Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
24-05-2024 19:58
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
239210abc4256bc3a364e247df25e2acc30623eec22827ea6413adcdc257fb0d.exe
Resource
win7-20240221-en
windows7-x64
5 signatures
150 seconds
General
-
Target
239210abc4256bc3a364e247df25e2acc30623eec22827ea6413adcdc257fb0d.exe
-
Size
122KB
-
MD5
0acb514e6baa9b09bf85cdcd364881bb
-
SHA1
092a2df9dba16508aecf60fb99deb0e2334612b7
-
SHA256
239210abc4256bc3a364e247df25e2acc30623eec22827ea6413adcdc257fb0d
-
SHA512
cdbdc46bd473b908b0b420f0313366d43769028f42ecacb8a2860ed391591f5c17b2f93f9ec92646a2b5f902be4ad68b68c4fc41a02a9d7be038fcf0c888e82e
-
SSDEEP
3072:ymb3NkkiQ3mdBjFWXkj7afoHvmQ+EZMYX90Ifcp:n3C9BRW0j/uVEZFmIkp
Malware Config
Signatures
-
Detect Blackmoon payload 27 IoCs
resource yara_rule behavioral2/memory/1624-3-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1624-10-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4808-12-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4808-11-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3248-20-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2852-26-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1064-40-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1692-43-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2132-51-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1972-57-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3296-65-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3432-78-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5096-80-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2212-88-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3096-101-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1272-107-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4164-114-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4596-119-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1492-127-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1564-134-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2968-137-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4988-161-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1932-172-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3784-179-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4144-190-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2768-197-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3580-210-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 4808 jdppv.exe 3248 rxfrllx.exe 2852 5llfxxr.exe 1064 hnhbbb.exe 1692 lxfxxlr.exe 2132 htttnn.exe 1972 jddvp.exe 3296 jjvpj.exe 3432 tbbttt.exe 5096 3bbtnn.exe 2212 3vdvv.exe 2184 xxrlffx.exe 3096 bbtnnn.exe 1272 dppjj.exe 4164 xrxrlfx.exe 4596 5nnhbb.exe 1492 dvdpv.exe 1564 ppdvj.exe 2968 xrxxrxx.exe 4868 3hnhbb.exe 3816 7vvpp.exe 3724 pppjd.exe 4988 rxllxlf.exe 1160 tnnhnn.exe 1932 9pddp.exe 3784 rrllffx.exe 2388 nhtnhh.exe 4144 vjjdv.exe 2768 ppjjv.exe 2856 rflxrrf.exe 3580 tnnbhb.exe 3756 djpvj.exe 4560 7dpvj.exe 3744 3xfxllr.exe 4480 rxffxll.exe 2452 bnbbbb.exe 4612 hthbbb.exe 1708 dpjdj.exe 2160 vvpvp.exe 1616 xxxxxxr.exe 1080 7fllfff.exe 4028 nhhbtt.exe 456 hhtnhh.exe 3508 pdjdv.exe 3464 jdvjj.exe 228 fxrlflf.exe 1164 frlfxxr.exe 848 lfrrxxf.exe 2876 bbhbtt.exe 2012 tbnhbb.exe 3116 pjjdv.exe 4296 llffrrr.exe 5076 lrxfxxr.exe 1144 tbhhbb.exe 3184 9nnhbb.exe 1272 jjdvp.exe 4796 jvdjp.exe 4656 rxllfll.exe 3956 hbhbbb.exe 1132 dvvpd.exe 4396 9fflfff.exe 4960 9rrrlrl.exe 3492 ttbbtb.exe 1072 dvjdd.exe -
