Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
21-06-2024 02:27
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
b1b0ea9272835bd5666d3914796472be37a6a10605e8753f4c38680797c919be.exe
Resource
win7-20240611-en
5 signatures
150 seconds
General
-
Target
b1b0ea9272835bd5666d3914796472be37a6a10605e8753f4c38680797c919be.exe
-
Size
96KB
-
MD5
4c51753f17510737a49047e8d787bfd7
-
SHA1
3e5f347ba5b85928b5a5bd90b2201cf1d4632cb2
-
SHA256
b1b0ea9272835bd5666d3914796472be37a6a10605e8753f4c38680797c919be
-
SHA512
aaf32cd4dd5c24e4d17d33e7cd4527b74d270cd32465d7bb7a88a4458b81a8ad783e4e28c6355c6cf93e29be66887f8b579f213cefc791ff368d0f59c216a6a9
-
SSDEEP
3072:ymb3NkkiQ3mdBjFo73PYP1lri3KuOnrAsmY:n3C9BRo7MlrWKujsmY
Malware Config
Signatures
-
Detect Blackmoon payload 20 IoCs
Processes:
resource yara_rule behavioral1/memory/2108-4-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2064-14-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1728-33-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/3064-38-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/3064-45-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2764-51-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2724-61-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2556-70-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2404-105-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1264-115-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1852-133-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1920-141-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2044-151-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1780-177-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2864-187-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1756-195-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2288-214-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2004-241-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/652-249-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/780-285-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
Processes:
bbnthh.exepjpvj.exe3bhnnt.exe5jjpd.exefxllxxl.exebbhnbt.exepjpvp.exedvdvj.exetthnhh.exethtbhb.exepvpjd.exexrlxllr.exenhttnn.exedjddd.exelfflxfl.exexrfxrrx.exe1tnbbt.exejvdvd.exevpjpv.exelfxfllx.exe7bhntt.exevpdvv.exexxlrllx.exethbnhn.exe1nbhbh.exepvpjv.exerrffrfl.exetnthnt.exe1pppv.exe7jvvd.exelxrxlll.exehbbtbt.exe1lxxffr.exexrlrxxl.exe7hbhtb.exebtthtb.exevpjpd.exe9jjpv.exelfxfllx.exexffrfrr.exebbthnn.exe5ddvv.exevpddd.exerlffrfl.exethhtth.exehhnbhb.exeppjvv.exefffrrlr.exe5ffrrrf.exehbtbhh.exeddvdj.exevvjvv.exelfrxllx.exe1xrflrl.exetthnbh.exetnnthn.exe7pjpd.exevvvdp.exefxlrfrf.exerrfxrxl.exettbbhb.exe5nnthh.exevjdpv.exevvvvj.exepid process 2064 bbnthh.exe 1728 pjpvj.exe 3064 3bhnnt.exe 2764 5jjpd.exe 2724 fxllxxl.exe 2556 bbhnbt.exe 2172 pjpvp.exe 2552 dvdvj.exe 2404 tthnhh.exe 1264 thtbhb.exe 2712 