Analysis
-
max time kernel
145s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20231020-en -
resource tags
-
submitted
22/10/2023, 17:30
General
-
Target
NEAS.df64c4520f0948fbf38a6bff5b473df0.exe
-
Size
75KB
-
MD5
df64c4520f0948fbf38a6bff5b473df0
-
SHA1
997eb32c0220ce75cbd18955337e247f6c6c90f5
-
SHA256
702d908d3a52690bf6c103c5c8540d0971f0d8ed180a2f50058ce11d69dc5d1d
-
SHA512
7728eaf6c828bfd83e6509f14b353f110106c7d24a428407e8175b3e70fbe8f578e2ab04672aea74f7015c705f24967a192f8084cf748dbed21fb962e5937b3f
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIjaQkPcy8WTeAwHVxv:ymb3NkkiQ3mdBjFIpkPcy8qsHVxv
Score
10/10
Malware Config
Signatures
-
Blackmoon, KrBanker
Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
-
Detect Blackmoon payload 27 IoCs
-
Executes dropped EXE 64 IoCs
-
UPX packed file 56 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.df64c4520f0948fbf38a6bff5b473df0.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.df64c4520f0948fbf38a6bff5b473df0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
\??\c:\pdbxbx.exec:\pdbxbx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\drhpttn.exec:\drhpttn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\vrpdlhd.exec:\vrpdlhd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pxtdrt.exec:\pxtdrt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\btdhrjn.exec:\btdhrjn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\prjxtd.exec:\prjxtd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hrdnp.exec:\hrdnp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\lnfnxp.exec:\lnfnxp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\pbdnn.exec:\pbdnn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\rbxhxhn.exec:\rbxhxhn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bjttf.exec:\bjttf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\brddn.exec:\brddn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\fprbv.exec:\fprbv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\hjftp.exec:\hjftp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\bfhvdh.exec:\bfhvdh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
