Analysis
-
max time kernel
150s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
20-05-2024 01:26
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
7f13963b7296a6f96dc5d95b2d5889319dabba0cbef9af1d830a2bbb1a7c9006.exe
Resource
win7-20240508-en
windows7-x64
5 signatures
150 seconds
General
-
Target
7f13963b7296a6f96dc5d95b2d5889319dabba0cbef9af1d830a2bbb1a7c9006.exe
-
Size
55KB
-
MD5
d7cfaa175b9665062d9390403948c3d0
-
SHA1
dd705e7c50150361fec2a5f7a5d2164d8dc834c5
-
SHA256
7f13963b7296a6f96dc5d95b2d5889319dabba0cbef9af1d830a2bbb1a7c9006
-
SHA512
13a9956d024f1489d7895bca76e94706724cea866536bc5ce3dbafa65ab85486c3e5afb5b1f795a3c71393ae995116506c8e2304f8d82fa11e865e2df29ab07b
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIfEB:ymb3NkkiQ3mdBjFIM
Malware Config
Signatures
-
Detect Blackmoon payload 19 IoCs
resource yara_rule behavioral1/memory/1616-3-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2864-23-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2800-27-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2736-46-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2608-59-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2764-63-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2504-82-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2956-92-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2224-107-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2164-116-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2176-134-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1648-170-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1876-178-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2288-206-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2376-214-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/572-223-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2812-242-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/348-250-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/876-295-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 2864 vvjpd.exe 2800 3hbnbn.exe 2736 5ddvv.exe 2608 lrrfrff.exe 2764 3bbthn.exe 2668 jvpjv.exe 2504 7fxfrxf.exe 2956 ntbhnt.exe 2224 vpjvd.exe 2164 ffxfllr.exe 2568 tbnnnn.exe 2176 1dpjp.exe 2000 lfrxlfr.exe 1644 hbnbtt.exe 2472 pdjjj.exe 1648 dvppv.exe 1876 xfrxxfx.exe 2828 xrlxllx.exe 2832 jdpdj.exe 2288 5frxlrr.exe 2376 ffflrxf.exe 572 ttbhhb.exe 1108 jpddd.exe 2812 rrxxxrf.exe 348 btnbht.exe 2880 ddpjv.exe 1244 7rrlxxx.exe 2100 tnbtbn.exe 2456 dpdjp.exe 876 ppppp.exe 2992 lrrlxll.exe 1544 nhbbhn.exe 2592 pjjjv.exe 2644 rrflxrf.exe 2728 llrlflr.exe 2116 hbbbth.exe 2636 jjddv.exe 2664 rrfxlxl.exe 2532 5ffrflf.exe 2672 hnbhhn.exe 2512 pjvjv.exe 2584 pddpp.exe 2392 thhttb.exe 2956 vpjjj.exe 2208 9rxlrrr.exe 1884 xrrxllx.exe 1724 1ttnnb.exe 304 ppdjj.exe 628 3jjpv.exe 2008 rlfxrlx.exe 1804 nhnttb.exe 2312 3ttbtt.exe 2836 9dppp.exe 1648 xrrxrxl.exe 1876 9rfrfrf.exe 2840 3bhhtb.exe 1028 hhnhbn.exe 2488 ppppd.exe 2604 rxrxxfl.exe 2332 ttnthn.exe 1484 5ttnht.exe 1996 ddpvp.exe 1560 vvpdp.exe 2476 rxxlrxr.exe -