resource yara_rule behavioral2/memory/1624-3-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1624-10-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4808-12-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4808-11-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3248-20-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2852-26-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1064-35-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1064-34-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1064-33-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1064-40-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1692-43-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2132-51-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1972-57-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3296-65-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3432-71-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3432-78-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5096-80-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2212-88-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3096-101-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1272-107-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4164-114-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4596-119-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1492-127-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1564-134-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2968-137-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4988-161-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1932-172-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3784-179-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4144-190-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2768-197-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3580-210-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1624 wrote to memory of 4808 1624 239210abc4256bc3a364e247df25e2acc30623eec22827ea6413adcdc257fb0d.exe 83 PID 1624 wrote to memory of 4808 1624 239210abc4256bc3a364e247df25e2acc30623eec22827ea6413adcdc257fb0d.exe 83 PID 1624 wrote to memory of 4808 1624 239210abc4256bc3a364e247df25e2acc30623eec22827ea6413adcdc257fb0d.exe 83 PID 4808 wrote to memory of 3248 4808 jdppv.exe 84 PID 4808 wrote to memory of 3248 4808 jdppv.exe 84 PID 4808 wrote to memory of 3248 4808 jdppv.exe 84 PID 3248 wrote to memory of 2852 3248 rxfrllx.exe 85 PID 3248 wrote to memory of 2852 3248 rxfrllx.exe 85 PID 3248 wrote to memory of 2852 3248 rxfrllx.exe 85 PID 2852 wrote to memory of 1064 2852 5llfxxr.exe 86 PID 2852 wrote to memory of 1064 2852 5llfxxr.exe 86 PID 2852 wrote to memory of 1064 2852 5llfxxr.exe 86 PID 1064 wrote to memory of 1692 1064 hnhbbb.exe 87 PID 1064 wrote to memory of 1692 1064 hnhbbb.exe 87 PID 1064 wrote to memory of 1692 1064 hnhbbb.exe 87 PID 1692 wrote to memory of 2132 1692 lxfxxlr.exe 88 PID 1692 wrote to memory of 2132 1692 lxfxxlr.exe 88 PID 1692 wrote to memory of 2132 1692 lxfxxlr.exe 88 PID 2132 wrote to memory of 1972 2132 htttnn.exe 89 