pvpjd.exe 1852 xrlxllr.exe 1920 nhttnn.exe 2044 djddd.exe 1340 lfflxfl.exe 1860 xrfxrrx.exe 1780 1tnbbt.exe 2864 jvdvd.exe 1756 vpjpv.exe 2232 lfxfllx.exe 2288 7bhntt.exe 264 vpdvv.exe 1484 xxlrllx.exe 2004 thbnhn.exe 652 1nbhbh.exe 1972 pvpjv.exe 1956 rrffrfl.exe 2148 tnthnt.exe 780 1pppv.exe 2268 7jvvd.exe 876 lxrxlll.exe 2452 hbbtbt.exe 1720 1lxxffr.exe 3044 xrlrxxl.exe 2812 7hbhtb.exe 344 btthtb.exe 2728 vpjpd.exe 2392 9jjpv.exe 2644 lfxfllx.exe 2800 xffrfrr.exe 3012 bbthnn.exe 2696 5ddvv.exe 2540 vpddd.exe 2428 rlffrfl.exe 2976 thhtth.exe 1432 hhnbhb.exe 2776 ppjvv.exe 2328 fffrrlr.exe 1892 5ffrrrf.exe 2196 hbtbhh.exe 1304 ddvdj.exe 1916 vvjvv.exe 1848 lfrxllx.exe 2160 1xrflrl.exe 1828 tthnbh.exe 2616 tnnthn.exe 1760 7pjpd.exe 2020 vvvdp.exe 2916 fxlrfrf.exe 596 rrfxrxl.exe 2288 ttbbhb.exe 264 5nnthh.exe 2388 vjdpv.exe 1644 vvvvj.exe -
Processes:
resource yara_rule behavioral1/memory/2108-4-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2064-14-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1728-24-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1728-23-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1728-22-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1728-33-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/3064-38-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/3064-36-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/3064-35-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/3064-45-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2764-51-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2724-61-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2556-70-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2552-88-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2552-89-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2552-87-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2404-105-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1264-115-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1852-133-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1920-141-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2044-151-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1780-177-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2864-187-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1756-195-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2288-214-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2004-241-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/652-249-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/780-285-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
