Analysis
-
max time kernel
150s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 01:21
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
a3599f6f6e1e7b3012776d4ad36db6687aa1fdcd4d41e074bef7e5fcbc0036bd.exe
Resource
win7-20240221-en
6 signatures
150 seconds
General
-
Target
a3599f6f6e1e7b3012776d4ad36db6687aa1fdcd4d41e074bef7e5fcbc0036bd.exe
-
Size
334KB
-
MD5
67aa994005965fb7df39898b8fae3313
-
SHA1
663067d42bb7d404caf9d32c954691a903f58d28
-
SHA256
a3599f6f6e1e7b3012776d4ad36db6687aa1fdcd4d41e074bef7e5fcbc0036bd
-
SHA512
2f32c042bd7585dc3fa396af0686f09475853c0da569ed568f2a06872ffd3930941c1b1c26f6b07029dfc141aeec7545152f8ceb3e9fdd59aa00891929687294
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo7LCgnilBxBqwZK2q6sYTsmZDSFdBE0rXE4efC:n3C9BRo/CEilXBG2qZSlSFdBXExC
Malware Config
Signatures
-
Detect Blackmoon payload 20 IoCs
resource yara_rule behavioral1/memory/2172-1-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2888-12-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2524-31-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2548-40-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2576-51-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2532-70-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2412-80-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2836-95-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2188-131-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1756-150-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2336-159-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1100-167-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1548-176-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1640-185-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2780-203-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2924-212-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/380-222-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2140-230-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1804-248-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2040-293-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 21 IoCs
resource yara_rule behavioral1/memory/2172-1-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2888-12-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2524-31-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2548-40-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2576-50-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2576-51-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2532-70-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2412-80-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2836-95-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2188-131-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1756-150-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2336-159-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1100-167-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1548-176-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1640-185-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2780-203-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2924-212-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/380-222-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2140-230-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1804-248-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2040-293-0x0000000000400000-0x0000000000429000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 