllrrx.exe PID 1600 wrote to memory of 4808 1600 pjddv.exe rlllrrx.exe PID 4808 wrote to memory of 868 4808 rlllrrx.exe 1tnnhh.exe PID 4808 wrote to memory of 868 4808 rlllrrx.exe 1tnnhh.exe PID 4808 wrote to memory of 868 4808 rlllrrx.exe 1tnnhh.exe PID 868 wrote to memory of 2008 868 1tnnhh.exe lflfffx.exe PID 868 wrote to memory of 2008 868 1tnnhh.exe lflfffx.exe PID 868 wrote to memory of 2008 868 1tnnhh.exe lflfffx.exe PID 2008 wrote to memory of 1048 2008 lflfffx.exe bhhhbb.exe PID 2008 wrote to memory of 1048 2008 lflfffx.exe bhhhbb.exe PID 2008 wrote to memory of 1048 2008 lflfffx.exe bhhhbb.exe PID 1048 wrote to memory of 3192 1048 bhhhbb.exe jjpjd.exe PID 1048 wrote to memory of 3192 1048 bhhhbb.exe jjpjd.exe PID 1048 wrote to memory of 3192 1048 bhhhbb.exe jjpjd.exe PID 3192 wrote to memory of 1572 3192 jjpjd.exe xfllffx.exe PID 3192 wrote to memory of 1572 3192 jjpjd.exe xfllffx.exe PID 3192 wrote to memory of 1572 3192 jjpjd.exe xfllffx.exe PID 1572 wrote to memory of 3656 1572 xfllffx.exe bnbtnh.exe PID 1572 wrote to memory of 3656 1572 xfllffx.exe bnbtnh.exe PID 1572 wrote to memory of 3656 1572 xfllffx.exe bnbtnh.exe PID 3656 wrote to memory of 5092 3656 bnbtnh.exe pjjjv.exe PID 3656 wrote to memory of 5092 3656 bnbtnh.exe pjjjv.exe PID 3656 wrote to memory of 5092 3656 bnbtnh.exe pjjjv.exe PID 5092 wrote to memory of 4056 5092 pjjjv.exe ffrlxxr.exe PID 5092 wrote to memory of 4056 5092 pjjjv.exe ffrlxxr.exe PID 5092 wrote to memory of 4056 5092 pjjjv.exe ffrlxxr.exe PID 4056 wrote to memory of 3312 4056 ffrlxxr.exe 7pjdd.exe PID 4056 wrote to memory of 3312 4056 ffrlxxr.exe 7pjdd.exe PID 4056 wrote to memory of 3312 4056 ffrlxxr.exe 7pjdd.exe PID 3312 wrote to memory of 4628 3312 7pjdd.exe 3pddv.exe PID 3312 wrote to memory of 4628 3312 7pjdd.exe 3pddv.exe PID 3312 wrote to memory of 4628 3312 7pjdd.exe 3pddv.exe PID 4628 wrote to memory of 4548 4628 3pddv.exe lffffff.exe PID 4628 wrote to memory of 4548 4628 3pddv.exe lffffff.exe PID 4628 wrote to memory of 4548 4628 3pddv.exe lffffff.exe PID 4548 wrote to memory of 2220 4548 lffffff.exe thbbbh.exe PID 4548 wrote to memory of 2220 4548 lffffff.exe thbbbh.exe PID 4548 wrote to memory of 2220 4548 lffffff.exe thbbbh.exe PID 2220 wrote to memory of 4916 2220 thbbbh.exe ppvpp.exe PID 2220 wrote to memory of 4916 2220 thbbbh.exe ppvpp.exe PID 2220 wrote to memory of 4916 2220 thbbbh.exe ppvpp.exe PID 4916 wrote to memory of 2576 4916 ppvpp.exe rrrlfff.exe PID 4916 wrote to memory of 2576 4916 ppvpp.exe rrrlfff.exe PID 4916 wrote to memory of 2576 4916 ppvpp.exe rrrlfff.exe PID 2576 wrote to memory of 1040 2576 rrrlfff.exe 9nnnhb.exe PID 2576 wrote to memory of 1040 2576 rrrlfff.exe 9nnnhb.exe PID 2576 wrote to memory of 1040 2576 rrrlfff.exe 9nnnhb.exe PID 1040 wrote to memory of 1884 1040 9nnnhb.exe jdpjp.