b1b0ea9272835bd5666d3914796472be37a6a10605e8753f4c38680797c919be.exebbnthh.exepjpvj.exe3bhnnt.exe5jjpd.exefxllxxl.exebbhnbt.exepjpvp.exedvdvj.exetthnhh.exethtbhb.exepvpjd.exexrlxllr.exenhttnn.exedjddd.exelfflxfl.exedescription pid process target process PID 2108 wrote to memory of 2064 2108 b1b0ea9272835bd5666d3914796472be37a6a10605e8753f4c38680797c919be.exe bbnthh.exe PID 2108 wrote to memory of 2064 2108 b1b0ea9272835bd5666d3914796472be37a6a10605e8753f4c38680797c919be.exe bbnthh.exe PID 2108 wrote to memory of 2064 2108 b1b0ea9272835bd5666d3914796472be37a6a10605e8753f4c38680797c919be.exe bbnthh.exe PID 2108 wrote to memory of 2064 2108 b1b0ea9272835bd5666d3914796472be37a6a10605e8753f4c38680797c919be.exe bbnthh.exe PID 2064 wrote to memory of 1728 2064 bbnthh.exe pjpvj.exe PID 2064 wrote to memory of 1728 2064 bbnthh.exe pjpvj.exe PID 2064 wrote to memory of 1728 2064 bbnthh.exe pjpvj.exe PID 2064 wrote to memory of 1728 2064 bbnthh.exe pjpvj.exe PID 1728 wrote to memory of 3064 1728 pjpvj.exe 3bhnnt.exe PID 1728 wrote to memory of 3064 1728 pjpvj.exe 3bhnnt.exe PID 1728 wrote to memory of 3064 1728 pjpvj.exe 3bhnnt.exe PID 1728 wrote to memory of 3064 1728 pjpvj.exe 3bhnnt.exe PID 3064 wrote to memory of 2764 3064 3bhnnt.exe 5jjpd.exe PID 3064 wrote to memory of 2764 3064 3bhnnt.exe 5jjpd.exe PID 3064 wrote to memory of 2764 3064 3bhnnt.exe 5jjpd.exe PID 3064 wrote to memory of 2764 3064 3bhnnt.exe 5jjpd.exe PID 2764 wrote to memory of 2724 2764 5jjpd.exe fxllxxl.exe PID 2764 wrote to memory of 2724 2764 5jjpd.exe fxllxxl.exe PID 2764 wrote to memory of 2724 2764 5jjpd.exe fxllxxl.exe PID 2764 wrote to memory of 2724 2764 5jjpd.exe fxllxxl.exe PID 2724 wrote to memory of 2556 2724 fxllxxl.exe bbhnbt.exe PID 2724 wrote to memory of 2556 2724 fxllxxl.exe bbhnbt.exe PID 2724 wrote to memory of 2556 2724 fxllxxl.exe bbhnbt.exe PID 2724 wrote to memory of 2556 2724 fxllxxl.exe bbhnbt.exe PID 2556 wrote to memory of 2172 2556 bbhnbt.exe pjpvp.exe PID 2556 wrote to memory of 2172 2556 bbhnbt.exe pjpvp.exe PID 2556 wrote to memory of 2172 2556 bbhnbt.exe pjpvp.exe PID 2556 wrote to memory of 2172 2556 bbhnbt.exe pjpvp.exe PID 2172 wrote to memory of 2552 2172 pjpvp.exe dvdvj.exe PID 2172 wrote to memory of 2552 2172 pjpvp.exe dvdvj.exe PID 2172 wrote to memory of 2552 2172 pjpvp.exe dvdvj.exe PID 2172 wrote to memory of 2552 2172 pjpvp.exe dvdvj.exe PID 2552 wrote to memory of 2404 2552 dvdvj.exe tthnhh.exe PID 2552 wrote to memory of 2404 2552 dvdvj.exe tthnhh.exe PID 2552 wrote to memory of 2404 2552 dvdvj.exe tthnhh.exe PID 2552 wrote to memory of 2404 2552 dvdvj.exe tthnhh.exe PID 2404 wrote to memory of 1264 2404 tthnhh.exe thtbhb.exe PID 2404 wrote to memory of 1264 2404 tthnhh.exe thtbhb.exe PID 2404 wrote to memory of 1264 2404 tthnhh.exe thtbhb.exe PID 2404 wrote to memory of 1264 2404 tthnhh.exe thtbhb.exe PID 1264 wrote to memory of 2712 1264 thtbhb.exe pvpjd.exe PID 1264 wrote to memory of 2712 1264 thtbhb.exe pvpjd.exe PID 1264 wrote to memory of 2712 1264 thtbhb.exe pvpjd.exe PID 1264 wrote to memory of 2712 1264 thtbhb.exe pvpjd.exe PID 2712 wrote to memory of 1852 