2888 xbjnfn.exe 2584 vtldbj.exe 2524 bhptjt.exe 2548 vhnfl.exe 2576 fppjlp.exe 2676 dlpvhf.exe 2532 rlntfj.exe 2412 lhbjf.exe 2836 nbrfhbh.exe 636 jpthbl.exe 1588 jdlthvn.exe 2384 rxjnrl.exe 2188 nrptnvd.exe 1092 jnhlrl.exe 1756 xjvllfl.exe 2336 pvxjfl.exe 1100 njtdrt.exe 1548 lfvnb.exe 1640 xlftnpr.exe 1196 hfjjxjb.exe 2780 lpdnht.exe 2924 nxxhplj.exe 380 bnvrrv.exe 2140 bxvphb.exe 1848 rnhrvdb.exe 1804 btpnjhp.exe 808 bvrldxn.exe 320 nnnlb.exe 1676 tfpxpvx.exe 568 tnbntvv.exe 2040 tndhnfd.exe 2884 pfnjfbb.exe 2244 xnhxfn.exe 2084 tvrdtv.exe 2680 xthjbhp.exe 2164 vrvffv.exe 2616 trjdlvp.exe 2540 xhndjfp.exe 2656 ldxfrfl.exe 2504 xpxxh.exe 2760 tnhtjh.exe 2120 hhplxfb.exe 2420 rrblf.exe 2452 pjvflnr.exe 2400 pbprf.exe 2904 plvhv.exe 1972 dfnplh.exe 848 jbnpfx.exe 1016 hvnxjl.exe 928 nxtnnx.exe 2384 fplltlx.exe 1072 xjvdh.exe 2004 xrnpf.exe 2232 vlbnbj.exe 2320 dvvjl.exe 1964 ptrvpj.exe 2220 pvvpvt.exe 1524 ftfnd.exe 1636 jtnrfv.exe 3044 xbhjhh.exe 2580 rhbfvb.exe 2940 nvhjpt.exe 548 rlfvv.exe 1628 tnjbj.exe -
resource yara_rule behavioral1/memory/2172-1-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2888-12-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2524-31-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2548-40-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2576-50-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2576-51-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2532-70-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2412-80-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2836-95-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2188-131-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1756-150-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2336-159-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1100-167-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1548-176-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1640-185-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2780-203-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2924-212-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/380-222-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2140-230-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1804-248-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2040-293-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2172 wrote to memory of 2888 2172 a3599f6f6e1e7b3012776d4ad36db6687aa1fdcd4d41e074bef7e5fcbc0036bd.exe 28 PID 2172 wrote to memory of 2888 2172 a3599f6f6e1e7b3012776d4ad36db6687aa1fdcd4d41e074bef7e5fcbc0036bd.exe 28 PID 2172 wrote to memory of 2888 2172 a3599f6f6e1e7b3012776d4ad36db6687aa1fdcd4d41e074bef7e5fcbc0036bd.exe 28 PID 2172 wrote to memory of 2888 2172 a3599f6f6e1e7b3012776d4ad36db6687aa1fdcd4d41e074bef7e5fcbc0036bd.exe 28 PID 2888 wrote to memory of 2584 2888 xbjnfn.exe 29 PID 2888 wrote to memory of 2584 2888 xbjnfn.exe 29 PID 2888 wrote to memory of 2584 2888 xbjnfn.exe 29 PID 2888 wrote to memory of 2584 2888 xbjnfn.exe 29 PID 2584 wrote to memory of 2524 2584 vtldbj.exe 30 PID 2584 wrote to memory of 2524 2584 vtldbj.exe 30 PID 2584 wrote to memory of 2524 2584 vtldbj.exe 30 PID 2584 wrote to memory of 2524 2584 vtldbj.exe 30 PID 2524 wrote to memory of 2548 2524 bhptjt.exe 31 PID 