\??\c:\dxhjff.exec:\dxhjff.exe17⤵
- Executes dropped EXE
-
\??\c:\hdflbb.exec:\hdflbb.exe18⤵
- Executes dropped EXE
-
\??\c:\lvjpbvx.exec:\lvjpbvx.exe19⤵
- Executes dropped EXE
-
\??\c:\pnbnvbx.exec:\pnbnvbx.exe20⤵
- Executes dropped EXE
-
\??\c:\xpljjfj.exec:\xpljjfj.exe21⤵
- Executes dropped EXE
-
\??\c:\xvffb.exec:\xvffb.exe22⤵
- Executes dropped EXE
-
\??\c:\vrdtdjj.exec:\vrdtdjj.exe23⤵
- Executes dropped EXE
-
\??\c:\jfptjjx.exec:\jfptjjx.exe24⤵
- Executes dropped EXE
-
\??\c:\hjtxp.exec:\hjtxp.exe25⤵
- Executes dropped EXE
-
\??\c:\dfpntn.exec:\dfpntn.exe26⤵
- Executes dropped EXE
-
\??\c:\prpnlvd.exec:\prpnlvd.exe27⤵
- Executes dropped EXE
-
\??\c:\tbfrt.exec:\tbfrt.exe28⤵
- Executes dropped EXE
-
\??\c:\ppnlth.exec:\ppnlth.exe29⤵
- Executes dropped EXE
-
\??\c:\nvnlhxv.exec:\nvnlhxv.exe30⤵
- Executes dropped EXE
-
\??\c:\dbdnxrx.exec:\dbdnxrx.exe31⤵
- Executes dropped EXE
-
\??\c:\lrdpnf.exec:\lrdpnf.exe32⤵
- Executes dropped EXE
-
\??\c:\vnfdlhh.exec:\vnfdlhh.exe33⤵
- Executes dropped EXE
-
\??\c:\fxfhn.exec:\fxfhn.exe34⤵
- Executes dropped EXE
-
\??\c:\rvnvtl.exec:\rvnvtl.exe35⤵
- Executes dropped EXE
-
\??\c:\ttlhxpn.exec:\ttlhxpn.exe36⤵
- Executes dropped EXE
-
\??\c:\nbpddn.exec:\nbpddn.exe37⤵
- Executes dropped EXE
-
\??\c:\fvblpb.exec:\fvblpb.exe38⤵
- Executes dropped EXE
-
\??\c:\jrdnbnx.exec:\jrdnbnx.exe39⤵
- Executes dropped EXE
-
\??\c:\hjhjfnj.exec:\hjhjfnj.exe40⤵
- Executes dropped EXE
-
\??\c:\lvbprf.exec:\lvbprf.exe41⤵
- Executes dropped EXE
-
\??\c:\blhnn.exec:\blhnn.exe42⤵
- Executes dropped EXE
-
\??\c:\bpbfn.exec:\bpbfn.exe43⤵
- Executes dropped EXE
-
\??\c:\jpthv.exec:\jpthv.exe44⤵
- Executes dropped EXE
-
\??\c:\rjbtxpj.exec:\rjbtxpj.exe45⤵
- Executes dropped EXE
-
\??\c:\xpflr.exec:\xpflr.exe46⤵
- Executes dropped EXE
-
\??\c:\bttlp.exec:\bttlp.exe47⤵
- Executes dropped EXE
-
\??\c:\lflbx.exec:\lflbx.exe48⤵
- Executes dropped EXE
-
\??\c:\fhbxjtj.exec:\fhbxjtj.exe49⤵
- Executes dropped EXE
-
\??\c:\nvrflbr.exec:\nvrflbr.exe50⤵
- Executes dropped EXE
-
\??\c:\bfdpx.exec:\bfdpx.exe51⤵