2712 pvpjd.exe xrlxllr.exe PID 2712 wrote to memory of 1852 2712 pvpjd.exe xrlxllr.exe PID 2712 wrote to memory of 1852 2712 pvpjd.exe xrlxllr.exe PID 2712 wrote to memory of 1852 2712 pvpjd.exe xrlxllr.exe PID 1852 wrote to memory of 1920 1852 xrlxllr.exe nhttnn.exe PID 1852 wrote to memory of 1920 1852 xrlxllr.exe nhttnn.exe PID 1852 wrote to memory of 1920 1852 xrlxllr.exe nhttnn.exe PID 1852 wrote to memory of 1920 1852 xrlxllr.exe nhttnn.exe PID 1920 wrote to memory of 2044 1920 nhttnn.exe djddd.exe PID 1920 wrote to memory of 2044 1920 nhttnn.exe djddd.exe PID 1920 wrote to memory of 2044 1920 nhttnn.exe djddd.exe PID 1920 wrote to memory of 2044 1920 nhttnn.exe djddd.exe PID 2044 wrote to memory of 1340 2044 djddd.exe lfflxfl.exe PID 2044 wrote to memory of 1340 2044 djddd.exe lfflxfl.exe PID 2044 wrote to memory of 1340 2044 djddd.exe lfflxfl.exe PID 2044 wrote to memory of 1340 2044 djddd.exe lfflxfl.exe PID 1340 wrote to memory of 1860 1340 lfflxfl.exe xrfxrrx.exe PID 1340 wrote to memory of 1860 1340 lfflxfl.exe xrfxrrx.exe PID 1340 wrote to memory of 1860 1340 lfflxfl.exe xrfxrrx.exe PID 1340 wrote to memory of 1860 1340 lfflxfl.exe xrfxrrx.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\b1b0ea9272835bd5666d3914796472be37a6a10605e8753f4c38680797c919be.exe"C:\Users\Admin\AppData\Local\Temp\b1b0ea9272835bd5666d3914796472be37a6a10605e8753f4c38680797c919be.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2108 -
\??\c:\bbnthh.exec:\bbnthh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2064 -
\??\c:\pjpvj.exec:\pjpvj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1728 -
\??\c:\3bhnnt.exec:\3bhnnt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3064 -
\??\c:\5jjpd.exec:\5jjpd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2764 -
\??\c:\fxllxxl.exec:\fxllxxl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2724 -
\??\c:\bbhnbt.exec:\bbhnbt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2556 -
\??\c:\pjpvp.exec:\pjpvp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2172 -
\??\c:\dvdvj.exec:\dvdvj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2552 -
\??\c:\tthnhh.exec:\tthnhh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2404 -
\??\c:\thtbhb.exec:\thtbhb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1264 -
\??\c:\pvpjd.exec:\pvpjd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2712 -
\??\c:\xrlxllr.exec:\xrlxllr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1852 -
\??\c:\nhttnn.exec:\nhttnn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1920 -
\??\c:\djddd.exec:\djddd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2044 -
\??\c:\lfflxfl.exec:\lfflxfl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1340 -
\??\c:\xrfxrrx.exec:\xrfxrrx.exe17⤵
- Executes dropped EXE
PID:1860 -
\??\c:\1tnbbt.exec:\1tnbbt.exe18⤵
- Executes dropped EXE
PID:1780 -