PID 2132 wrote to memory of 1972 2132 htttnn.exe 89 PID 2132 wrote to memory of 1972 2132 htttnn.exe 89 PID 1972 wrote to memory of 3296 1972 jddvp.exe 90 PID 1972 wrote to memory of 3296 1972 jddvp.exe 90 PID 1972 wrote to memory of 3296 1972 jddvp.exe 90 PID 3296 wrote to memory of 3432 3296 jjvpj.exe 91 PID 3296 wrote to memory of 3432 3296 jjvpj.exe 91 PID 3296 wrote to memory of 3432 3296 jjvpj.exe 91 PID 3432 wrote to memory of 5096 3432 tbbttt.exe 92 PID 3432 wrote to memory of 5096 3432 tbbttt.exe 92 PID 3432 wrote to memory of 5096 3432 tbbttt.exe 92 PID 5096 wrote to memory of 2212 5096 3bbtnn.exe 93 PID 5096 wrote to memory of 2212 5096 3bbtnn.exe 93 PID 5096 wrote to memory of 2212 5096 3bbtnn.exe 93 PID 2212 wrote to memory of 2184 2212 3vdvv.exe 94 PID 2212 wrote to memory of 2184 2212 3vdvv.exe 94 PID 2212 wrote to memory of 2184 2212 3vdvv.exe 94 PID 2184 wrote to memory of 3096 2184 xxrlffx.exe 95 PID 2184 wrote to memory of 3096 2184 xxrlffx.exe 95 PID 2184 wrote to memory of 3096 2184 xxrlffx.exe 95 PID 3096 wrote to memory of 1272 3096 bbtnnn.exe 96 PID 3096 wrote to memory of 1272 3096 bbtnnn.exe 96 PID 3096 wrote to memory of 1272 3096 bbtnnn.exe 96 PID 1272 wrote to memory of 4164 1272 dppjj.exe 97 PID 1272 wrote to memory of 4164 1272 dppjj.exe 97 PID 1272 wrote to memory of 4164 1272 dppjj.exe 97 PID 4164 wrote to memory of 4596 4164 xrxrlfx.exe 98 PID 4164 wrote to memory of 4596 4164 xrxrlfx.exe 98 PID 4164 wrote to memory of 4596 4164 xrxrlfx.exe 98 PID 4596 wrote to memory of 1492 4596 5nnhbb.exe 100 PID 4596 wrote to memory of 1492 4596 5nnhbb.exe 100 PID 4596 wrote to memory of 1492 4596 5nnhbb.exe 100 PID 1492 wrote to memory of 1564 1492 dvdpv.exe 101 PID 1492 wrote to memory of 1564 1492 dvdpv.exe 101 PID 1492 wrote to memory of 1564 1492 dvdpv.exe 101 PID 1564 wrote to memory of 2968 1564 ppdvj.exe 102 PID 1564 wrote to memory of 2968 1564 ppdvj.exe 102 PID 1564 wrote to memory of 2968 1564 ppdvj.exe 102 PID 2968 wrote to memory of 4868 2968 xrxxrxx.exe 103 PID 2968 wrote to memory of 4868 2968 xrxxrxx.exe 103 PID 2968 wrote to memory of 4868 2968 xrxxrxx.exe 103 PID 4868 wrote to memory of 3816 4868 3hnhbb.exe 105 PID 4868 wrote to memory of 3816 4868 3hnhbb.exe 105 PID 4868 wrote to memory of 3816 4868 3hnhbb.exe 105 PID 3816 wrote to memory of 3724 3816 7vvpp.exe 106
Processes
-
C:\Users\Admin\AppData\Local\Temp\239210abc4256bc3a364e247df25e2acc30623eec22827ea6413adcdc257fb0d.exe"C:\Users\Admin\AppData\Local\Temp\239210abc4256bc3a364e247df25e2acc30623eec22827ea6413adcdc257fb0d.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1624 -
\??\c:\jdppv.exec:\jdppv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4808 -
\??\c:\rxfrllx.exec:\rxfrllx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3248 -
\??\c:\5llfxxr.exec:\5llfxxr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2852 -
\??\c:\hnhbbb.exec:\hnhbbb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1064 -
\??\c:\lxfxxlr.exec:\lxfxxlr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1692 -
\??\c:\htttnn.exec:\htttnn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2132 -
\??\c:\jddvp.exec:\jddvp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1972 -
\??\c:\jjvpj.exec:\jjvpj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3296 -