resource yara_rule behavioral1/memory/1616-3-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2864-13-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2864-14-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2864-12-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2864-23-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2800-27-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2736-38-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2736-36-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2736-35-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2736-46-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2608-48-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2608-50-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2608-49-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2608-59-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2764-63-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2504-82-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2956-92-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2224-107-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2164-116-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2176-134-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1648-170-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1876-178-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2288-206-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2376-214-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/572-223-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2812-242-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/348-250-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/876-295-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1616 wrote to memory of 2864 1616 7f13963b7296a6f96dc5d95b2d5889319dabba0cbef9af1d830a2bbb1a7c9006.exe 29 PID 1616 wrote to memory of 2864 1616 7f13963b7296a6f96dc5d95b2d5889319dabba0cbef9af1d830a2bbb1a7c9006.exe 29 PID 1616 wrote to memory of 2864 1616 7f13963b7296a6f96dc5d95b2d5889319dabba0cbef9af1d830a2bbb1a7c9006.exe 29 PID 1616 wrote to memory of 2864 1616 7f13963b7296a6f96dc5d95b2d5889319dabba0cbef9af1d830a2bbb1a7c9006.exe 29 PID 2864 wrote to memory of 2800 2864 vvjpd.exe 30 PID 2864 wrote to memory of 2800 2864 vvjpd.exe 30 PID 2864 wrote to memory of 2800 2864 vvjpd.exe 30 PID 2864 wrote to memory of 2800 2864 vvjpd.exe 30 PID 2800 wrote to memory of 2736 2800 3hbnbn.exe 31 PID 2800 wrote to memory of 2736 2800 3hbnbn.exe 31 PID 2800 wrote to memory of 2736 2800 3hbnbn.exe 31 PID 2800 wrote to memory of 2736 2800 3hbnbn.exe 31 PID 2736 wrote to memory of 2608 2736 5ddvv.exe 32 PID 2736 wrote to memory of 2608 2736 5ddvv.exe 32 PID 2736 wrote to memory of 2608 2736 5ddvv.exe 32 PID 2736 wrote to memory of 2608 2736 5ddvv.exe 32 PID 2608 wrote to memory of 2764 2608 lrrfrff.exe 33 PID 2608 wrote to memory of 2764 2608 lrrfrff.exe 33 PID 2608 wrote to memory of 2764 2608 lrrfrff.exe 33 PID 2608 wrote to memory of 2764 2608 lrrfrff.exe 33 PID 2764 wrote to memory of 2668 2764 3bbthn.exe 34 PID 2764 wrote to memory of 2668 2764 3bbthn.exe 34 PID 2764 wrote to memory of 2668 2764 3bbthn.exe 34 PID 2764 wrote to memory of 2668 2764 3bbthn.exe 34 PID 2668 wrote to memory of 2504 2668 jvpjv.exe 35 