\??\c:\jvdvd.exec:\jvdvd.exe19⤵
- Executes dropped EXE
PID:2864 -
\??\c:\vpjpv.exec:\vpjpv.exe20⤵
- Executes dropped EXE
PID:1756 -
\??\c:\lfxfllx.exec:\lfxfllx.exe21⤵
- Executes dropped EXE
PID:2232 -
\??\c:\7bhntt.exec:\7bhntt.exe22⤵
- Executes dropped EXE
PID:2288 -
\??\c:\vpdvv.exec:\vpdvv.exe23⤵
- Executes dropped EXE
PID:264 -
\??\c:\xxlrllx.exec:\xxlrllx.exe24⤵
- Executes dropped EXE
PID:1484 -
\??\c:\thbnhn.exec:\thbnhn.exe25⤵
- Executes dropped EXE
PID:2004 -
\??\c:\1nbhbh.exec:\1nbhbh.exe26⤵
- Executes dropped EXE
PID:652 -
\??\c:\pvpjv.exec:\pvpjv.exe27⤵
- Executes dropped EXE
PID:1972 -
\??\c:\rrffrfl.exec:\rrffrfl.exe28⤵
- Executes dropped EXE
PID:1956 -
\??\c:\tnthnt.exec:\tnthnt.exe29⤵
- Executes dropped EXE
PID:2148 -
\??\c:\1pppv.exec:\1pppv.exe30⤵
- Executes dropped EXE
PID:780 -
\??\c:\7jvvd.exec:\7jvvd.exe31⤵
- Executes dropped EXE
PID:2268 -
\??\c:\lxrxlll.exec:\lxrxlll.exe32⤵
- Executes dropped EXE
PID:876 -
\??\c:\hbbtbt.exec:\hbbtbt.exe33⤵
- Executes dropped EXE
PID:2452 -
\??\c:\1lxxffr.exec:\1lxxffr.exe34⤵
- Executes dropped EXE
PID:1720 -
\??\c:\xrlrxxl.exec:\xrlrxxl.exe35⤵
- Executes dropped EXE
PID:3044 -
\??\c:\7hbhtb.exec:\7hbhtb.exe36⤵
- Executes dropped EXE
PID:2812 -
\??\c:\btthtb.exec:\btthtb.exe37⤵
- Executes dropped EXE
PID:344 -
\??\c:\vpjpd.exec:\vpjpd.exe38⤵
- Executes dropped EXE
PID:2728 -
\??\c:\9jjpv.exec:\9jjpv.exe39⤵
- Executes dropped EXE
PID:2392 -
\??\c:\lfxfllx.exec:\lfxfllx.exe40⤵
- Executes dropped EXE
PID:2644 -
\??\c:\xffrfrr.exec:\xffrfrr.exe41⤵
- Executes dropped EXE
PID:2800 -
\??\c:\bbthnn.exec:\bbthnn.exe42⤵
- Executes dropped EXE
PID:3012 -
\??\c:\5ddvv.exec:\5ddvv.exe43⤵
- Executes dropped EXE
PID:2696 -
\??\c:\vpddd.exec:\vpddd.exe44⤵
- Executes dropped EXE
PID:2540 -
\??\c:\rlffrfl.exec:\rlffrfl.exe45⤵
- Executes dropped EXE
PID:2428 -
\??\c:\thhtth.exec:\thhtth.exe46⤵
- Executes dropped EXE
PID:2976 -
\??\c:\hhnbhb.exec:\hhnbhb.exe47⤵
- Executes dropped EXE
PID:1432 -
\??\c:\ppjvv.exec:\ppjvv.exe48⤵
- Executes dropped EXE
PID:2776 -
\??\c:\fffrrlr.exec:\fffrrlr.exe49⤵
- Executes dropped EXE
PID:2328 -
\??\c:\5ffrrrf.exec:\5ffrrrf.exe50⤵
- Executes dropped EXE
PID:1892 -
\??\c:\hbtbhh.exec:\hbtbhh.exe51⤵
- Executes dropped EXE
PID:2196 -
\??\c:\ddvdj.exec:\ddvdj.exe52⤵
- Executes dropped EXE
PID:1304 -
\??\c:\vvjvv.exec:\vvjvv.exe53⤵
- Executes dropped EXE
PID:1916 -
\??\c:\lfrxllx.exec:\lfrxllx.exe54⤵
- Executes dropped EXE
PID:1848 -
\??\c:\1xrflrl.exec:\1xrflrl.exe55⤵
- Executes dropped EXE
PID:2160 -
\??\c:\tthnbh.exec:\tthnbh.exe56⤵
- Executes dropped EXE
PID:1828 -
\??\c:\tnnthn.exec:\tnnthn.exe57⤵
- Executes dropped EXE
PID:2616 -
\??\c:\7pjpd.exec:\7pjpd.exe58⤵
- Executes dropped EXE
PID:1760 -
\??\c:\vvvdp.exec:\vvvdp.exe59⤵
- Executes dropped EXE
PID:2020 -
\??\c:\fxlrfrf.exec:\fxlrfrf.exe60⤵
- Executes dropped EXE
PID:2916 -
\??\c:\rrfxrxl.exec:\rrfxrxl.exe61⤵
