Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
13-05-2024 22:19
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
68e2a76899ef54b0a4eef7a5d02c22682e591e4e6ed9de6455ee0f16e415c7d8.exe
Resource
win7-20240221-en
windows7-x64
6 signatures
150 seconds
General
-
Target
68e2a76899ef54b0a4eef7a5d02c22682e591e4e6ed9de6455ee0f16e415c7d8.exe
-
Size
371KB
-
MD5
a3a93eb00dddd577dab4802d405a6add
-
SHA1
44d6c97dd5f75694d790a175fe2f9251b22ce45f
-
SHA256
68e2a76899ef54b0a4eef7a5d02c22682e591e4e6ed9de6455ee0f16e415c7d8
-
SHA512
5f19f17ddea1ca824f64d61ed56c139c342290153252e73001359ca7fd3a00839adc528f7ed515c8fa34fe5e7669b8c3109055b9731490a589febaf86ff13f31
-
SSDEEP
6144:n3C9BRIG0asYFm71mJl3/X8mak5gNv9rC8IwLaYNUvtTxTKMMA:n3C9uYA7i3/stR9HGYyvtTxTKMt
Malware Config
Signatures
-
Detect Blackmoon payload 21 IoCs
resource yara_rule behavioral1/memory/2072-15-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2880-10-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2964-24-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2696-34-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2732-44-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2596-63-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2888-82-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/908-98-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2748-115-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1996-134-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1044-142-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1980-152-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2292-169-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2268-187-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2844-206-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2636-197-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/588-224-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/336-215-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1604-179-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/876-260-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2164-286-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 22 IoCs
resource yara_rule behavioral1/memory/2880-3-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2072-15-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2880-10-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2964-24-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2696-34-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2732-44-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2596-63-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2888-82-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/908-98-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2748-115-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1996-134-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1044-142-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1980-152-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2292-169-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2268-187-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2844-206-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2636-197-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/588-224-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/336-215-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1604-179-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/876-260-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2164-286-0x0000000000400000-0x0000000000429000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 