PID 2668 wrote to memory of 2504 2668 jvpjv.exe 35 PID 2668 wrote to memory of 2504 2668 jvpjv.exe 35 PID 2668 wrote to memory of 2504 2668 jvpjv.exe 35 PID 2504 wrote to memory of 2956 2504 7fxfrxf.exe 36 PID 2504 wrote to memory of 2956 2504 7fxfrxf.exe 36 PID 2504 wrote to memory of 2956 2504 7fxfrxf.exe 36 PID 2504 wrote to memory of 2956 2504 7fxfrxf.exe 36 PID 2956 wrote to memory of 2224 2956 ntbhnt.exe 37 PID 2956 wrote to memory of 2224 2956 ntbhnt.exe 37 PID 2956 wrote to memory of 2224 2956 ntbhnt.exe 37 PID 2956 wrote to memory of 2224 2956 ntbhnt.exe 37 PID 2224 wrote to memory of 2164 2224 vpjvd.exe 38 PID 2224 wrote to memory of 2164 2224 vpjvd.exe 38 PID 2224 wrote to memory of 2164 2224 vpjvd.exe 38 PID 2224 wrote to memory of 2164 2224 vpjvd.exe 38 PID 2164 wrote to memory of 2568 2164 ffxfllr.exe 39 PID 2164 wrote to memory of 2568 2164 ffxfllr.exe 39 PID 2164 wrote to memory of 2568 2164 ffxfllr.exe 39 PID 2164 wrote to memory of 2568 2164 ffxfllr.exe 39 PID 2568 wrote to memory of 2176 2568 tbnnnn.exe 40 PID 2568 wrote to memory of 2176 2568 tbnnnn.exe 40 PID 2568 wrote to memory of 2176 2568 tbnnnn.exe 40 PID 2568 wrote to memory of 2176 2568 tbnnnn.exe 40 PID 2176 wrote to memory of 2000 2176 1dpjp.exe 41 PID 2176 wrote to memory of 2000 2176 1dpjp.exe 41 PID 2176 wrote to memory of 2000 2176 1dpjp.exe 41 PID 2176 wrote to memory of 2000 2176 1dpjp.exe 41 PID 2000 wrote to memory of 1644 2000 lfrxlfr.exe 42 PID 2000 wrote to memory of 1644 2000 lfrxlfr.exe 42 PID 2000 wrote to memory of 1644 2000 lfrxlfr.exe 42 PID 2000 wrote to memory of 1644 2000 lfrxlfr.exe 42 PID 1644 wrote to memory of 2472 1644 hbnbtt.exe 43 PID 1644 wrote to memory of 2472 1644 hbnbtt.exe 43 PID 1644 wrote to memory of 2472 1644 hbnbtt.exe 43 PID 1644 wrote to memory of 2472 1644 hbnbtt.exe 43 PID 2472 wrote to memory of 1648 2472 pdjjj.exe 44 PID 2472 wrote to memory of 1648 2472 pdjjj.exe 44 PID 2472 wrote to memory of 1648 2472 pdjjj.exe 44 PID 2472 wrote to memory of 1648 2472 pdjjj.exe 44
Processes
-
C:\Users\Admin\AppData\Local\Temp\7f13963b7296a6f96dc5d95b2d5889319dabba0cbef9af1d830a2bbb1a7c9006.exe"C:\Users\Admin\AppData\Local\Temp\7f13963b7296a6f96dc5d95b2d5889319dabba0cbef9af1d830a2bbb1a7c9006.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1616 -
\??\c:\vvjpd.exec:\vvjpd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2864 -
\??\c:\3hbnbn.exec:\3hbnbn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2800 -
\??\c:\5ddvv.exec:\5ddvv.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2736 -
\??\c:\lrrfrff.exec:\lrrfrff.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2608 -
\??\c:\3bbthn.exec:\3bbthn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2764 -
\??\c:\jvpjv.exec:\jvpjv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2668 -
\??\c:\7fxfrxf.exec:\7fxfrxf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2504 -
\??\c:\ntbhnt.exec:\ntbhnt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2956 -
\??\c:\vpjvd.exec:\vpjvd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2224 -
\??\c:\ffxfllr.exec:\ffxfllr.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2164 -