\??\c:\tbbttt.exec:\tbbttt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3432 -
\??\c:\3bbtnn.exec:\3bbtnn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5096 -
\??\c:\3vdvv.exec:\3vdvv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2212 -
\??\c:\xxrlffx.exec:\xxrlffx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2184 -
\??\c:\bbtnnn.exec:\bbtnnn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3096 -
\??\c:\dppjj.exec:\dppjj.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1272 -
\??\c:\xrxrlfx.exec:\xrxrlfx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4164 -
\??\c:\5nnhbb.exec:\5nnhbb.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4596 -
\??\c:\dvdpv.exec:\dvdpv.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1492 -
\??\c:\ppdvj.exec:\ppdvj.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1564 -
\??\c:\xrxxrxx.exec:\xrxxrxx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2968 -
\??\c:\3hnhbb.exec:\3hnhbb.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4868 -
\??\c:\7vvpp.exec:\7vvpp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3816 -
\??\c:\pppjd.exec:\pppjd.exe23⤵
- Executes dropped EXE
PID:3724 -
\??\c:\rxllxlf.exec:\rxllxlf.exe24⤵
- Executes dropped EXE
PID:4988 -
\??\c:\tnnhnn.exec:\tnnhnn.exe25⤵
- Executes dropped EXE
PID:1160 -
\??\c:\9pddp.exec:\9pddp.exe26⤵
- Executes dropped EXE
PID:1932 -
\??\c:\rrllffx.exec:\rrllffx.exe27⤵
- Executes dropped EXE
PID:3784 -
\??\c:\nhtnhh.exec:\nhtnhh.exe28⤵
- Executes dropped EXE
PID:2388 -
\??\c:\vjjdv.exec:\vjjdv.exe29⤵
- Executes dropped EXE
PID:4144 -
\??\c:\ppjjv.exec:\ppjjv.exe30⤵
- Executes dropped EXE
PID:2768 -
\??\c:\rflxrrf.exec:\rflxrrf.exe31⤵
- Executes dropped EXE
PID:2856 -
\??\c:\tnnbhb.exec:\tnnbhb.exe32⤵
- Executes dropped EXE
PID:3580 -
\??\c:\djpvj.exec:\djpvj.exe33⤵
- Executes dropped EXE
PID:3756 -
\??\c:\7dpvj.exec:\7dpvj.exe34⤵
- Executes dropped EXE
PID:4560 -
\??\c:\3xfxllr.exec:\3xfxllr.exe35⤵
- Executes dropped EXE
PID:3744 -
\??\c:\rxffxll.exec:\rxffxll.exe36⤵
- Executes dropped EXE
PID:4480 -
\??\c:\bnbbbb.exec:\bnbbbb.exe37⤵
- Executes dropped EXE
PID:2452 -
\??\c:\hthbbb.exec:\hthbbb.exe38⤵
- Executes dropped EXE
PID:4612 -
\??\c:\dpjdj.exec:\dpjdj.exe39⤵
- Executes dropped EXE
PID:1708 -
\??\c:\vvpvp.exec:\vvpvp.exe40⤵
- Executes dropped EXE
PID:2160 -
\??\c:\xxxxxxr.exec:\xxxxxxr.exe41⤵
- Executes dropped EXE
PID:1616 -
\??\c:\7fllfff.exec:\7fllfff.exe42⤵
- Executes dropped EXE
PID:1080 -
\??\c:\nhhbtt.exec:\nhhbtt.exe43⤵
- Executes dropped EXE
PID:4028 -
\??\c:\hhtnhh.exec:\hhtnhh.exe44⤵
- Executes dropped EXE
PID:456 -
\??\c:\pdjdv.exec:\pdjdv.exe45⤵
- Executes dropped EXE
PID:3508 -
\??\c:\jdvjj.exec:\jdvjj.exe46⤵
- Executes dropped EXE
PID:3464 -
\??\c:\fxrlflf.exec:\fxrlflf.exe47⤵
- Executes dropped EXE
PID:228 -
\??\c:\frlfxxr.exec:\frlfxxr.exe48⤵
- Executes dropped EXE
PID:1164 -
\??\c:\lfrrxxf.exec:\lfrrxxf.exe49⤵
- Executes dropped EXE
PID:848 -
\??\c:\bbhbtt.exec:\bbhbtt.exe50⤵
- Executes dropped EXE
PID:2876 -
\??\c:\tbnhbb.exec:\tbnhbb.exe51⤵
- Executes dropped EXE
PID:2012 -
\??\c:\pjjdv.exec:\pjjdv.exe52⤵
- Executes dropped EXE
PID:3116 -
\??\c:\llffrrr.exec:\llffrrr.exe53⤵
- Executes dropped EXE
PID:4296 -
\??\c:\lrxfxxr.exec:\lrxfxxr.exe54⤵
- Executes dropped EXE
PID:5076 -