2524 wrote to memory of 2548 2524 bhptjt.exe 31 PID 2524 wrote to memory of 2548 2524 bhptjt.exe 31 PID 2524 wrote to memory of 2548 2524 bhptjt.exe 31 PID 2548 wrote to memory of 2576 2548 vhnfl.exe 32 PID 2548 wrote to memory of 2576 2548 vhnfl.exe 32 PID 2548 wrote to memory of 2576 2548 vhnfl.exe 32 PID 2548 wrote to memory of 2576 2548 vhnfl.exe 32 PID 2576 wrote to memory of 2676 2576 fppjlp.exe 33 PID 2576 wrote to memory of 2676 2576 fppjlp.exe 33 PID 2576 wrote to memory of 2676 2576 fppjlp.exe 33 PID 2576 wrote to memory of 2676 2576 fppjlp.exe 33 PID 2676 wrote to memory of 2532 2676 dlpvhf.exe 34 PID 2676 wrote to memory of 2532 2676 dlpvhf.exe 34 PID 2676 wrote to memory of 2532 2676 dlpvhf.exe 34 PID 2676 wrote to memory of 2532 2676 dlpvhf.exe 34 PID 2532 wrote to memory of 2412 2532 rlntfj.exe 35 PID 2532 wrote to memory of 2412 2532 rlntfj.exe 35 PID 2532 wrote to memory of 2412 2532 rlntfj.exe 35 PID 2532 wrote to memory of 2412 2532 rlntfj.exe 35 PID 2412 wrote to memory of 2836 2412 lhbjf.exe 36 PID 2412 wrote to memory of 2836 2412 lhbjf.exe 36 PID 2412 wrote to memory of 2836 2412 lhbjf.exe 36 PID 2412 wrote to memory of 2836 2412 lhbjf.exe 36 PID 2836 wrote to memory of 636 2836 nbrfhbh.exe 37 PID 2836 wrote to memory of 636 2836 nbrfhbh.exe 37 PID 2836 wrote to memory of 636 2836 nbrfhbh.exe 37 PID 2836 wrote to memory of 636 2836 nbrfhbh.exe 37 PID 636 wrote to memory of 1588 636 jpthbl.exe 38 PID 636 wrote to memory of 1588 636 jpthbl.exe 38 PID 636 wrote to memory of 1588 636 jpthbl.exe 38 PID 636 wrote to memory of 1588 636 jpthbl.exe 38 PID 1588 wrote to memory of 2384 1588 jdlthvn.exe 39 PID 1588 wrote to memory of 2384 1588 jdlthvn.exe 39 PID 1588 wrote to memory of 2384 1588 jdlthvn.exe 39 PID 1588 wrote to memory of 2384 1588 jdlthvn.exe 39 PID 2384 wrote to memory of 2188 2384 rxjnrl.exe 40 PID 2384 wrote to memory of 2188 2384 rxjnrl.exe 40 PID 2384 wrote to memory of 2188 2384 rxjnrl.exe 40 PID 2384 wrote to memory of 2188 2384 rxjnrl.exe 40 PID 2188 wrote to memory of 1092 2188 nrptnvd.exe 41 PID 2188 wrote to memory of 1092 2188 nrptnvd.exe 41 PID 2188 wrote to memory of 1092 2188 nrptnvd.exe 41 PID 2188 wrote to memory of 1092 2188 nrptnvd.exe 41 PID 1092 wrote to memory of 1756 1092 jnhlrl.exe 42 PID 1092 wrote to memory of 1756 1092 jnhlrl.exe 42 PID 1092 wrote to memory of 1756 1092 jnhlrl.exe 42 PID 1092 wrote to memory of 1756 1092 jnhlrl.exe 42 PID 1756 wrote to memory of 2336 1756 xjvllfl.exe 43 PID 1756 wrote to memory of 2336 1756 xjvllfl.exe 43 PID 1756 wrote to memory of 2336 1756 xjvllfl.exe 43 PID 1756 wrote to memory of 2336 1756 xjvllfl.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\a3599f6f6e1e7b3012776d4ad36db6687aa1fdcd4d41e074bef7e5fcbc0036bd.exe"C:\Users\Admin\AppData\Local\Temp\a3599f6f6e1e7b3012776d4ad36db6687aa1fdcd4d41e074bef7e5fcbc0036bd.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2172 -
\??\c:\xbjnfn.exec:\xbjnfn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2888 -
\??\c:\vtldbj.exec:\vtldbj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2584 -
\??\c:\bhptjt.exec:\bhptjt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2524 -
\??\c:\vhnfl.exec:\vhnfl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2548 -
\??\c:\fppjlp.exec:\fppjlp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2576 -