2072 jvjdj.exe 2964 fflrrrx.exe 2696 vvjjv.exe 2732 rfxfxxf.exe 2656 1thhhh.exe 2596 htbhhh.exe 2472 lxffllr.exe 2888 hhtthb.exe 908 dpdvj.exe 2448 5pppj.exe 2748 5rlxrxf.exe 748 hhtthn.exe 1996 lfxfrxl.exe 1044 rfrrffr.exe 1980 7hnhnt.exe 2188 dvdjv.exe 2292 rxlflfr.exe 1604 xrrfxlr.exe 2268 tntbnn.exe 2636 jddvd.exe 2844 xfrrrrx.exe 336 nbttnn.exe 588 pdjjv.exe 1904 xlrrflf.exe 2424 rlrxflf.exe 1872 5bnnnh.exe 876 vpvdj.exe 1712 nhtbnn.exe 360 pjdjv.exe 2164 pjvvd.exe 1244 5hnnnt.exe 2924 1btbhn.exe 1200 frrlxrl.exe 2072 thttbb.exe 1992 bthnbh.exe 2600 7jpjj.exe 1152 1bhhnh.exe 2816 hbnhnh.exe 2728 7ntttt.exe 2656 lrxfflr.exe 2624 tnhhnt.exe 2628 jjvvv.exe 2384 1jjjv.exe 1456 lfrlrrx.exe 2764 hbbtbh.exe 2560 ttnnbh.exe 1528 vjppd.exe 1976 lfrxlrf.exe 2912 5fxrfxl.exe 1048 tnbnnt.exe 284 pjppv.exe 1760 lxllxlx.exe 804 xrfrflr.exe 1648 nnhntt.exe 2128 pjjpv.exe 2836 rfrrlrr.exe 2640 frfffxx.exe 2636 9nbbhn.exe 1160 dvjpv.exe 3040 pdpjd.exe 1812 rrrxllx.exe 540 tthhnn.exe 1352 3btttb.exe 1884 pdjdj.exe -
resource yara_rule behavioral1/memory/2880-3-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2072-15-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2880-10-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2964-24-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2696-34-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2732-44-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2596-63-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2888-82-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/908-98-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2748-115-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1996-134-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1044-142-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1980-152-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2292-169-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2268-187-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2844-206-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2636-197-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/588-224-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/336-215-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1604-179-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/876-260-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2164-286-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2880 wrote to memory of 2072 2880 68e2a76899ef54b0a4eef7a5d02c22682e591e4e6ed9de6455ee0f16e415c7d8.exe 28 PID 2880 wrote to memory of 2072 2880 68e2a76899ef54b0a4eef7a5d02c22682e591e4e6ed9de6455ee0f16e415c7d8.exe 28 PID 2880 wrote to memory of 2072 2880 68e2a76899ef54b0a4eef7a5d02c22682e591e4e6ed9de6455ee0f16e415c7d8.exe 28 PID 2880 wrote to memory of 2072 2880 68e2a76899ef54b0a4eef7a5d02c22682e591e4e6ed9de6455ee0f16e415c7d8.exe 28 PID 2072 wrote to memory of 2964 2072 jvjdj.exe 29 PID 2072 wrote to memory of 2964 2072 jvjdj.exe 29 PID 2072 wrote to memory of 2964 2072 jvjdj.exe 29 PID 2072 wrote to memory of 2964 2072 jvjdj.exe 29 PID 2964 wrote to memory of 2696 2964 fflrrrx.exe 30 PID 2964 wrote to memory of 2696 2964 fflrrrx.exe 30 PID 2964 wrote to memory of 2696 2964 fflrrrx.exe 30 PID 2964 