Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 01:35
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
3eedd43c13fa8f1f5c69718759db0de0.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
3eedd43c13fa8f1f5c69718759db0de0.exe
-
Size
68KB
-
MD5
3eedd43c13fa8f1f5c69718759db0de0
-
SHA1
9ea44dbd9cdcf287212731ca09ecc2717d68c405
-
SHA256
97c762a8882135216351a71aa9690090832c1a206d6e2abc0e54b58f476b1f40
-
SHA512
12330f0ef01b34b02d9f63dbc2325d03b21e539e7e03bba2044be85187ff1f0095f27618a31aad73ff99d053206be5be8062f71291223fa8bd07b501406fb9a7
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxND0yUwcsbY/4:ymb3NkkiQ3mdBjF0yjcsMw
Malware Config
Signatures
-
Detect Blackmoon payload 21 IoCs
resource yara_rule behavioral1/memory/1984-16-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/3036-13-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/3036-11-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2632-26-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2544-36-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2608-48-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2408-67-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2968-77-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/676-88-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2480-102-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/896-111-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2976-120-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2796-129-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1084-165-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2320-192-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2312-201-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1968-210-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2644-282-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1648-292-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/3012-300-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1984-331-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 1984 rxrflv.exe 2632 hldxt.exe 2544 lnhrr.exe 2608 jtlrb.exe 2576 nljjt.exe 2408 htbdhfp.exe 2968 tbbxfb.exe 676 bbrnxd.exe 2480 pxrtn.exe 896 hhjtr.exe 2976 vhbptt.exe 2796 jdnbp.exe 2472 trrxjhb.exe 2736 fdtvll.exe 1480 pfjfjj.exe 1084 thlddx.exe 2804 vlljdvh.exe 608 xjdrrbp.exe 2320 nnbblv.exe 2312 pftjh.exe 1968 hltht.exe 2084 nptln.exe 592 dxtdx.exe 2360 hfxxd.exe 680 drlxfhh.exe 2180 nrrbrpp.exe 1440 ldllvpv.exe 292 xdbrf.exe 2644 fbbrjfh.exe 1648 hxhnxdx.exe 3012 btffphb.exe 3004 lbhhht.exe 2936 btlvpjt.exe 2260 rxblt.exe 1984 bxhdplh.exe 2724 jpjtbj.exe 2420 hpjjxjt.exe 2636 nbxrpn.exe 2884 llrdfjn.exe 2828 hjvjjdj.exe 2500 vdtnbx.exe 2428 jdtbt.exe 2476 tlbtj.exe 2992 vhtdd.exe 524 rdhnpjx.exe 704 flldhb.exe 568 pjlrx.exe 272 btbbvn.exe 896 tlrvh.exe 2284 nxvvv.exe 2752 nnvdr.exe 2596 fthhtxf.exe 2400 jvjxv.exe 2736 frvxtdt.exe 2800 tdrrltb.exe 2768 bdnlhbf.exe 840 jtfltd.exe 1328 vnnbbt.exe 1404 hfjpnr.exe 2244 nxjnnx.exe 1200 pfbnnjr.exe 1980 lxxdn.exe 2904 ltdntl.exe 944 vpxbn.exe -