\??\c:\tbhhbb.exec:\tbhhbb.exe55⤵
- Executes dropped EXE
PID:1144 -
\??\c:\9nnhbb.exec:\9nnhbb.exe56⤵
- Executes dropped EXE
PID:3184 -
\??\c:\jjdvp.exec:\jjdvp.exe57⤵
- Executes dropped EXE
PID:1272 -
\??\c:\jvdjp.exec:\jvdjp.exe58⤵
- Executes dropped EXE
PID:4796 -
\??\c:\rxllfll.exec:\rxllfll.exe59⤵
- Executes dropped EXE
PID:4656 -
\??\c:\hbhbbb.exec:\hbhbbb.exe60⤵
- Executes dropped EXE
PID:3956 -
\??\c:\dvvpd.exec:\dvvpd.exe61⤵
- Executes dropped EXE
PID:1132 -
\??\c:\9fflfff.exec:\9fflfff.exe62⤵
- Executes dropped EXE
PID:4396 -
\??\c:\9rrrlrl.exec:\9rrrlrl.exe63⤵
- Executes dropped EXE
PID:4960 -
\??\c:\ttbbtb.exec:\ttbbtb.exe64⤵
- Executes dropped EXE
PID:3492 -
\??\c:\dvjdd.exec:\dvjdd.exe65⤵
- Executes dropped EXE
PID:1072 -
\??\c:\dvdvv.exec:\dvdvv.exe66⤵PID:5052
-
\??\c:\dvjdv.exec:\dvjdv.exe67⤵PID:3724
-
\??\c:\flrrllx.exec:\flrrllx.exe68⤵PID:2140
-
\??\c:\5hbbbh.exec:\5hbbbh.exe69⤵PID:1420
-
\??\c:\nbnttt.exec:\nbnttt.exe70⤵PID:4256
-
\??\c:\jdvpp.exec:\jdvpp.exe71⤵PID:2756
-
\??\c:\pjvvp.exec:\pjvvp.exe72⤵PID:552
-
\??\c:\frrlfrl.exec:\frrlfrl.exe73⤵PID:2904
-
\??\c:\llxrrxf.exec:\llxrrxf.exe74⤵PID:1228
-
\??\c:\nhnnhn.exec:\nhnnhn.exe75⤵PID:4316
-
\??\c:\ntnhbt.exec:\ntnhbt.exe76⤵PID:2348
-
\??\c:\pjjpj.exec:\pjjpj.exe77⤵PID:5036
-
\??\c:\vvdvv.exec:\vvdvv.exe78⤵PID:1900
-
\??\c:\rxrfrlx.exec:\rxrfrlx.exe79⤵PID:3756
-
\??\c:\bbtntn.exec:\bbtntn.exe80⤵PID:1660
-
\??\c:\jpvpj.exec:\jpvpj.exe81⤵PID:4416
-
\??\c:\9xxrffx.exec:\9xxrffx.exe82⤵PID:3124
-
\??\c:\7rllxxr.exec:\7rllxxr.exe83⤵PID:1884
-
\??\c:\5tnnhh.exec:\5tnnhh.exe84⤵PID:4808
-
\??\c:\7tbtnn.exec:\7tbtnn.exe85⤵PID:3316
-
\??\c:\dvppd.exec:\dvppd.exe86⤵PID:1540
-
\??\c:\vvvpj.exec:\vvvpj.exe87⤵PID:8
-
\??\c:\lxffxff.exec:\lxffxff.exe88⤵PID:1712
-
\??\c:\xffffff.exec:\xffffff.exe89⤵PID:1468
-
\??\c:\1hnhnt.exec:\1hnhnt.exe90⤵PID:3688
-
\??\c:\ppvpj.exec:\ppvpj.exe91⤵PID:3276
-
\??\c:\jpvpd.exec:\jpvpd.exe92⤵PID:2692
-
\??\c:\7lrrlll.exec:\7lrrlll.exe93⤵PID:1484
-
\??\c:\llllxxx.exec:\llllxxx.exe94⤵PID:4324
-
\??\c:\nhhbtt.exec:\nhhbtt.exe95⤵PID:2352
-
\??\c:\tthhtt.exec:\tthhtt.exe96⤵PID:2252
-
\??\c:\vpdjd.exec:\vpdjd.exe97⤵PID:2212
-
\??\c:\xxrrlll.exec:\xxrrlll.exe98⤵PID:2184
-
\??\c:\xfffxxx.exec:\xfffxxx.exe99⤵PID:4456
-
\??\c:\nhbtnn.exec:\nhbtnn.exe100⤵PID:4724
-
\??\c:\nnnhtt.exec:\nnnhtt.exe101⤵PID:3184
-
\??\c:\dpvvp.exec:\dpvvp.exe102⤵PID:1272
-
\??\c:\dvjdj.exec:\dvjdj.exe103⤵PID:4596
-
\??\c:\lfflfxf.exec:\lfflfxf.exe104⤵PID:4568
-
\??\c:\frxrrll.exec:\frxrrll.exe105⤵PID:3136
-
\??\c:\bttntn.exec:\bttntn.exe106⤵PID:2264
-
\??\c:\ththnn.exec:\ththnn.exe107⤵PID:3396
-
\??\c:\tnbbnn.exec:\tnbbnn.exe108⤵PID:1716
-
\??\c:\jdpjj.exec:\jdpjj.exe109⤵PID:3752
-
\??\c:\9pjdv.exec:\9pjdv.exe110⤵PID:1128
-
\??\c:\rlxrxrf.exec:\rlxrxrf.exe111⤵PID:1536
-
\??\c:\lfxxrrr.exec:\lfxxrrr.exe112⤵PID:2332
-
\??\c:\bnnbtn.exec:\bnnbtn.exe113⤵PID:3388
-
\??\c:\bhbbnn.exec:\bhbbnn.exe114⤵PID:1932
-
\??\c:\vvvpj.exec:\vvvpj.exe115⤵PID:3476
-
\??\c:\5rffffx.exec:\5rffffx.exe116⤵PID:4716
-
\??\c:\xllfrrl.exec:\xllfrrl.exe117⤵PID:4404
-
\??\c:\thbbtt.exec:\thbbtt.exe118⤵PID:2304
-
\??\c:\vpjdd.exec:\vpjdd.exe119⤵PID:3256
-
\??\c:\3jpjv.exec:\3jpjv.exe120⤵PID:1960
-
\??\c:\rrrlrrx.exec:\rrrlrrx.exe121⤵PID:2788
-
\??\c:\ntbbhh.exec:\ntbbhh.exe122⤵PID:1328
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-