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\436347d1b49546a36192a174af200d7deea903a70eebfab72e2632643c4f76b7_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\436347d1b49546a36192a174af200d7deea903a70eebfab72e2632643c4f76b7_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3576 -
\??\c:\hnbnhh.exec:\hnbnhh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2296 -
\??\c:\jvvjj.exec:\jvvjj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4232 -
\??\c:\xlfxxrr.exec:\xlfxxrr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5024 -
\??\c:\1bntnn.exec:\1bntnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3436 -
\??\c:\pjddv.exec:\pjddv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1600 -
\??\c:\rlllrrx.exec:\rlllrrx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4808 -
\??\c:\1tnnhh.exec:\1tnnhh.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:868 -
\??\c:\lflfffx.exec:\lflfffx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2008 -
\??\c:\bhhhbb.exec:\bhhhbb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1048 -
\??\c:\jjpjd.exec:\jjpjd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3192 -
\??\c:\xfllffx.exec:\xfllffx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1572 -
\??\c:\bnbtnh.exec:\bnbtnh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3656 -
\??\c:\pjjjv.exec:\pjjjv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5092 -
\??\c:\ffrlxxr.exec:\ffrlxxr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4056 -
\??\c:\7pjdd.exec:\7pjdd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3312 -
\??\c:\3pddv.exec:\3pddv.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4628 -
\??\c:\lffffff.exec:\lffffff.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4548 -
\??\c:\thbbbh.exec:\thbbbh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2220 -
\??\c:\ppvpp.exec:\ppvpp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4916 -
\??\c:\rrrlfff.exec:\rrrlfff.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2576 -
\??\c:\9nnnhb.exec:\9nnnhb.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1040 -
\??\c:\jdpjp.exec:\jdpjp.exe23⤵
- Executes dropped EXE
PID:1884 -
\??\c:\lxxffxf.exec:\lxxffxf.exe24⤵
- Executes dropped EXE
PID:436 -
\??\c:\bhbbbn.exec:\bhbbbn.exe25⤵
- Executes dropped EXE
PID:3244 -
\??\c:\ttnbbh.exec:\ttnbbh.exe26⤵
- Executes dropped EXE
PID:4448 -