resource yara_rule behavioral1/memory/3036-3-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1984-16-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/3036-11-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2632-26-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2544-36-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2608-44-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2608-48-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2608-46-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2408-67-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2968-77-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2968-75-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/676-88-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2480-102-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/896-111-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2976-120-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2796-129-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1084-165-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2320-192-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2312-201-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1968-210-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2644-282-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1648-292-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/3012-300-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1984-331-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3036 wrote to memory of 1984 3036 3eedd43c13fa8f1f5c69718759db0de0.exe 28 PID 3036 wrote to memory of 1984 3036 3eedd43c13fa8f1f5c69718759db0de0.exe 28 PID 3036 wrote to memory of 1984 3036 3eedd43c13fa8f1f5c69718759db0de0.exe 28 PID 3036 wrote to memory of 1984 3036 3eedd43c13fa8f1f5c69718759db0de0.exe 28 PID 1984 wrote to memory of 2632 1984 rxrflv.exe 29 PID 1984 wrote to memory of 2632 1984 rxrflv.exe 29 PID 1984 wrote to memory of 2632 1984 rxrflv.exe 29 PID 1984 wrote to memory of 2632 1984 rxrflv.exe 29 PID 2632 wrote to memory of 2544 2632 hldxt.exe 30 PID 2632 wrote to memory of 2544 2632 hldxt.exe 30 PID 2632 wrote to memory of 2544 2632 hldxt.exe 30 PID 2632 wrote to memory of 2544 2632 hldxt.exe 30 PID 2544 wrote to memory of 2608 2544 lnhrr.exe 31 PID 2544 wrote to memory of 2608 2544 lnhrr.exe 31 PID 2544 wrote to memory of 2608 2544 lnhrr.exe 31 PID 2544 wrote to memory of 2608 2544 lnhrr.exe 31 PID 2608 wrote to memory of 2576 2608 jtlrb.exe 32 PID 2608 wrote to memory of 2576 2608 jtlrb.exe 32 PID 2608 wrote to memory of 2576 2608 jtlrb.exe 32 PID 2608 wrote to memory of 2576 2608 jtlrb.exe 32 PID 2576 wrote to memory of 2408 2576 nljjt.exe 33 PID 2576 wrote to memory of 2408 2576 nljjt.exe 33 PID 2576 wrote to memory of 2408 2576 nljjt.exe 33 PID 2576 wrote to memory of 2408 2576 nljjt.exe 33 PID 2408 wrote to memory of 2968 2408 htbdhfp.exe 34 PID 2408 wrote to memory of 2968 2408 htbdhfp.exe 34 PID 2408 wrote to memory of 2968 2408 htbdhfp.exe 34 PID 2408 wrote to memory of 2968 2408 htbdhfp.exe 34 PID 2968 wrote to memory of 676 