- Executes dropped EXE
PID:596 -
\??\c:\ttbbhb.exec:\ttbbhb.exe62⤵
- Executes dropped EXE
PID:2288 -
\??\c:\5nnthh.exec:\5nnthh.exe63⤵
- Executes dropped EXE
PID:264 -
\??\c:\vjdpv.exec:\vjdpv.exe64⤵
- Executes dropped EXE
PID:2388 -
\??\c:\vvvvj.exec:\vvvvj.exe65⤵
- Executes dropped EXE
PID:1644 -
\??\c:\5vpdd.exec:\5vpdd.exe66⤵PID:1944
-
\??\c:\rrlxlrf.exec:\rrlxlrf.exe67⤵PID:2456
-
\??\c:\xxrfllx.exec:\xxrfllx.exe68⤵PID:760
-
\??\c:\1tnhth.exec:\1tnhth.exe69⤵PID:1032
-
\??\c:\nbbbbn.exec:\nbbbbn.exe70⤵PID:2996
-
\??\c:\dvpdp.exec:\dvpdp.exe71⤵PID:2368
-
\??\c:\ppvvd.exec:\ppvvd.exe72⤵PID:2480
-
\??\c:\vpjpd.exec:\vpjpd.exe73⤵PID:2268
-
\??\c:\llfflrl.exec:\llfflrl.exe74⤵PID:1928
-
\??\c:\frrfxff.exec:\frrfxff.exe75⤵PID:1624
-
\??\c:\9bbhbh.exec:\9bbhbh.exe76⤵PID:1560
-
\??\c:\1thbtn.exec:\1thbtn.exe77⤵PID:2604
-
\??\c:\vpjpp.exec:\vpjpp.exe78⤵PID:1244
-
\??\c:\vpdjp.exec:\vpdjp.exe79⤵PID:2648
-
\??\c:\rlflxfx.exec:\rlflxfx.exe80⤵PID:2908
-
\??\c:\rrllxlx.exec:\rrllxlx.exe81⤵PID:2788
-
\??\c:\bbnhnn.exec:\bbnhnn.exe82⤵PID:2892
-
\??\c:\5nhhht.exec:\5nhhht.exe83⤵PID:2548
-
\??\c:\vvvvv.exec:\vvvvv.exe84⤵PID:2684
-
\??\c:\vpdpd.exec:\vpdpd.exe85⤵PID:2524
-
\??\c:\dddjp.exec:\dddjp.exe86⤵PID:2432
-
\??\c:\ffrxrxl.exec:\ffrxrxl.exe87⤵PID:2564
-
\??\c:\rxxxfll.exec:\rxxxfll.exe88⤵PID:1900
-
\??\c:\9bhntb.exec:\9bhntb.exe89⤵PID:2588
-
\??\c:\hbnnbb.exec:\hbnnbb.exe90⤵PID:2716
-
\??\c:\5dvvd.exec:\5dvvd.exe91⤵PID:2216
-
\??\c:\vvdvj.exec:\vvdvj.exe92⤵PID:1852
-
\??\c:\xxfflrx.exec:\xxfflrx.exe93⤵PID:1128
-
\??\c:\lrflrrl.exec:\lrflrrl.exe94⤵PID:1680
-
\??\c:\nbbbhh.exec:\nbbbhh.exe95⤵PID:1636
-
\??\c:\hbhnnt.exec:\hbhnnt.exe96⤵PID:2180
-
\??\c:\3jjdv.exec:\3jjdv.exe97⤵PID:1048
-
\??\c:\rlrrxfl.exec:\rlrrxfl.exe98⤵PID:1780
-
\??\c:\rlxfxfr.exec:\rlxfxfr.exe99⤵PID:2872
-
\??\c:\7thbbt.exec:\7thbbt.exe100⤵PID:2120
-
\??\c:\hthhtt.exec:\hthhtt.exe101⤵PID:2924
-
\??\c:\1pjvd.exec:\1pjvd.exe102⤵PID:2412
-
\??\c:\7dddd.exec:\7dddd.exe103⤵PID:872
-
\??\c:\lrrrlff.exec:\lrrrlff.exe104⤵PID:600
-
\??\c:\lfflrrx.exec:\lfflrrx.exe105⤵PID:1384
-
\??\c:\bbbhtt.exec:\bbbhtt.exe106⤵PID:1648
-
\??\c:\dpjjp.exec:\dpjjp.exe107⤵PID:708
-
\??\c:\jpvdd.exec:\jpvdd.exe108⤵PID:1968
-
\??\c:\1rrfffl.exec:\1rrfffl.exe109⤵PID:904
-
\??\c:\btnntt.exec:\btnntt.exe110⤵PID:948
-
\??\c:\tnhtnn.exec:\tnhtnn.exe111⤵PID:1692
-
\??\c:\3ppvv.exec:\3ppvv.exe112⤵PID:2152
-
\??\c:\vppvd.exec:\vppvd.exe113⤵PID:2260
-
\??\c:\lfrllfl.exec:\lfrllfl.exe114⤵PID:1908
-
\??\c:\5hhthn.exec:\5hhthn.exe115⤵PID:3052
-
\??\c:\9tbthh.exec:\9tbthh.exe116⤵PID:892
-
\??\c:\jdvdj.exec:\jdvdj.exe117⤵PID:1880
-
\??\c:\pjpjp.exec:\pjpjp.exe118⤵PID:1600
-
\??\c:\rfrxxfr.exec:\rfrxxfr.exe119⤵PID:2276
-
\??\c:\xflxlrl.exec:\xflxlrl.exe120⤵PID:2628
-
\??\c:\bthhtb.exec:\bthhtb.exe121⤵PID:2740
-
\??\c:\bbtbhn.exec:\bbtbhn.exe122⤵PID:2772
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-