- Executes dropped EXE
-
\??\c:\ljbhvj.exec:\ljbhvj.exe52⤵
- Executes dropped EXE
-
\??\c:\thdnl.exec:\thdnl.exe53⤵
- Executes dropped EXE
-
\??\c:\nlbdr.exec:\nlbdr.exe54⤵
- Executes dropped EXE
-
\??\c:\hlhbvpn.exec:\hlhbvpn.exe55⤵
- Executes dropped EXE
-
\??\c:\jdlrv.exec:\jdlrv.exe56⤵
- Executes dropped EXE
-
\??\c:\vttvp.exec:\vttvp.exe57⤵
- Executes dropped EXE
-
\??\c:\pttjjx.exec:\pttjjx.exe58⤵
- Executes dropped EXE
-
\??\c:\fpbtxp.exec:\fpbtxp.exe59⤵
- Executes dropped EXE
-
\??\c:\xjrbt.exec:\xjrbt.exe60⤵
- Executes dropped EXE
-
\??\c:\pbvjv.exec:\pbvjv.exe61⤵
- Executes dropped EXE
-
\??\c:\xflhnvr.exec:\xflhnvr.exe62⤵
- Executes dropped EXE
-
\??\c:\vxlrp.exec:\vxlrp.exe63⤵
- Executes dropped EXE
-
\??\c:\tpfvn.exec:\tpfvn.exe64⤵
- Executes dropped EXE
-
\??\c:\brrtdph.exec:\brrtdph.exe65⤵
- Executes dropped EXE
-
\??\c:\xddbt.exec:\xddbt.exe66⤵
-
\??\c:\ndxlh.exec:\ndxlh.exe67⤵
-
\??\c:\bfjnh.exec:\bfjnh.exe68⤵
-
\??\c:\dhrplnj.exec:\dhrplnj.exe69⤵
-
\??\c:\nxrjbh.exec:\nxrjbh.exe70⤵
-
\??\c:\rprptfb.exec:\rprptfb.exe71⤵
-
\??\c:\dfhlvvf.exec:\dfhlvvf.exe72⤵
-
\??\c:\bxfftb.exec:\bxfftb.exe73⤵
-
\??\c:\vxdldr.exec:\vxdldr.exe74⤵
-
\??\c:\jflvjb.exec:\jflvjb.exe75⤵
-
\??\c:\hldnn.exec:\hldnn.exe76⤵
-
\??\c:\bvttr.exec:\bvttr.exe77⤵
-
\??\c:\njvpp.exec:\njvpp.exe78⤵
-
\??\c:\fffxbr.exec:\fffxbr.exe79⤵
-
\??\c:\pdfnn.exec:\pdfnn.exe80⤵
-
\??\c:\jjntxd.exec:\jjntxd.exe81⤵
-
\??\c:\pvjtpxx.exec:\pvjtpxx.exe82⤵
-
\??\c:\rjthj.exec:\rjthj.exe83⤵
-
\??\c:\hrpdtnt.exec:\hrpdtnt.exe84⤵
-
\??\c:\ldfbhb.exec:\ldfbhb.exe85⤵
-
\??\c:\nxrbn.exec:\nxrbn.exe86⤵
-
\??\c:\ffvbnt.exec:\ffvbnt.exe87⤵
-
\??\c:\hxntr.exec:\hxntr.exe88⤵
-
\??\c:\vrrrj.exec:\vrrrj.exe89⤵
-
\??\c:\nfdpxr.exec:\nfdpxr.exe90⤵
-
\??\c:\nrvxrb.exec:\nrvxrb.exe91⤵
-
\??\c:\prvbjbr.exec:\prvbjbr.exe92⤵
-
\??\c:\prpdfp.exec:\prpdfp.exe93⤵
-
\??\c:\vpbfhn.exec:\vpbfhn.exe94⤵
-
\??\c:\ndnbjx.exec:\ndnbjx.exe95⤵
-
\??\c:\jxrtfbn.exec:\jxrtfbn.exe96⤵
-
\??\c:\fffvllb.exec:\fffvllb.exe97⤵
-
\??\c:\pffrrt.exec:\pffrrt.exe98⤵
-
\??\c:\xblbh.exec:\xblbh.exe99⤵
-