\??\c:\tbnnnn.exec:\tbnnnn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2568 -
\??\c:\1dpjp.exec:\1dpjp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2176 -
\??\c:\lfrxlfr.exec:\lfrxlfr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2000 -
\??\c:\hbnbtt.exec:\hbnbtt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1644 -
\??\c:\pdjjj.exec:\pdjjj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2472 -
\??\c:\dvppv.exec:\dvppv.exe17⤵
- Executes dropped EXE
PID:1648 -
\??\c:\xfrxxfx.exec:\xfrxxfx.exe18⤵
- Executes dropped EXE
PID:1876 -
\??\c:\xrlxllx.exec:\xrlxllx.exe19⤵
- Executes dropped EXE
PID:2828 -
\??\c:\jdpdj.exec:\jdpdj.exe20⤵
- Executes dropped EXE
PID:2832 -
\??\c:\5frxlrr.exec:\5frxlrr.exe21⤵
- Executes dropped EXE
PID:2288 -
\??\c:\ffflrxf.exec:\ffflrxf.exe22⤵
- Executes dropped EXE
PID:2376 -
\??\c:\ttbhhb.exec:\ttbhhb.exe23⤵
- Executes dropped EXE
PID:572 -
\??\c:\jpddd.exec:\jpddd.exe24⤵
- Executes dropped EXE
PID:1108 -
\??\c:\rrxxxrf.exec:\rrxxxrf.exe25⤵
- Executes dropped EXE
PID:2812 -
\??\c:\btnbht.exec:\btnbht.exe26⤵
- Executes dropped EXE
PID:348 -
\??\c:\ddpjv.exec:\ddpjv.exe27⤵
- Executes dropped EXE
PID:2880 -
\??\c:\7rrlxxx.exec:\7rrlxxx.exe28⤵
- Executes dropped EXE
PID:1244 -
\??\c:\tnbtbn.exec:\tnbtbn.exe29⤵
- Executes dropped EXE
PID:2100 -
\??\c:\dpdjp.exec:\dpdjp.exe30⤵
- Executes dropped EXE
PID:2456 -
\??\c:\ppppp.exec:\ppppp.exe31⤵
- Executes dropped EXE
PID:876 -
\??\c:\lrrlxll.exec:\lrrlxll.exe32⤵
- Executes dropped EXE
PID:2992 -
\??\c:\nhbbhn.exec:\nhbbhn.exe33⤵
- Executes dropped EXE
PID:1544 -
\??\c:\pjjjv.exec:\pjjjv.exe34⤵
- Executes dropped EXE
PID:2592 -
\??\c:\rrflxrf.exec:\rrflxrf.exe35⤵
- Executes dropped EXE
PID:2644 -
\??\c:\llrlflr.exec:\llrlflr.exe36⤵
- Executes dropped EXE
PID:2728 -
\??\c:\hbbbth.exec:\hbbbth.exe37⤵
- Executes dropped EXE
PID:2116 -
\??\c:\jjddv.exec:\jjddv.exe38⤵
- Executes dropped EXE
PID:2636 -
\??\c:\rrfxlxl.exec:\rrfxlxl.exe39⤵
- Executes dropped EXE
PID:2664 -
\??\c:\5ffrflf.exec:\5ffrflf.exe40⤵
- Executes dropped EXE
PID:2532 -
\??\c:\hnbhhn.exec:\hnbhhn.exe41⤵
- Executes dropped EXE
PID:2672 -
\??\c:\pjvjv.exec:\pjvjv.exe42⤵
- Executes dropped EXE
PID:2512 -
\??\c:\pddpp.exec:\pddpp.exe43⤵
- Executes dropped EXE
PID:2584 -
\??\c:\thhttb.exec:\thhttb.exe44⤵
- Executes dropped EXE
PID:2392 -
\??\c:\vpjjj.exec:\vpjjj.exe45⤵
- Executes dropped EXE
PID:2956 -
\??\c:\9rxlrrr.exec:\9rxlrrr.exe46⤵
- Executes dropped EXE
PID:2208 -
\??\c:\xrrxllx.exec:\xrrxllx.exe47⤵
- Executes dropped EXE
PID:1884 -
\??\c:\1ttnnb.exec:\1ttnnb.exe48⤵
- Executes dropped EXE
PID:1724 -
\??\c:\ppdjj.exec:\ppdjj.exe49⤵
- Executes dropped EXE
PID:304 -
\??\c:\3jjpv.exec:\3jjpv.exe50⤵
- Executes dropped EXE
PID:628 -
\??\c:\rlfxrlx.exec:\rlfxrlx.exe51⤵
- Executes dropped EXE
PID:2008 -
\??\c:\nhnttb.exec:\nhnttb.exe52⤵
- Executes dropped EXE
PID:1804 -
\??\c:\3ttbtt.exec:\3ttbtt.exe53⤵
- Executes dropped EXE
PID:2312 -
\??\c:\9dppp.exec:\9dppp.exe54⤵
- Executes dropped EXE
PID:2836 -
\??\c:\xrrxrxl.exec:\xrrxrxl.exe55⤵
- Executes dropped EXE
PID:1648 -
\??\c:\9rfrfrf.exec:\9rfrfrf.exe56⤵
- Executes dropped EXE
PID:1876 -
\??\c:\3bhhtb.exec:\3bhhtb.exe57⤵