2968 tbbxfb.exe 35 PID 2968 wrote to memory of 676 2968 tbbxfb.exe 35 PID 2968 wrote to memory of 676 2968 tbbxfb.exe 35 PID 2968 wrote to memory of 676 2968 tbbxfb.exe 35 PID 676 wrote to memory of 2480 676 bbrnxd.exe 36 PID 676 wrote to memory of 2480 676 bbrnxd.exe 36 PID 676 wrote to memory of 2480 676 bbrnxd.exe 36 PID 676 wrote to memory of 2480 676 bbrnxd.exe 36 PID 2480 wrote to memory of 896 2480 pxrtn.exe 37 PID 2480 wrote to memory of 896 2480 pxrtn.exe 37 PID 2480 wrote to memory of 896 2480 pxrtn.exe 37 PID 2480 wrote to memory of 896 2480 pxrtn.exe 37 PID 896 wrote to memory of 2976 896 hhjtr.exe 38 PID 896 wrote to memory of 2976 896 hhjtr.exe 38 PID 896 wrote to memory of 2976 896 hhjtr.exe 38 PID 896 wrote to memory of 2976 896 hhjtr.exe 38 PID 2976 wrote to memory of 2796 2976 vhbptt.exe 39 PID 2976 wrote to memory of 2796 2976 vhbptt.exe 39 PID 2976 wrote to memory of 2796 2976 vhbptt.exe 39 PID 2976 wrote to memory of 2796 2976 vhbptt.exe 39 PID 2796 wrote to memory of 2472 2796 jdnbp.exe 40 PID 2796 wrote to memory of 2472 2796 jdnbp.exe 40 PID 2796 wrote to memory of 2472 2796 jdnbp.exe 40 PID 2796 wrote to memory of 2472 2796 jdnbp.exe 40 PID 2472 wrote to memory of 2736 2472 trrxjhb.exe 41 PID 2472 wrote to memory of 2736 2472 trrxjhb.exe 41 PID 2472 wrote to memory of 2736 2472 trrxjhb.exe 41 PID 2472 wrote to memory of 2736 2472 trrxjhb.exe 41 PID 2736 wrote to memory of 1480 2736 fdtvll.exe 42 PID 2736 wrote to memory of 1480 2736 fdtvll.exe 42 PID 2736 wrote to memory of 1480 2736 fdtvll.exe 42 PID 2736 wrote to memory of 1480 2736 fdtvll.exe 42 PID 1480 wrote to memory of 1084 1480 pfjfjj.exe 43 PID 1480 wrote to memory of 1084 1480 pfjfjj.exe 43 PID 1480 wrote to memory of 1084 1480 pfjfjj.exe 43 PID 1480 wrote to memory of 1084 1480 pfjfjj.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\3eedd43c13fa8f1f5c69718759db0de0.exe"C:\Users\Admin\AppData\Local\Temp\3eedd43c13fa8f1f5c69718759db0de0.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3036 -
\??\c:\rxrflv.exec:\rxrflv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1984 -
\??\c:\hldxt.exec:\hldxt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2632 -
\??\c:\lnhrr.exec:\lnhrr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2544 -
\??\c:\jtlrb.exec:\jtlrb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2608 -
\??\c:\nljjt.exec:\nljjt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2576 -
\??\c:\htbdhfp.exec:\htbdhfp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2408 -
\??\c:\tbbxfb.exec:\tbbxfb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2968 -
\??\c:\bbrnxd.exec:\bbrnxd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:676 -
\??\c:\pxrtn.exec:\pxrtn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2480 -
\??\c:\hhjtr.exec:\hhjtr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:896 -
\??\c:\vhbptt.exec:\vhbptt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2976 -
\??\c:\jdnbp.exec:\jdnbp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2796 -