wrote to memory of 2696 2964 fflrrrx.exe 30 PID 2696 wrote to memory of 2732 2696 vvjjv.exe 31 PID 2696 wrote to memory of 2732 2696 vvjjv.exe 31 PID 2696 wrote to memory of 2732 2696 vvjjv.exe 31 PID 2696 wrote to memory of 2732 2696 vvjjv.exe 31 PID 2732 wrote to memory of 2656 2732 rfxfxxf.exe 32 PID 2732 wrote to memory of 2656 2732 rfxfxxf.exe 32 PID 2732 wrote to memory of 2656 2732 rfxfxxf.exe 32 PID 2732 wrote to memory of 2656 2732 rfxfxxf.exe 32 PID 2656 wrote to memory of 2596 2656 1thhhh.exe 33 PID 2656 wrote to memory of 2596 2656 1thhhh.exe 33 PID 2656 wrote to memory of 2596 2656 1thhhh.exe 33 PID 2656 wrote to memory of 2596 2656 1thhhh.exe 33 PID 2596 wrote to memory of 2472 2596 htbhhh.exe 34 PID 2596 wrote to memory of 2472 2596 htbhhh.exe 34 PID 2596 wrote to memory of 2472 2596 htbhhh.exe 34 PID 2596 wrote to memory of 2472 2596 htbhhh.exe 34 PID 2472 wrote to memory of 2888 2472 lxffllr.exe 35 PID 2472 wrote to memory of 2888 2472 lxffllr.exe 35 PID 2472 wrote to memory of 2888 2472 lxffllr.exe 35 PID 2472 wrote to memory of 2888 2472 lxffllr.exe 35 PID 2888 wrote to memory of 908 2888 hhtthb.exe 36 PID 2888 wrote to memory of 908 2888 hhtthb.exe 36 PID 2888 wrote to memory of 908 2888 hhtthb.exe 36 PID 2888 wrote to memory of 908 2888 hhtthb.exe 36 PID 908 wrote to memory of 2448 908 dpdvj.exe 37 PID 908 wrote to memory of 2448 908 dpdvj.exe 37 PID 908 wrote to memory of 2448 908 dpdvj.exe 37 PID 908 wrote to memory of 2448 908 dpdvj.exe 37 PID 2448 wrote to memory of 2748 2448 5pppj.exe 38 PID 2448 wrote to memory of 2748 2448 5pppj.exe 38 PID 2448 wrote to memory of 2748 2448 5pppj.exe 38 PID 2448 wrote to memory of 2748 2448 5pppj.exe 38 PID 2748 wrote to memory of 748 2748 5rlxrxf.exe 39 PID 2748 wrote to memory of 748 2748 5rlxrxf.exe 39 PID 2748 wrote to memory of 748 2748 5rlxrxf.exe 39 PID 2748 wrote to memory of 748 2748 5rlxrxf.exe 39 PID 748 wrote to memory of 1996 748 hhtthn.exe 40 PID 748 wrote to memory of 1996 748 hhtthn.exe 40 PID 748 wrote to memory of 1996 748 hhtthn.exe 40 PID 748 wrote to memory of 1996 748 hhtthn.exe 40 PID 1996 wrote to memory of 1044 1996 lfxfrxl.exe 41 PID 1996 wrote to memory of 1044 1996 lfxfrxl.exe 41 PID 1996 wrote to memory of 1044 1996 lfxfrxl.exe 41 PID 1996 wrote to memory of 1044 1996 lfxfrxl.exe 41 PID 1044 wrote to memory of 1980 1044 rfrrffr.exe 42 PID 1044 wrote to memory of 1980 1044 rfrrffr.exe 42 PID 1044 wrote to memory of 1980 1044 rfrrffr.exe 42 PID 1044 wrote to memory of 1980 1044 rfrrffr.exe 42 PID 1980 wrote to memory of 2188 1980 7hnhnt.exe 43 PID 1980 wrote to memory of 2188 1980 7hnhnt.exe 43 PID 1980 wrote to memory of 2188 1980 7hnhnt.exe 43 PID 1980 wrote to memory of 2188 1980 7hnhnt.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\68e2a76899ef54b0a4eef7a5d02c22682e591e4e6ed9de6455ee0f16e415c7d8.exe"C:\Users\Admin\AppData\Local\Temp\68e2a76899ef54b0a4eef7a5d02c22682e591e4e6ed9de6455ee0f16e415c7d8.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2880 -
\??\c:\jvjdj.exec:\jvjdj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2072 -
\??\c:\fflrrrx.exec:\fflrrrx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2964 -
\??\c:\vvjjv.exec:\vvjjv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2696 -
\??\c:\rfxfxxf.exec:\rfxfxxf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2732 -
\??\c:\1thhhh.exec:\1thhhh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2656 -