- Executes dropped EXE
PID:2840 -
\??\c:\hhnhbn.exec:\hhnhbn.exe58⤵
- Executes dropped EXE
PID:1028 -
\??\c:\ppppd.exec:\ppppd.exe59⤵
- Executes dropped EXE
PID:2488 -
\??\c:\rxrxxfl.exec:\rxrxxfl.exe60⤵
- Executes dropped EXE
PID:2604 -
\??\c:\ttnthn.exec:\ttnthn.exe61⤵
- Executes dropped EXE
PID:2332 -
\??\c:\5ttnht.exec:\5ttnht.exe62⤵
- Executes dropped EXE
PID:1484 -
\??\c:\ddpvp.exec:\ddpvp.exe63⤵
- Executes dropped EXE
PID:1996 -
\??\c:\vvpdp.exec:\vvpdp.exe64⤵
- Executes dropped EXE
PID:1560 -
\??\c:\rxxlrxr.exec:\rxxlrxr.exe65⤵
- Executes dropped EXE
PID:2476 -
\??\c:\bbnnnn.exec:\bbnnnn.exe66⤵PID:2004
-
\??\c:\5nnbbh.exec:\5nnbbh.exe67⤵PID:1508
-
\??\c:\vjdpv.exec:\vjdpv.exe68⤵PID:1704
-
\??\c:\ffrfxfr.exec:\ffrfxfr.exe69⤵PID:2984
-
\??\c:\ttntnt.exec:\ttntnt.exe70⤵PID:2072
-
\??\c:\htttbh.exec:\htttbh.exe71⤵PID:2172
-
\??\c:\vjjdd.exec:\vjjdd.exe72⤵PID:800
-
\??\c:\rrxflxl.exec:\rrxflxl.exe73⤵PID:1680
-
\??\c:\xrxllxl.exec:\xrxllxl.exe74⤵PID:2856
-
\??\c:\nntnhn.exec:\nntnhn.exe75⤵PID:1708
-
\??\c:\dpddp.exec:\dpddp.exe76⤵PID:2716
-
\??\c:\pvvpd.exec:\pvvpd.exe77⤵PID:2800
-
\??\c:\ffxfrfr.exec:\ffxfrfr.exe78⤵PID:3024
-
\??\c:\tbhbhh.exec:\tbhbhh.exe79⤵PID:3044
-
\??\c:\vjjvp.exec:\vjjvp.exe80⤵PID:2608
-
\??\c:\jvjpj.exec:\jvjpj.exe81⤵PID:2536
-
\??\c:\9lxrflr.exec:\9lxrflr.exe82⤵PID:2760
-
\??\c:\lfrlxfr.exec:\lfrlxfr.exe83⤵PID:2668
-
\??\c:\hnbtbt.exec:\hnbtbt.exe84⤵PID:2788
-
\??\c:\jdpjj.exec:\jdpjj.exe85⤵PID:2196
-
\??\c:\fxrxxff.exec:\fxrxxff.exe86⤵PID:1940
-
\??\c:\ffllxfr.exec:\ffllxfr.exe87⤵PID:1920
-
\??\c:\bthttn.exec:\bthttn.exe88⤵PID:2164
-
\??\c:\vjpdj.exec:\vjpdj.exe89⤵PID:1552
-
\??\c:\dvpvd.exec:\dvpvd.exe90⤵PID:1440
-
\??\c:\1rrxfrf.exec:\1rrxfrf.exe91⤵PID:2416
-
\??\c:\hbhhth.exec:\hbhhth.exe92⤵PID:2404
-
\??\c:\9nhhth.exec:\9nhhth.exe93⤵PID:1652
-
\??\c:\pdpvd.exec:\pdpvd.exe94⤵PID:2472
-
\??\c:\ppjpd.exec:\ppjpd.exe95⤵PID:1892
-
\??\c:\xllxflf.exec:\xllxflf.exe96⤵PID:2148
-
\??\c:\bhthbn.exec:\bhthbn.exe97⤵PID:2952
-
\??\c:\bbbthh.exec:\bbbthh.exe98⤵PID:2380
-
\??\c:\dpvpv.exec:\dpvpv.exe99⤵PID:2832
-
\??\c:\fxrfrxl.exec:\fxrfrxl.exe100⤵PID:2288
-
\??\c:\thhnbn.exec:\thhnbn.exe101⤵PID:788
-
\??\c:\bnhhth.exec:\bnhhth.exe102⤵PID:692
-
\??\c:\5dpvd.exec:\5dpvd.exe103⤵PID:832
-
\??\c:\rxlxfrf.exec:\rxlxfrf.exe104⤵PID:1108
-
\??\c:\3xxlrxr.exec:\3xxlrxr.exe105⤵PID:2812
-
\??\c:\hbbnnb.exec:\hbbnnb.exe106⤵PID:2232
-
\??\c:\vjdjv.exec:\vjdjv.exe107⤵PID:328
-
\??\c:\tbhbnh.exec:\tbhbnh.exe108⤵PID:1776
-
\??\c:\pjpvp.exec:\pjpvp.exe109⤵PID:2444
-
\??\c:\llxllrf.exec:\llxllrf.exe110⤵PID:2100
-
\??\c:\xxxlxfl.exec:\xxxlxfl.exe111⤵PID:1732
-
\??\c:\tbnbbt.exec:\tbnbbt.exe112⤵PID:2924
-
\??\c:\ddjvj.exec:\ddjvj.exe113⤵PID:2468
-
\??\c:\jpjdv.exec:\jpjdv.exe114⤵PID:1260
-
\??\c:\xrxlxlx.exec:\xrxlxlx.exe115⤵PID:1580
-
\??\c:\nbnbnb.exec:\nbnbnb.exe116⤵PID:2600
-
\??\c:\5tbnnt.exec:\5tbnnt.exe117⤵PID:3028
-
\??\c:\ppvdd.exec:\ppvdd.exe118⤵PID:2660
-
\??\c:\lfxlrfx.exec:\lfxlrfx.exe119⤵PID:2872
-
\??\c:\rrlrlrx.exec:\rrlrlrx.exe120⤵PID:2744
-
\??\c:\tbbbtb.exec:\tbbbtb.exe121⤵PID:2664
-
\??\c:\vjvdp.exec:\vjvdp.exe122⤵PID:2768
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-