\??\c:\dlpvhf.exec:\dlpvhf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2676 -
\??\c:\rlntfj.exec:\rlntfj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2532 -
\??\c:\lhbjf.exec:\lhbjf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2412 -
\??\c:\nbrfhbh.exec:\nbrfhbh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2836 -
\??\c:\jpthbl.exec:\jpthbl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:636 -
\??\c:\jdlthvn.exec:\jdlthvn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1588 -
\??\c:\rxjnrl.exec:\rxjnrl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2384 -
\??\c:\nrptnvd.exec:\nrptnvd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2188 -
\??\c:\jnhlrl.exec:\jnhlrl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1092 -
\??\c:\xjvllfl.exec:\xjvllfl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1756 -
\??\c:\pvxjfl.exec:\pvxjfl.exe17⤵
- Executes dropped EXE
PID:2336 -
\??\c:\njtdrt.exec:\njtdrt.exe18⤵
- Executes dropped EXE
PID:1100 -
\??\c:\lfvnb.exec:\lfvnb.exe19⤵
- Executes dropped EXE
PID:1548 -
\??\c:\xlftnpr.exec:\xlftnpr.exe20⤵
- Executes dropped EXE
PID:1640 -
\??\c:\hfjjxjb.exec:\hfjjxjb.exe21⤵
- Executes dropped EXE
PID:1196 -
\??\c:\lpdnht.exec:\lpdnht.exe22⤵
- Executes dropped EXE
PID:2780 -
\??\c:\nxxhplj.exec:\nxxhplj.exe23⤵
- Executes dropped EXE
PID:2924 -
\??\c:\bnvrrv.exec:\bnvrrv.exe24⤵
- Executes dropped EXE
PID:380 -
\??\c:\bxvphb.exec:\bxvphb.exe25⤵
- Executes dropped EXE
PID:2140 -
\??\c:\rnhrvdb.exec:\rnhrvdb.exe26⤵
- Executes dropped EXE
PID:1848 -
\??\c:\btpnjhp.exec:\btpnjhp.exe27⤵
- Executes dropped EXE
PID:1804 -
\??\c:\bvrldxn.exec:\bvrldxn.exe28⤵
- Executes dropped EXE
PID:808 -
\??\c:\nnnlb.exec:\nnnlb.exe29⤵
- Executes dropped EXE
PID:320 -
\??\c:\tfpxpvx.exec:\tfpxpvx.exe30⤵
- Executes dropped EXE
PID:1676 -
\??\c:\tnbntvv.exec:\tnbntvv.exe31⤵
- Executes dropped EXE
PID:568 -
\??\c:\tndhnfd.exec:\tndhnfd.exe32⤵
- Executes dropped EXE
PID:2040 -
\??\c:\pfnjfbb.exec:\pfnjfbb.exe33⤵
- Executes dropped EXE
PID:2884 -
\??\c:\xnhxfn.exec:\xnhxfn.exe34⤵
- Executes dropped EXE
PID:2244 -
\??\c:\tvrdtv.exec:\tvrdtv.exe35⤵
- Executes dropped EXE
PID:2084 -
\??\c:\xthjbhp.exec:\xthjbhp.exe36⤵
- Executes dropped EXE
PID:2680 -
\??\c:\vrvffv.exec:\vrvffv.exe37⤵
- Executes dropped EXE
PID:2164 -
\??\c:\trjdlvp.exec:\trjdlvp.exe38⤵
- Executes dropped EXE
PID:2616 -
\??\c:\xhndjfp.exec:\xhndjfp.exe39⤵
- Executes dropped EXE
PID:2540 -
\??\c:\ldxfrfl.exec:\ldxfrfl.exe40⤵
- Executes dropped EXE
PID:2656 -
\??\c:\xpxxh.exec:\xpxxh.exe41⤵
- Executes dropped EXE
PID:2504 -
\??\c:\tnhtjh.exec:\tnhtjh.exe42⤵
- Executes dropped EXE
PID:2760 -
\??\c:\hhplxfb.exec:\hhplxfb.exe43⤵
- Executes dropped EXE
PID:2120 -
\??\c:\rrblf.exec:\rrblf.exe44⤵
- Executes dropped EXE
PID:2420 -
\??\c:\pjvflnr.exec:\pjvflnr.exe45⤵
- Executes dropped EXE
PID:2452 -
\??\c:\pbprf.exec:\pbprf.exe46⤵
- Executes dropped EXE
PID:2400 -
\??\c:\plvhv.exec:\plvhv.exe47⤵
- Executes dropped EXE
PID:2904 -
\??\c:\dfnplh.exec:\dfnplh.exe48⤵
- Executes dropped EXE
PID:1972 -
\??\c:\jbnpfx.exec:\jbnpfx.exe49⤵
- Executes dropped EXE
PID:848 -
\??\c:\hvnxjl.exec:\hvnxjl.exe50⤵
- Executes dropped EXE
PID:1016 -
\??\c:\nxtnnx.exec:\nxtnnx.exe51⤵
- Executes dropped EXE
PID:928 -
\??\c:\fplltlx.exec:\fplltlx.exe52⤵
- Executes dropped EXE
PID:2384 -
\??\c:\xjvdh.exec:\xjvdh.exe53⤵
- Executes dropped EXE
PID:1072 -