\??\c:\trrxjhb.exec:\trrxjhb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2472 -
\??\c:\fdtvll.exec:\fdtvll.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2736 -
\??\c:\pfjfjj.exec:\pfjfjj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1480 -
\??\c:\thlddx.exec:\thlddx.exe17⤵
- Executes dropped EXE
PID:1084 -
\??\c:\vlljdvh.exec:\vlljdvh.exe18⤵
- Executes dropped EXE
PID:2804 -
\??\c:\xjdrrbp.exec:\xjdrrbp.exe19⤵
- Executes dropped EXE
PID:608 -
\??\c:\nnbblv.exec:\nnbblv.exe20⤵
- Executes dropped EXE
PID:2320 -
\??\c:\pftjh.exec:\pftjh.exe21⤵
- Executes dropped EXE
PID:2312 -
\??\c:\hltht.exec:\hltht.exe22⤵
- Executes dropped EXE
PID:1968 -
\??\c:\nptln.exec:\nptln.exe23⤵
- Executes dropped EXE
PID:2084 -
\??\c:\dxtdx.exec:\dxtdx.exe24⤵
- Executes dropped EXE
PID:592 -
\??\c:\hfxxd.exec:\hfxxd.exe25⤵
- Executes dropped EXE
PID:2360 -
\??\c:\drlxfhh.exec:\drlxfhh.exe26⤵
- Executes dropped EXE
PID:680 -
\??\c:\nrrbrpp.exec:\nrrbrpp.exe27⤵
- Executes dropped EXE
PID:2180 -
\??\c:\ldllvpv.exec:\ldllvpv.exe28⤵
- Executes dropped EXE
PID:1440 -
\??\c:\xdbrf.exec:\xdbrf.exe29⤵
- Executes dropped EXE
PID:292 -
\??\c:\fbbrjfh.exec:\fbbrjfh.exe30⤵
- Executes dropped EXE
PID:2644 -
\??\c:\hxhnxdx.exec:\hxhnxdx.exe31⤵
- Executes dropped EXE
PID:1648 -
\??\c:\btffphb.exec:\btffphb.exe32⤵
- Executes dropped EXE
PID:3012 -
\??\c:\lbhhht.exec:\lbhhht.exe33⤵
- Executes dropped EXE
PID:3004 -
\??\c:\btlvpjt.exec:\btlvpjt.exe34⤵
- Executes dropped EXE
PID:2936 -
\??\c:\rxblt.exec:\rxblt.exe35⤵
- Executes dropped EXE
PID:2260 -
\??\c:\bxhdplh.exec:\bxhdplh.exe36⤵
- Executes dropped EXE
PID:1984 -
\??\c:\jpjtbj.exec:\jpjtbj.exe37⤵
- Executes dropped EXE
PID:2724 -
\??\c:\hpjjxjt.exec:\hpjjxjt.exe38⤵
- Executes dropped EXE
PID:2420 -
\??\c:\nbxrpn.exec:\nbxrpn.exe39⤵
- Executes dropped EXE
PID:2636 -
\??\c:\llrdfjn.exec:\llrdfjn.exe40⤵
- Executes dropped EXE
PID:2884 -
\??\c:\hjvjjdj.exec:\hjvjjdj.exe41⤵
- Executes dropped EXE
PID:2828 -
\??\c:\vdtnbx.exec:\vdtnbx.exe42⤵
- Executes dropped EXE
PID:2500 -
\??\c:\jdtbt.exec:\jdtbt.exe43⤵
- Executes dropped EXE
PID:2428 -
\??\c:\tlbtj.exec:\tlbtj.exe44⤵
- Executes dropped EXE
PID:2476 -
\??\c:\vhtdd.exec:\vhtdd.exe45⤵
- Executes dropped EXE
PID:2992 -
\??\c:\rdhnpjx.exec:\rdhnpjx.exe46⤵
- Executes dropped EXE
PID:524 -
\??\c:\flldhb.exec:\flldhb.exe47⤵
- Executes dropped EXE
PID:704 -
\??\c:\pjlrx.exec:\pjlrx.exe48⤵
- Executes dropped EXE
PID:568 -
\??\c:\btbbvn.exec:\btbbvn.exe49⤵
- Executes dropped EXE
PID:272 -
\??\c:\tlrvh.exec:\tlrvh.exe50⤵
- Executes dropped EXE
PID:896 -
\??\c:\nxvvv.exec:\nxvvv.exe51⤵
- Executes dropped EXE
PID:2284 -
\??\c:\nnvdr.exec:\nnvdr.exe52⤵
- Executes dropped EXE
PID:2752 -
\??\c:\fthhtxf.exec:\fthhtxf.exe53⤵
- Executes dropped EXE
PID:2596 -
\??\c:\jvjxv.exec:\jvjxv.exe54⤵
- Executes dropped EXE
PID:2400 -
\??\c:\frvxtdt.exec:\frvxtdt.exe55⤵
- Executes dropped EXE
PID:2736 -
\??\c:\tdrrltb.exec:\tdrrltb.exe56⤵
- Executes dropped EXE
PID:2800 -
\??\c:\bdnlhbf.exec:\bdnlhbf.exe57⤵
- Executes dropped EXE
PID:2768 -
\??\c:\jtfltd.exec:\jtfltd.exe58⤵
- Executes dropped EXE