\??\c:\htbhhh.exec:\htbhhh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2596 -
\??\c:\lxffllr.exec:\lxffllr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2472 -
\??\c:\hhtthb.exec:\hhtthb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2888 -
\??\c:\dpdvj.exec:\dpdvj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:908 -
\??\c:\5pppj.exec:\5pppj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2448 -
\??\c:\5rlxrxf.exec:\5rlxrxf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2748 -
\??\c:\hhtthn.exec:\hhtthn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:748 -
\??\c:\lfxfrxl.exec:\lfxfrxl.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1996 -
\??\c:\rfrrffr.exec:\rfrrffr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1044 -
\??\c:\7hnhnt.exec:\7hnhnt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1980 -
\??\c:\dvdjv.exec:\dvdjv.exe17⤵
- Executes dropped EXE
PID:2188 -
\??\c:\rxlflfr.exec:\rxlflfr.exe18⤵
- Executes dropped EXE
PID:2292 -
\??\c:\xrrfxlr.exec:\xrrfxlr.exe19⤵
- Executes dropped EXE
PID:1604 -
\??\c:\tntbnn.exec:\tntbnn.exe20⤵
- Executes dropped EXE
PID:2268 -
\??\c:\jddvd.exec:\jddvd.exe21⤵
- Executes dropped EXE
PID:2636 -
\??\c:\xfrrrrx.exec:\xfrrrrx.exe22⤵
- Executes dropped EXE
PID:2844 -
\??\c:\nbttnn.exec:\nbttnn.exe23⤵
- Executes dropped EXE
PID:336 -
\??\c:\pdjjv.exec:\pdjjv.exe24⤵
- Executes dropped EXE
PID:588 -
\??\c:\xlrrflf.exec:\xlrrflf.exe25⤵
- Executes dropped EXE
PID:1904 -
\??\c:\rlrxflf.exec:\rlrxflf.exe26⤵
- Executes dropped EXE
PID:2424 -
\??\c:\5bnnnh.exec:\5bnnnh.exe27⤵
- Executes dropped EXE
PID:1872 -
\??\c:\vpvdj.exec:\vpvdj.exe28⤵
- Executes dropped EXE
PID:876 -
\??\c:\nhtbnn.exec:\nhtbnn.exe29⤵
- Executes dropped EXE
PID:1712 -
\??\c:\pjdjv.exec:\pjdjv.exe30⤵
- Executes dropped EXE
PID:360 -
\??\c:\pjvvd.exec:\pjvvd.exe31⤵
- Executes dropped EXE
PID:2164 -
\??\c:\5hnnnt.exec:\5hnnnt.exe32⤵
- Executes dropped EXE
PID:1244 -
\??\c:\1btbhn.exec:\1btbhn.exe33⤵
- Executes dropped EXE
PID:2924 -
\??\c:\frrlxrl.exec:\frrlxrl.exe34⤵
- Executes dropped EXE
PID:1200 -
\??\c:\thttbb.exec:\thttbb.exe35⤵
- Executes dropped EXE
PID:2072 -
\??\c:\bthnbh.exec:\bthnbh.exe36⤵
- Executes dropped EXE
PID:1992 -
\??\c:\7jpjj.exec:\7jpjj.exe37⤵
- Executes dropped EXE
PID:2600 -
\??\c:\1bhhnh.exec:\1bhhnh.exe38⤵
- Executes dropped EXE
PID:1152 -
\??\c:\hbnhnh.exec:\hbnhnh.exe39⤵
- Executes dropped EXE
PID:2816 -
\??\c:\7ntttt.exec:\7ntttt.exe40⤵
- Executes dropped EXE
PID:2728 -
\??\c:\lrxfflr.exec:\lrxfflr.exe41⤵
- Executes dropped EXE
PID:2656 -
\??\c:\tnhhnt.exec:\tnhhnt.exe42⤵
- Executes dropped EXE
PID:2624 -
\??\c:\jjvvv.exec:\jjvvv.exe43⤵
- Executes dropped EXE
PID:2628 -
\??\c:\1jjjv.exec:\1jjjv.exe44⤵
- Executes dropped EXE
PID:2384 -
\??\c:\lfrlrrx.exec:\lfrlrrx.exe45⤵
- Executes dropped EXE
PID:1456 -
\??\c:\hbbtbh.exec:\hbbtbh.exe46⤵
- Executes dropped EXE
PID:2764 -
\??\c:\ttnnbh.exec:\ttnnbh.exe47⤵
- Executes dropped EXE
PID:2560 -
\??\c:\vjppd.exec:\vjppd.exe48⤵
- Executes dropped EXE
PID:1528 -
\??\c:\lfrxlrf.exec:\lfrxlrf.exe49⤵
- Executes dropped EXE
PID:1976 -
\??\c:\5fxrfxl.exec:\5fxrfxl.exe50⤵
- Executes dropped EXE
PID:2912 -
\??\c:\tnbnnt.exec:\tnbnnt.exe51⤵
- Executes dropped EXE
PID:1048 -
\??\c:\pjppv.exec:\pjppv.exe52⤵
- Executes dropped EXE
PID:284 -
\??\c:\lxllxlx.exec:\lxllxlx.exe53⤵
- Executes dropped EXE