\??\c:\xrnpf.exec:\xrnpf.exe54⤵
- Executes dropped EXE
PID:2004 -
\??\c:\vlbnbj.exec:\vlbnbj.exe55⤵
- Executes dropped EXE
PID:2232 -
\??\c:\dvvjl.exec:\dvvjl.exe56⤵
- Executes dropped EXE
PID:2320 -
\??\c:\ptrvpj.exec:\ptrvpj.exe57⤵
- Executes dropped EXE
PID:1964 -
\??\c:\pvvpvt.exec:\pvvpvt.exe58⤵
- Executes dropped EXE
PID:2220 -
\??\c:\ftfnd.exec:\ftfnd.exe59⤵
- Executes dropped EXE
PID:1524 -
\??\c:\jtnrfv.exec:\jtnrfv.exe60⤵
- Executes dropped EXE
PID:1636 -
\??\c:\xbhjhh.exec:\xbhjhh.exe61⤵
- Executes dropped EXE
PID:3044 -
\??\c:\rhbfvb.exec:\rhbfvb.exe62⤵
- Executes dropped EXE
PID:2580 -
\??\c:\nvhjpt.exec:\nvhjpt.exe63⤵
- Executes dropped EXE
PID:2940 -
\??\c:\rlfvv.exec:\rlfvv.exe64⤵
- Executes dropped EXE
PID:548 -
\??\c:\tnjbj.exec:\tnjbj.exe65⤵
- Executes dropped EXE
PID:1628 -
\??\c:\hfldtn.exec:\hfldtn.exe66⤵PID:3064
-
\??\c:\ltfbfn.exec:\ltfbfn.exe67⤵PID:1564
-
\??\c:\pfxvbnt.exec:\pfxvbnt.exe68⤵PID:2328
-
\??\c:\tfvln.exec:\tfvln.exe69⤵PID:1804
-
\??\c:\vjfxdv.exec:\vjfxdv.exe70⤵PID:1824
-
\??\c:\prnvpl.exec:\prnvpl.exe71⤵PID:1968
-
\??\c:\xrpvdl.exec:\xrpvdl.exe72⤵PID:980
-
\??\c:\ptpfpv.exec:\ptpfpv.exe73⤵PID:1676
-
\??\c:\fjxbp.exec:\fjxbp.exe74⤵PID:2036
-
\??\c:\vjlrft.exec:\vjlrft.exe75⤵PID:1000
-
\??\c:\tblfj.exec:\tblfj.exe76⤵PID:1952
-
\??\c:\xlnhb.exec:\xlnhb.exe77⤵PID:800
-
\??\c:\tdpdvtx.exec:\tdpdvtx.exe78⤵PID:1512
-
\??\c:\vxtbhv.exec:\vxtbhv.exe79⤵PID:2160
-
\??\c:\fjfvx.exec:\fjfvx.exe80⤵PID:2684
-
\??\c:\fprnvfn.exec:\fprnvfn.exe81⤵PID:3048
-
\??\c:\phprjvd.exec:\phprjvd.exe82⤵PID:2916
-
\??\c:\dfjrjh.exec:\dfjrjh.exe83⤵PID:1608
-
\??\c:\blnjpxt.exec:\blnjpxt.exe84⤵PID:2668
-
\??\c:\bxtddb.exec:\bxtddb.exe85⤵PID:2520
-
\??\c:\lbhvr.exec:\lbhvr.exe86⤵PID:2564
-
\??\c:\jxlfnh.exec:\jxlfnh.exe87⤵PID:2756
-
\??\c:\vtdvjf.exec:\vtdvjf.exe88⤵PID:3040
-
\??\c:\xtjrbv.exec:\xtjrbv.exe89⤵PID:2192
-
\??\c:\ndfrx.exec:\ndfrx.exe90⤵PID:2444
-
\??\c:\xxlnvf.exec:\xxlnvf.exe91⤵PID:2416
-
\??\c:\tlhnptn.exec:\tlhnptn.exe92⤵PID:2292
-
\??\c:\rvptvjp.exec:\rvptvjp.exe93⤵PID:844
-
\??\c:\htrftr.exec:\htrftr.exe94⤵PID:2224
-
\??\c:\pvtfjxh.exec:\pvtfjxh.exe95⤵PID:2632
-
\??\c:\xjjvx.exec:\xjjvx.exe96⤵PID:2464
-
\??\c:\tpljt.exec:\tpljt.exe97⤵PID:1184
-
\??\c:\nrhnhtb.exec:\nrhnhtb.exe98⤵PID:1976
-
\??\c:\trtjjl.exec:\trtjjl.exe99⤵PID:2716
-
\??\c:\hdlprbt.exec:\hdlprbt.exe100⤵PID:2000
-
\??\c:\pjdvfl.exec:\pjdvfl.exe101⤵PID:1696
-
\??\c:\htdbf.exec:\htdbf.exe102⤵PID:1964
-
\??\c:\flnvhxv.exec:\flnvhxv.exe103⤵PID:1548
-
\??\c:\bdhbxt.exec:\bdhbxt.exe104⤵PID:2200
-
\??\c:\prdnd.exec:\prdnd.exe105⤵PID:2256
-
\??\c:\vbhrx.exec:\vbhrx.exe106⤵PID:324
-
\??\c:\xvpllhv.exec:\xvpllhv.exe107⤵PID:2792
-
\??\c:\npfnftp.exec:\npfnftp.exe108⤵PID:2996
-
\??\c:\vptll.exec:\vptll.exe109⤵PID:2964
-
\??\c:\blprpb.exec:\blprpb.exe110⤵PID:1376
-
\??\c:\pvfvp.exec:\pvfvp.exe111⤵PID:1876
-
\??\c:\nrfdvxl.exec:\nrfdvxl.exe112⤵PID:1320
-
\??\c:\lhlrdxt.exec:\lhlrdxt.exe113⤵PID:340
-
\??\c:\nrvnfn.exec:\nrvnfn.exe114⤵PID:684
-
\??\c:\fdxddr.exec:\fdxddr.exe115⤵PID:2952
-
\??\c:\nxrjl.exec:\nxrjl.exe116⤵PID:1820
-
\??\c:\hvbrdn.exec:\hvbrdn.exe117⤵PID:2808
-
\??\c:\ppfrrhn.exec:\ppfrrhn.exe118⤵PID:568
-
\??\c:\pfnprr.exec:\pfnprr.exe119⤵PID:2104
-
\??\c:\rtxjl.exec:\rtxjl.exe120⤵PID:1212
-
\??\c:\tllfdjh.exec:\tllfdjh.exe121⤵PID:1708
-
\??\c:\rpxxbdj.exec:\rpxxbdj.exe122⤵PID:2948
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-