\??\c:\dtbvbv.exec:\dtbvbv.exe100⤵
-
\??\c:\dflxtrh.exec:\dflxtrh.exe101⤵
-
\??\c:\rrrbn.exec:\rrrbn.exe102⤵
-
\??\c:\dhhdb.exec:\dhhdb.exe103⤵
-
\??\c:\pbhnrx.exec:\pbhnrx.exe104⤵
-
\??\c:\plxnp.exec:\plxnp.exe105⤵
-
\??\c:\rjtxfn.exec:\rjtxfn.exe106⤵
-
\??\c:\lrvlltn.exec:\lrvlltn.exe107⤵
-
\??\c:\pxxdnnd.exec:\pxxdnnd.exe108⤵
-
\??\c:\jrhvbd.exec:\jrhvbd.exe109⤵
-
\??\c:\pxrbvp.exec:\pxrbvp.exe110⤵
-
\??\c:\npnltnp.exec:\npnltnp.exe111⤵
-
\??\c:\dvdtptn.exec:\dvdtptn.exe112⤵
-
\??\c:\rvrvjtn.exec:\rvrvjtn.exe113⤵
-
\??\c:\ffrpvlb.exec:\ffrpvlb.exe114⤵
-
\??\c:\thbtd.exec:\thbtd.exe115⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\??\c:\tfvjnjp.exec:\tfvjnjp.exe1⤵
-
\??\c:\bftlp.exec:\bftlp.exe2⤵
-
\??\c:\fjhnttt.exec:\fjhnttt.exe3⤵
-
\??\c:\vphfrfd.exec:\vphfrfd.exe4⤵
-
\??\c:\pxjjjrx.exec:\pxjjjrx.exe5⤵
-
\??\c:\bfjnl.exec:\bfjnl.exe6⤵
-
-
-
-
-
-
\??\c:\rdfjvvt.exec:\rdfjvvt.exe1⤵
-
\??\c:\xjxfrdd.exec:\xjxfrdd.exe2⤵
-
\??\c:\nbfttp.exec:\nbfttp.exe3⤵
-
\??\c:\frlfl.exec:\frlfl.exe4⤵
-
\??\c:\ffhft.exec:\ffhft.exe5⤵
-
\??\c:\fjnnxr.exec:\fjnnxr.exe6⤵
-
\??\c:\httfjlh.exec:\httfjlh.exe7⤵
-
-
-
-
-
-
-
\??\c:\jldtj.exec:\jldtj.exe1⤵
-
\??\c:\fvppr.exec:\fvppr.exe2⤵
-
\??\c:\prhpppf.exec:\prhpppf.exe3⤵
-
\??\c:\tbpdf.exec:\tbpdf.exe4⤵
-
\??\c:\lxdtpbt.exec:\lxdtpbt.exe5⤵
-
\??\c:\vhvfr.exec:\vhvfr.exe6⤵
-
\??\c:\trlbtfb.exec:\trlbtfb.exe7⤵
-
\??\c:\ddhrn.exec:\ddhrn.exe8⤵
-
\??\c:\xflfh.exec:\xflfh.exe9⤵
-
\??\c:\bnhft.exec:\bnhft.exe10⤵
-
\??\c:\vnbnjt.exec:\vnbnjt.exe11⤵
-
\??\c:\jxbtdh.exec:\jxbtdh.exe12⤵
-
\??\c:\bppfrv.exec:\bppfrv.exe13⤵
-
\??\c:\nffrd.exec:\nffrd.exe14⤵
-
\??\c:\rxdblx.exec:\rxdblx.exe15⤵
-
\??\c:\hxljvhn.exec:\hxljvhn.exe16⤵
-
\??\c:\plnnv.exec:\plnnv.exe17⤵
-
\??\c:\xnhnnht.exec:\xnhnnht.exe18⤵
-
\??\c:\fprtd.exec:\fprtd.exe19⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\??\c:\jrhrdft.exec:\jrhrdft.exe1⤵
-
\??\c:\tvtfbrl.exec:\tvtfbrl.exe2⤵
-
\??\c:\htnrn.exec:\htnrn.exe3⤵
-
\??\c:\xjjrpf.exec:\xjjrpf.exe4⤵
-
\??\c:\fvtlnbt.exec:\fvtlnbt.exe5⤵
-
\??\c:\pflnn.exec:\pflnn.exe6⤵
-
\??\c:\bhvjjjb.exec:\bhvjjjb.exe7⤵
-