PID:1760 -
\??\c:\xrfrflr.exec:\xrfrflr.exe54⤵
- Executes dropped EXE
PID:804 -
\??\c:\nnhntt.exec:\nnhntt.exe55⤵
- Executes dropped EXE
PID:1648 -
\??\c:\pjjpv.exec:\pjjpv.exe56⤵
- Executes dropped EXE
PID:2128 -
\??\c:\rfrrlrr.exec:\rfrrlrr.exe57⤵
- Executes dropped EXE
PID:2836 -
\??\c:\frfffxx.exec:\frfffxx.exe58⤵
- Executes dropped EXE
PID:2640 -
\??\c:\9nbbhn.exec:\9nbbhn.exe59⤵
- Executes dropped EXE
PID:2636 -
\??\c:\dvjpv.exec:\dvjpv.exe60⤵
- Executes dropped EXE
PID:1160 -
\??\c:\pdpjd.exec:\pdpjd.exe61⤵
- Executes dropped EXE
PID:3040 -
\??\c:\rrrxllx.exec:\rrrxllx.exe62⤵
- Executes dropped EXE
PID:1812 -
\??\c:\tthhnn.exec:\tthhnn.exe63⤵
- Executes dropped EXE
PID:540 -
\??\c:\3btttb.exec:\3btttb.exe64⤵
- Executes dropped EXE
PID:1352 -
\??\c:\pdjdj.exec:\pdjdj.exe65⤵
- Executes dropped EXE
PID:1884 -
\??\c:\pdjjj.exec:\pdjjj.exe66⤵PID:3008
-
\??\c:\xxrrxxx.exec:\xxrrxxx.exe67⤵PID:1400
-
\??\c:\nhtbhh.exec:\nhtbhh.exe68⤵PID:1568
-
\??\c:\vjdjd.exec:\vjdjd.exe69⤵PID:1712
-
\??\c:\7vddj.exec:\7vddj.exe70⤵PID:1124
-
\??\c:\5flfxxx.exec:\5flfxxx.exe71⤵PID:1752
-
\??\c:\tbhhhb.exec:\tbhhhb.exe72⤵PID:2136
-
\??\c:\pjddp.exec:\pjddp.exe73⤵PID:2364
-
\??\c:\vpvpp.exec:\vpvpp.exe74⤵PID:2740
-
\??\c:\9rxxrrx.exec:\9rxxrrx.exe75⤵PID:2604
-
\??\c:\bnbbbh.exec:\bnbbbh.exe76⤵PID:2916
-
\??\c:\3jjjd.exec:\3jjjd.exe77⤵PID:2588
-
\??\c:\5lxrxrx.exec:\5lxrxrx.exe78⤵PID:2980
-
\??\c:\5lflrff.exec:\5lflrff.exe79⤵PID:2700
-
\??\c:\hbthnt.exec:\hbthnt.exe80⤵PID:2920
-
\??\c:\hbtbhh.exec:\hbtbhh.exe81⤵PID:2692
-
\??\c:\vpddd.exec:\vpddd.exe82⤵PID:2492
-
\??\c:\frlrxll.exec:\frlrxll.exe83⤵PID:2464
-
\??\c:\3tnnbh.exec:\3tnnbh.exe84⤵PID:1204
-
\??\c:\thtthb.exec:\thtthb.exe85⤵PID:2888
-
\??\c:\vpjpv.exec:\vpjpv.exe86⤵PID:908
-
\??\c:\rfllrlr.exec:\rfllrlr.exe87⤵PID:2792
-
\??\c:\rfrrxxl.exec:\rfrrxxl.exe88⤵PID:2500
-
\??\c:\thtbhh.exec:\thtbhh.exe89⤵PID:1824
-
\??\c:\djvdp.exec:\djvdp.exe90⤵PID:1284
-
\??\c:\ppppj.exec:\ppppj.exe91⤵PID:2236
-
\??\c:\7xlfllr.exec:\7xlfllr.exe92⤵PID:2344
-
\??\c:\hnbbbh.exec:\hnbbbh.exe93⤵PID:1980
-
\??\c:\nbtbhb.exec:\nbtbhb.exe94⤵PID:1588
-
\??\c:\3pddd.exec:\3pddd.exe95⤵PID:2084
-
\??\c:\vpvjj.exec:\vpvjj.exe96⤵PID:2220
-
\??\c:\llrrxxf.exec:\llrrxxf.exe97⤵PID:2052
-
\??\c:\hbnhnn.exec:\hbnhnn.exe98⤵PID:3024
-
\??\c:\bttnbb.exec:\bttnbb.exe99⤵PID:2444
-
\??\c:\jpjdd.exec:\jpjdd.exe100⤵PID:2296
-
\??\c:\3pvpp.exec:\3pvpp.exe101⤵PID:1504
-
\??\c:\9llrxxf.exec:\9llrxxf.exe102⤵PID:1228
-
\??\c:\htttbb.exec:\htttbb.exe103⤵PID:784
-
\??\c:\nbbhtt.exec:\nbbhtt.exe104⤵PID:696
-
\??\c:\jjddj.exec:\jjddj.exe105⤵PID:2092
-
\??\c:\fxlfffl.exec:\fxlfffl.exe106⤵PID:1660
-
\??\c:\rxllrlr.exec:\rxllrlr.exe107⤵PID:3068
-
\??\c:\nhttbh.exec:\nhttbh.exe108⤵PID:876
-
\??\c:\5tntnt.exec:\5tntnt.exe109⤵PID:1404
-
\??\c:\ddpvv.exec:\ddpvv.exe110⤵PID:840
-
\??\c:\lxllxxf.exec:\lxllxxf.exe111⤵PID:1848
-
\??\c:\5rlrxxf.exec:\5rlrxxf.exe112⤵PID:1524
-
\??\c:\bthnbt.exec:\bthnbt.exe113⤵PID:2928
-
\??\c:\pjjjj.exec:\pjjjj.exe114⤵PID:2968
-
\??\c:\lflrlfl.exec:\lflrlfl.exe115⤵PID:2936
-
\??\c:\rrffrrf.exec:\rrffrrf.exe116⤵PID:1620
-
\??\c:\hbhntt.exec:\hbhntt.exe117⤵PID:2664
-
\??\c:\nnhntt.exec:\nnhntt.exe118⤵PID:2592
-
\??\c:\jvjjp.exec:\jvjjp.exe119⤵PID:2584
-
\??\c:\5rlxfll.exec:\5rlxfll.exe120⤵PID:2488
-
\??\c:\rfrxxrx.exec:\rfrxxrx.exe121⤵PID:2572
-
\??\c:\5htttt.exec:\5htttt.exe122⤵PID:2480
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-