PID:840 -
\??\c:\vnnbbt.exec:\vnnbbt.exe59⤵
- Executes dropped EXE
PID:1328 -
\??\c:\hfjpnr.exec:\hfjpnr.exe60⤵
- Executes dropped EXE
PID:1404 -
\??\c:\nxjnnx.exec:\nxjnnx.exe61⤵
- Executes dropped EXE
PID:2244 -
\??\c:\pfbnnjr.exec:\pfbnnjr.exe62⤵
- Executes dropped EXE
PID:1200 -
\??\c:\lxxdn.exec:\lxxdn.exe63⤵
- Executes dropped EXE
PID:1980 -
\??\c:\ltdntl.exec:\ltdntl.exe64⤵
- Executes dropped EXE
PID:2904 -
\??\c:\vpxbn.exec:\vpxbn.exe65⤵
- Executes dropped EXE
PID:944 -
\??\c:\tdhhpd.exec:\tdhhpd.exe66⤵PID:1040
-
\??\c:\fhvhvpf.exec:\fhvhvpf.exe67⤵PID:1944
-
\??\c:\hfxnrft.exec:\hfxnrft.exe68⤵PID:1692
-
\??\c:\ptttdl.exec:\ptttdl.exe69⤵PID:1132
-
\??\c:\vffvjnv.exec:\vffvjnv.exe70⤵PID:2204
-
\??\c:\hfxnt.exec:\hfxnt.exe71⤵PID:2308
-
\??\c:\hddlrp.exec:\hddlrp.exe72⤵PID:1884
-
\??\c:\pfbxhr.exec:\pfbxhr.exe73⤵PID:1664
-
\??\c:\fftxlh.exec:\fftxlh.exe74⤵PID:1008
-
\??\c:\fflnlj.exec:\fflnlj.exe75⤵PID:2932
-
\??\c:\hlppttv.exec:\hlppttv.exe76⤵PID:3000
-
\??\c:\jphlvh.exec:\jphlvh.exe77⤵PID:3004
-
\??\c:\vfxrrhn.exec:\vfxrrhn.exe78⤵PID:2936
-
\??\c:\hdlpjp.exec:\hdlpjp.exe79⤵PID:2260
-
\??\c:\prfhlp.exec:\prfhlp.exe80⤵PID:2516
-
\??\c:\vffrpv.exec:\vffrpv.exe81⤵PID:2896
-
\??\c:\jrhhhh.exec:\jrhhhh.exe82⤵PID:2540
-
\??\c:\xbnrtf.exec:\xbnrtf.exe83⤵PID:2632
-
\??\c:\jtrbd.exec:\jtrbd.exe84⤵PID:2884
-
\??\c:\hxtjfbx.exec:\hxtjfbx.exe85⤵PID:1920
-
\??\c:\xtlrb.exec:\xtlrb.exe86⤵PID:2548
-
\??\c:\fbpvjnn.exec:\fbpvjnn.exe87⤵PID:2416
-
\??\c:\pnjdd.exec:\pnjdd.exe88⤵PID:2476
-
\??\c:\jvnbrl.exec:\jvnbrl.exe89⤵PID:764
-
\??\c:\brbjjl.exec:\brbjjl.exe90⤵PID:760
-
\??\c:\rjpvv.exec:\rjpvv.exe91⤵PID:704
-
\??\c:\rfhrbn.exec:\rfhrbn.exe92⤵PID:564
-
\??\c:\nxbhfx.exec:\nxbhfx.exe93⤵PID:1656
-
\??\c:\dnhtvph.exec:\dnhtvph.exe94⤵PID:2004
-
\??\c:\plhxrp.exec:\plhxrp.exe95⤵PID:2284
-
\??\c:\dxtnnn.exec:\dxtnnn.exe96⤵PID:2664
-
\??\c:\nvxphbd.exec:\nvxphbd.exe97⤵PID:2596
-
\??\c:\dnxfbn.exec:\dnxfbn.exe98⤵PID:2712
-
\??\c:\lrvdv.exec:\lrvdv.exe99⤵PID:2736
-
\??\c:\tltprlh.exec:\tltprlh.exe100⤵PID:2776
-
\??\c:\flvdr.exec:\flvdr.exe101⤵PID:2784
-
\??\c:\lpvljxn.exec:\lpvljxn.exe102⤵PID:840
-
\??\c:\fxpxl.exec:\fxpxl.exe103⤵PID:1328
-
\??\c:\pjnnb.exec:\pjnnb.exe104⤵PID:1404
-
\??\c:\tbfllrr.exec:\tbfllrr.exe105⤵PID:2268
-
\??\c:\lbflld.exec:\lbflld.exe106⤵PID:2244
-
\??\c:\frjhp.exec:\frjhp.exe107⤵PID:1200
-
\??\c:\pbbpl.exec:\pbbpl.exe108⤵PID:1980
-
\??\c:\xlfrhr.exec:\xlfrhr.exe109⤵PID:2280
-
\??\c:\rnpxpf.exec:\rnpxpf.exe110⤵PID:2248
-
\??\c:\jhhhl.exec:\jhhhl.exe111⤵PID:592
-
\??\c:\tlndj.exec:\tlndj.exe112⤵PID:1944
-
\??\c:\tnfnntv.exec:\tnfnntv.exe113⤵PID:1620
-
\??\c:\jlvhhh.exec:\jlvhhh.exe114⤵PID:1936
-
\??\c:\pfdxhh.exec:\pfdxhh.exe115⤵PID:888
-
\??\c:\rlxhvlv.exec:\rlxhvlv.exe116⤵PID:1724
-
\??\c:\nnlpdn.exec:\nnlpdn.exe117⤵PID:2224
-
\??\c:\xffjx.exec:\xffjx.exe118⤵PID:844
-
\??\c:\ftrxtpr.exec:\ftrxtpr.exe119⤵PID:552
-
\??\c:\tttppjt.exec:\tttppjt.exe120⤵PID:1696
-
\??\c:\jhpbtvj.exec:\jhpbtvj.exe121⤵PID:2184
-
\??\c:\dpbdnpd.exec:\dpbdnpd.exe122⤵PID:3024
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-