\??\c:\dvjpj.exec:\dvjpj.exe27⤵
- Executes dropped EXE
PID:1404 -
\??\c:\lxxrfxr.exec:\lxxrfxr.exe28⤵
- Executes dropped EXE
PID:2544 -
\??\c:\bnnnhn.exec:\bnnnhn.exe29⤵
- Executes dropped EXE
PID:1860 -
\??\c:\1jdvv.exec:\1jdvv.exe30⤵
- Executes dropped EXE
PID:1772 -
\??\c:\htbtnn.exec:\htbtnn.exe31⤵
- Executes dropped EXE
PID:3084 -
\??\c:\dvpdp.exec:\dvpdp.exe32⤵
- Executes dropped EXE
PID:4340 -
\??\c:\htnttt.exec:\htnttt.exe33⤵
- Executes dropped EXE
PID:3224 -
\??\c:\nnhntt.exec:\nnhntt.exe34⤵
- Executes dropped EXE
PID:5000 -
\??\c:\vdppp.exec:\vdppp.exe35⤵
- Executes dropped EXE
PID:2384 -
\??\c:\lfflllf.exec:\lfflllf.exe36⤵
- Executes dropped EXE
PID:4596 -
\??\c:\lflxfxx.exec:\lflxfxx.exe37⤵
- Executes dropped EXE
PID:4880 -
\??\c:\bnhhbh.exec:\bnhhbh.exe38⤵
- Executes dropped EXE
PID:4492 -
\??\c:\1jjdv.exec:\1jjdv.exe39⤵
- Executes dropped EXE
PID:3368 -
\??\c:\tttnbb.exec:\tttnbb.exe40⤵
- Executes dropped EXE
PID:1536 -
\??\c:\jdvpj.exec:\jdvpj.exe41⤵
- Executes dropped EXE
PID:1716 -
\??\c:\xxrrlll.exec:\xxrrlll.exe42⤵
- Executes dropped EXE
PID:3180 -
\??\c:\frxxffr.exec:\frxxffr.exe43⤵
- Executes dropped EXE
PID:4952 -
\??\c:\hhttbt.exec:\hhttbt.exe44⤵
- Executes dropped EXE
PID:5024 -
\??\c:\dvjvv.exec:\dvjvv.exe45⤵
- Executes dropped EXE
PID:3876 -
\??\c:\xlxxfrr.exec:\xlxxfrr.exe46⤵
- Executes dropped EXE
PID:3652 -
\??\c:\fllfxxr.exec:\fllfxxr.exe47⤵
- Executes dropped EXE
PID:1600 -
\??\c:\dpdjp.exec:\dpdjp.exe48⤵
- Executes dropped EXE
PID:332 -
\??\c:\vppjj.exec:\vppjj.exe49⤵
- Executes dropped EXE
PID:60 -
\??\c:\rrffflr.exec:\rrffflr.exe50⤵
- Executes dropped EXE
PID:396 -
\??\c:\5htnnn.exec:\5htnnn.exe51⤵
- Executes dropped EXE
PID:2084 -
\??\c:\thtnnn.exec:\thtnnn.exe52⤵
- Executes dropped EXE
PID:3776 -
\??\c:\pvjjj.exec:\pvjjj.exe53⤵
- Executes dropped EXE
PID:4908 -
\??\c:\flllfff.exec:\flllfff.exe54⤵
- Executes dropped EXE
PID:3956 -
\??\c:\nnhbtt.exec:\nnhbtt.exe55⤵
- Executes dropped EXE
PID:4044 -
\??\c:\jjjjj.exec:\jjjjj.exe56⤵
- Executes dropped EXE
PID:2624 -
\??\c:\dpjdd.exec:\dpjdd.exe57⤵
- Executes dropped EXE
PID:2980 -
\??\c:\lxlllxx.exec:\lxlllxx.exe58⤵
- Executes dropped EXE
PID:3492 -
\??\c:\pdpjd.exec:\pdpjd.exe59⤵
- Executes dropped EXE
PID:4928 -
\??\c:\7djdj.exec:\7djdj.exe60⤵
- Executes dropped EXE
PID:3212 -
\??\c:\lllrrrr.exec:\lllrrrr.exe61⤵
- Executes dropped EXE
PID:5068 -
\??\c:\nbnhhn.exec:\nbnhhn.exe62⤵
- Executes dropped EXE
PID:4904 -
\??\c:\bbhnnb.exec:\bbhnnb.exe63⤵
- Executes dropped EXE
PID:2060 -
\??\c:\vjdvd.exec:\vjdvd.exe64⤵
- Executes dropped EXE
PID:2952 -
\??\c:\rrlflfx.exec:\rrlflfx.exe65⤵