\??\c:\hvfpn.exec:\hvfpn.exe8⤵
-
\??\c:\bfvbfjd.exec:\bfvbfjd.exe9⤵
-
\??\c:\xflvbl.exec:\xflvbl.exe10⤵
-
\??\c:\rtlptfr.exec:\rtlptfr.exe11⤵
-
\??\c:\bltdjj.exec:\bltdjj.exe12⤵
-
\??\c:\ljvdpj.exec:\ljvdpj.exe13⤵
-
\??\c:\ltlndd.exec:\ltlndd.exe14⤵
-
\??\c:\nbhpj.exec:\nbhpj.exe15⤵
-
\??\c:\bnxvdj.exec:\bnxvdj.exe16⤵
-
\??\c:\rjltbrf.exec:\rjltbrf.exe17⤵
-
\??\c:\hxnfxvl.exec:\hxnfxvl.exe18⤵
-
\??\c:\rlrhfj.exec:\rlrhfj.exe19⤵
-
\??\c:\jbpndb.exec:\jbpndb.exe20⤵
-
\??\c:\vxhlt.exec:\vxhlt.exe21⤵
-
\??\c:\hlrtp.exec:\hlrtp.exe22⤵
-
\??\c:\rhlbt.exec:\rhlbt.exe23⤵
-
\??\c:\drhxthp.exec:\drhxthp.exe24⤵
-
\??\c:\thprhfb.exec:\thprhfb.exe25⤵
-
\??\c:\vfrpbp.exec:\vfrpbp.exe26⤵
-
\??\c:\lltrfd.exec:\lltrfd.exe27⤵
-
\??\c:\tffdn.exec:\tffdn.exe28⤵
-
\??\c:\nhpjtl.exec:\nhpjtl.exe29⤵
-
\??\c:\drxrxrj.exec:\drxrxrj.exe30⤵
-
\??\c:\bjtjfh.exec:\bjtjfh.exe31⤵
-
\??\c:\frltfn.exec:\frltfn.exe32⤵
-
\??\c:\fpbtv.exec:\fpbtv.exe33⤵
-
\??\c:\tbfxvt.exec:\tbfxvt.exe34⤵
-
\??\c:\frxvj.exec:\frxvj.exe35⤵
-
\??\c:\rdhhjx.exec:\rdhhjx.exe36⤵
-
\??\c:\tjffdvd.exec:\tjffdvd.exe37⤵
-
\??\c:\rvlpnbh.exec:\rvlpnbh.exe38⤵
-
\??\c:\lbphtl.exec:\lbphtl.exe39⤵
-
\??\c:\lpbbrnr.exec:\lpbbrnr.exe40⤵
-
\??\c:\dndlv.exec:\dndlv.exe41⤵
-
\??\c:\bjhftp.exec:\bjhftp.exe42⤵
-
\??\c:\hjnnff.exec:\hjnnff.exe43⤵
-
\??\c:\tdxvpjn.exec:\tdxvpjn.exe44⤵
-
\??\c:\bndxnr.exec:\bndxnr.exe45⤵
-
\??\c:\fnjbdxl.exec:\fnjbdxl.exe46⤵
-
\??\c:\rxfrb.exec:\rxfrb.exe47⤵
-
\??\c:\dtpprbt.exec:\dtpprbt.exe48⤵
-
\??\c:\dxvlvv.exec:\dxvlvv.exe49⤵
-
\??\c:\lvbhdbn.exec:\lvbhdbn.exe50⤵
-
\??\c:\rlxjfr.exec:\rlxjfr.exe51⤵
-
\??\c:\fxdlxh.exec:\fxdlxh.exe52⤵
-
\??\c:\dbrjjp.exec:\dbrjjp.exe53⤵
-
\??\c:\dfjnjf.exec:\dfjnjf.exe54⤵
-
\??\c:\fbbbx.exec:\fbbbx.exe55⤵
-
\??\c:\btvdj.exec:\btvdj.exe56⤵
-
\??\c:\rfrblt.exec:\rfrblt.exe57⤵
-
\??\c:\txrbxrx.exec:\txrbxrx.exe58⤵
-
\??\c:\lrtxfv.exec:\lrtxfv.exe59⤵
-
\??\c:\xxvnn.exec:\xxvnn.exe60⤵
-
\??\c:\hjrlb.exec:\hjrlb.exe61⤵
-
\??\c:\xjxbj.exec:\xjxbj.exe62⤵
-
\??\c:\nvddhf.exec:\nvddhf.exe63⤵
-
\??\c:\ddfhlv.exec:\ddfhlv.exe64⤵
-
\??\c:\lnffpll.exec:\lnffpll.exe65⤵
-
\??\c:\rfxhdv.exec:\rfxhdv.exe66⤵
-
\??\c:\fdthpv.exec:\fdthpv.exe67⤵
-
\??\c:\fbvtdtd.exec:\fbvtdtd.exe68⤵
-
\??\c:\lnvnvl.exec:\lnvnvl.exe69⤵
-
\??\c:\jntvp.exec:\jntvp.exe70⤵
-
\??\c:\bhtdb.exec:\bhtdb.exe71⤵
-
\??\c:\nnxpfv.exec:\nnxpfv.exe72⤵
-
\??\c:\pdrvdlb.exec:\pdrvdlb.exe73⤵
-
\??\c:\phxhnrh.exec:\phxhnrh.exe74⤵
-
\??\c:\bhfdb.exec:\bhfdb.exe75⤵
-
\??\c:\hhxpn.exec:\hhxpn.exe76⤵
-
\??\c:\hpjhnlp.exec:\hpjhnlp.exe77⤵
-
\??\c:\vdxvrf.exec:\vdxvrf.exe78⤵
-
\??\c:\bddjvbb.exec:\bddjvbb.exe79⤵
-
\??\c:\nfptlbf.exec:\nfptlbf.exe80⤵
-
\??\c:\jdjdr.exec:\jdjdr.exe81⤵
-
\??\c:\vbxrllv.exec:\vbxrllv.exe82⤵
-
\??\c:\pnndx.exec:\pnndx.exe83⤵
-
\??\c:\fjrtdt.exec:\fjrtdt.exe84⤵
-
\??\c:\ntltp.exec:\ntltp.exe85⤵
-
\??\c:\htnnxft.exec:\htnnxft.exe86⤵
-
\??\c:\lxrpx.exec:\lxrpx.exe87⤵
-
\??\c:\rrxhbnh.exec:\rrxhbnh.exe88⤵
-
\??\c:\xpvdtb.exec:\xpvdtb.exe89⤵
-
\??\c:\pvdlfp.exec:\pvdlfp.exe90⤵
-
\??\c:\tvbbf.exec:\tvbbf.exe91⤵
-
\??\c:\vjnfnf.exec:\vjnfnf.exe92⤵
-
\??\c:\fpjbhp.exec:\fpjbhp.exe93⤵
-
\??\c:\jdvvx.exec:\jdvvx.exe94⤵
-
\??\c:\hxtnbjv.exec:\hxtnbjv.exe95⤵
-
\??\c:\jvjfvll.exec:\jvjfvll.exe96⤵
-
\??\c:\vhfvb.exec:\vhfvb.exe97⤵
-
\??\c:\hnjnxbr.exec:\hnjnxbr.exe98⤵
-
\??\c:\frntv.exec:\frntv.exe99⤵
-
\??\c:\hnhvll.exec:\hnhvll.exe100⤵
-
\??\c:\hntjjxx.exec:\hntjjxx.exe101⤵
-
\??\c:\fbdrrhp.exec:\fbdrrhp.exe102⤵
-
\??\c:\jhdtdl.exec:\jhdtdl.exe103⤵
-
\??\c:\lprbfdd.exec:\lprbfdd.exe104⤵
-
\??\c:\tfrfld.exec:\tfrfld.exe105⤵
-
\??\c:\vpvppn.exec:\vpvppn.exe106⤵
-
\??\c:\lljjndf.exec:\lljjndf.exe107⤵
-
\??\c:\dxvbd.exec:\dxvbd.exe108⤵
-
\??\c:\plvvf.exec:\plvvf.exe109⤵
-
\??\c:\tlxvnv.exec:\tlxvnv.exe110⤵
-
\??\c:\vlpxt.exec:\vlpxt.exe111⤵
-
\??\c:\pnbhtx.exec:\pnbhtx.exe112⤵
-
\??\c:\pdrdh.exec:\pdrdh.exe113⤵
-
\??\c:\brfpdbj.exec:\brfpdbj.exe114⤵
-
\??\c:\fndjn.exec:\fndjn.exe115⤵
-
\??\c:\djvnllf.exec:\djvnllf.exe116⤵
-
\??\c:\nbljbn.exec:\nbljbn.exe117⤵
-
\??\c:\xtjdln.exec:\xtjdln.exe118⤵
-
\??\c:\vnvlhrt.exec:\vnvlhrt.exe119⤵
-
\??\c:\ffvbd.exec:\ffvbd.exe120⤵
-
\??\c:\fpnjhrj.exec:\fpnjhrj.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-