- Executes dropped EXE
PID:2428 -
\??\c:\hhbhhn.exec:\hhbhhn.exe66⤵PID:796
-
\??\c:\ddppv.exec:\ddppv.exe67⤵PID:2168
-
\??\c:\jpjjp.exec:\jpjjp.exe68⤵PID:2396
-
\??\c:\xlxfrlr.exec:\xlxfrlr.exe69⤵PID:4612
-
\??\c:\hhbtnn.exec:\hhbtnn.exe70⤵PID:2772
-
\??\c:\jvpdv.exec:\jvpdv.exe71⤵PID:2104
-
\??\c:\jjjdv.exec:\jjjdv.exe72⤵PID:4400
-
\??\c:\rrfxxrr.exec:\rrfxxrr.exe73⤵PID:3620
-
\??\c:\hntnhn.exec:\hntnhn.exe74⤵PID:3248
-
\??\c:\vvvpp.exec:\vvvpp.exe75⤵PID:2884
-
\??\c:\pdvjv.exec:\pdvjv.exe76⤵PID:4396
-
\??\c:\frrlffx.exec:\frrlffx.exe77⤵PID:2464
-
\??\c:\hnnnnt.exec:\hnnnnt.exe78⤵PID:4728
-
\??\c:\dvjdj.exec:\dvjdj.exe79⤵PID:3980
-
\??\c:\pvvpj.exec:\pvvpj.exe80⤵PID:4384
-
\??\c:\llxxxrx.exec:\llxxxrx.exe81⤵PID:4956
-
\??\c:\3hhbbh.exec:\3hhbbh.exe82⤵PID:352
-
\??\c:\nhhhbb.exec:\nhhhbb.exe83⤵PID:3724
-
\??\c:\9dddv.exec:\9dddv.exe84⤵PID:4744
-
\??\c:\xllfrrl.exec:\xllfrrl.exe85⤵PID:4444
-
\??\c:\nhtbhn.exec:\nhtbhn.exe86⤵PID:4972
-
\??\c:\jpvdv.exec:\jpvdv.exe87⤵PID:3616
-
\??\c:\7djvp.exec:\7djvp.exe88⤵PID:2296
-
\??\c:\rxxxrxr.exec:\rxxxrxr.exe89⤵PID:4700
-
\??\c:\tnhbnn.exec:\tnhbnn.exe90⤵PID:3392
-
\??\c:\htnnnt.exec:\htnnnt.exe91⤵PID:4712
-
\??\c:\jpddj.exec:\jpddj.exe92⤵PID:1244
-
\??\c:\xflfxrl.exec:\xflfxrl.exe93⤵PID:1376
-
\??\c:\bnhbnh.exec:\bnhbnh.exe94⤵PID:3652
-
\??\c:\vpppj.exec:\vpppj.exe95⤵PID:980
-
\??\c:\5rlfxrl.exec:\5rlfxrl.exe96⤵PID:3664
-
\??\c:\rlrllrr.exec:\rlrllrr.exe97⤵PID:4960
-
\??\c:\llxflff.exec:\llxflff.exe98⤵PID:1524
-
\??\c:\bnbbbh.exec:\bnbbbh.exe99⤵PID:2684
-
\??\c:\dvpvp.exec:\dvpvp.exe100⤵PID:2140
-
\??\c:\pdjdv.exec:\pdjdv.exe101⤵PID:3988
-
\??\c:\rxxlfxx.exec:\rxxlfxx.exe102⤵PID:548
-
\??\c:\rflfflx.exec:\rflfflx.exe103⤵PID:556
-
\??\c:\7ttthn.exec:\7ttthn.exe104⤵PID:4924
-
\??\c:\9dddd.exec:\9dddd.exe105⤵PID:4628
-
\??\c:\xrrlfxr.exec:\xrrlfxr.exe106⤵PID:1592
-
\??\c:\lrfxflr.exec:\lrfxflr.exe107⤵PID:2060
-
\??\c:\bhtnbn.exec:\bhtnbn.exe108⤵PID:4512
-
\??\c:\dpvpd.exec:\dpvpd.exe109⤵PID:968
-
\??\c:\jvvdv.exec:\jvvdv.exe110⤵PID:1184
-
\??\c:\llxxrlx.exec:\llxxrlx.exe111⤵PID:4200
-
\??\c:\9tbtnh.exec:\9tbtnh.exe112⤵PID:4612
-
\??\c:\9jpdp.exec:\9jpdp.exe113⤵PID:4224
-
\??\c:\rllflfr.exec:\rllflfr.exe114⤵PID:3588
-
\??\c:\rllrlll.exec:\rllrlll.exe115⤵PID:2636
-
\??\c:\bhttnb.exec:\bhttnb.exe116⤵PID:2676
-
\??\c:\9vpjd.exec:\9vpjd.exe117⤵PID:3092
-
\??\c:\rfxrxrl.exec:\rfxrxrl.exe118⤵PID:3208
-
\??\c:\bhhntn.exec:\bhhntn.exe119⤵PID:4832
-
\??\c:\nhnbnh.exec:\nhnbnh.exe120⤵PID:4632
-
\??\c:\pvddd.exec:\pvddd.exe121⤵PID:4340
-
\??\c:\xflfrrf.exec:\xflfrrf.exe122⤵PID:3224
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-