Analysis
-
max time kernel
120s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
10-11-2024 00:00
Static task
static1
Behavioral task
behavioral1
Sample
7e7fe80fdc6bf11f69961585750afbeedbbb6757c109d3b550546845dcedeaebN.exe
Resource
win7-20241010-en
General
-
Target
7e7fe80fdc6bf11f69961585750afbeedbbb6757c109d3b550546845dcedeaebN.exe
-
Size
49KB
-
MD5
1a9a6b57a362a2a660f2f73ed02f6d70
-
SHA1
60319f0dcb5077c995c6060af6b259d8613ee4a4
-
SHA256
7e7fe80fdc6bf11f69961585750afbeedbbb6757c109d3b550546845dcedeaeb
-
SHA512
21c2c3d347c619beacc36c8685c6d81fa9fa10a4da66afbf18374ebddce44009339d1e56cf79a317a1a4fec1c66972572ca9ba4eaa540ce531c77f023f26ef95
-
SSDEEP
1536:mAocdpeVoBDulhzHMb7xNAa04Mcg5bx7BGx:0cdpeeBSHHMHLf9Rybx7BGx
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 61 IoCs
Processes:
resource yara_rule behavioral1/memory/2484-7-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2768-11-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2772-20-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2772-27-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon behavioral1/memory/2864-30-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2864-38-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon behavioral1/memory/2960-48-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2672-57-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2696-67-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2324-76-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/964-85-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2840-102-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1700-120-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1048-139-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/296-153-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2468-170-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2456-187-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1928-197-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1576-213-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2056-224-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1332-232-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1736-242-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2516-261-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1020-279-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1044-293-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1044-289-0x0000000000230000-0x0000000000259000-memory.dmp family_blackmoon behavioral1/memory/2900-332-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon behavioral1/memory/2960-345-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2740-352-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2900-353-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon behavioral1/memory/2600-366-0x00000000002A0000-0x00000000002C9000-memory.dmp family_blackmoon behavioral1/memory/2600-367-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/3016-386-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/3016-406-0x00000000002B0000-0x00000000002D9000-memory.dmp family_blackmoon behavioral1/memory/664-414-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon behavioral1/memory/664-413-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon behavioral1/memory/1308-421-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon behavioral1/memory/1632-422-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2428-454-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon behavioral1/memory/2348-461-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2012-498-0x00000000002D0000-0x00000000002F9000-memory.dmp family_blackmoon behavioral1/memory/2532-534-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon behavioral1/memory/1372-549-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/304-556-0x00000000002B0000-0x00000000002D9000-memory.dmp family_blackmoon behavioral1/memory/2724-594-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon behavioral1/memory/2780-607-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon behavioral1/memory/2900-614-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon behavioral1/memory/2900-615-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon behavioral1/memory/2620-623-0x00000000002A0000-0x00000000002C9000-memory.dmp family_blackmoon behavioral1/memory/2080-630-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon behavioral1/memory/2224-638-0x0000000000230000-0x0000000000259000-memory.dmp family_blackmoon behavioral1/memory/2224-636-0x0000000000230000-0x0000000000259000-memory.dmp family_blackmoon behavioral1/memory/1800-659-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/3032-666-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1160-691-0x00000000002B0000-0x00000000002D9000-memory.dmp family_blackmoon behavioral1/memory/2332-764-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon behavioral1/memory/1588-798-0x00000000003A0000-0x00000000003C9000-memory.dmp family_blackmoon behavioral1/memory/2220-811-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1120-826-0x00000000002B0000-0x00000000002D9000-memory.dmp family_blackmoon behavioral1/memory/2644-885-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1856-924-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
Processes:
dbnvpd.exenlfhbdh.exehxfpbfh.exehjxfpt.exebljddvn.exebxnrxbx.exelbljbp.exefffxdjr.exefppdlv.exevfxpxbj.exeplxrb.exehhhhlp.exebpfnlh.exetrtfl.exefvjnxv.exexfdvpnv.exeftvnvdp.exertfblp.exexpthppf.exexvndx.exeddbxh.exejbffpx.exejnfhx.exebhlxbd.exepjtvdj.exevhrdljp.exedxddflt.exenvftj.exebrxhbdl.exeppdxtb.exevfrnd.exeppvxd.exelxdxx.exeldpflf.exetvxjtn.exepvvnlt.exerxbbppn.exelrfdpfr.exedjrdrhn.exeprbdj.exevhjtlrb.exepxbvhp.exertdhpx.exedlxrdtj.exeprdjxhr.exevpfpvj.exejlvhdn.exelhftfn.exejpbhtvl.exetdftvvb.exenfplx.exevvdlxpt.exefxfjx.exebfrjb.exefjvjh.exejtpbxdx.exeljttv.exetxfldj.exehrhrtff.exejntxtr.exexpdpn.exenjfvxn.exehvpll.exepbbfph.exepid process 2768 dbnvpd.exe 2772 nlfhbdh.exe 2864 hxfpbfh.exe 2960 hjxfpt.exe 2672 bljddvn.exe 2696 bxnrxbx.exe 2324 lbljbp.exe 964 fffxdjr.exe 1672 fppdlv.exe 2840 vfxpxbj.exe 1104 plxrb.exe 1700 hhhhlp.exe 2588 bpfnlh.exe 564 trtfl.exe 1048 fvjnxv.exe 296 xfdvpnv.exe 620 ftvnvdp.exe 2468 rtfblp.exe 2332 xpthppf.exe 2456 xvndx.exe 1928 ddbxh.exe 1328 jbffpx.exe 1576 jnfhx.exe 2056 bhlxbd.exe 1332 pjtvdj.exe 1736 vhrdljp.exe 1992 dxddflt.exe 112 nvftj.exe 2516 brxhbdl.exe 1020 ppdxtb.exe 1044 vfrnd.exe 2248 ppvxd.exe 2816 lxdxx.exe 3008 ldpflf.exe 1548 tvxjtn.exe 2772 pvvnlt.exe 2900 rxbbppn.exe 1824 lrfdpfr.exe 2960 djrdrhn.exe 2740 prbdj.exe 2072 vhjtlrb.exe 2600 pxbvhp.exe 2324 rtdhpx.exe 964 dlxrdtj.exe 3016 prdjxhr.exe 2304 vpfpvj.exe 2000 jlvhdn.exe 2104 lhftfn.exe 664 jpbhtvl.exe 1308 tdftvvb.exe 1632 nfplx.exe 2152 vvdlxpt.exe 264 fxfjx.exe 2160 bfrjb.exe 2428 fjvjh.exe 2348 jtpbxdx.exe 2256 ljttv.exe 1396 txfldj.exe 1384 hrhrtff.exe 1616 jntxtr.exe 972 xpdpn.exe 2012 njfvxn.exe 600 hvpll.exe 1056 pbbfph.exe -
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
vdjxx.exevpjttpd.exerrxphn.exetrhxf.exephnnp.exenjpbp.exexjfpjrp.exephxfh.exefjhhtf.exedjdbphb.exertvllj.exepnnjd.exedxtvl.exethbnv.exehrlbp.exelbvbx.exexxdhrv.exejbnhbpr.exelfhnxln.exejfdxdpf.exerdlxf.exevvjtr.exejrdjb.exetfxlhnr.exevhttth.exejxphd.exexpdpn.exevrjvdpj.exethllvp.exejrlvxpv.exepdblvv.exehtrhnfn.exebthtp.exenxprffv.exehjhxh.exellrnp.exexxhxh.exejpvbfh.exehvxhhb.exevlhjh.exepbfnn.exejfbxrph.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language vdjxx.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language vpjttpd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rrxphn.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language trhxf.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language phnnp.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language njpbp.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language xjfpjrp.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language phxfh.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language fjhhtf.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language djdbphb.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rtvllj.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language pnnjd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language dxtvl.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language thbnv.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language hrlbp.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language lbvbx.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language xxdhrv.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jbnhbpr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language lfhnxln.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jfdxdpf.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rdlxf.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language vvjtr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jrdjb.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language tfxlhnr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language vhttth.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jxphd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language xpdpn.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language vrjvdpj.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language thllvp.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jrlvxpv.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language pdblvv.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language htrhnfn.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language bthtp.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language nxprffv.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language hjhxh.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language llrnp.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language xxhxh.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jpvbfh.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language hvxhhb.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language vlhjh.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language pbfnn.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jfbxrph.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
7e7fe80fdc6bf11f69961585750afbeedbbb6757c109d3b550546845dcedeaebN.exedbnvpd.exenlfhbdh.exehxfpbfh.exehjxfpt.exebljddvn.exebxnrxbx.exelbljbp.exefffxdjr.exefppdlv.exevfxpxbj.exeplxrb.exehhhhlp.exebpfnlh.exetrtfl.exefvjnxv.exedescription pid process target process PID 2484 wrote to memory of 2768 2484 7e7fe80fdc6bf11f69961585750afbeedbbb6757c109d3b550546845dcedeaebN.exe dbnvpd.exe PID 2484 wrote to memory of 2768 2484 7e7fe80fdc6bf11f69961585750afbeedbbb6757c109d3b550546845dcedeaebN.exe dbnvpd.exe PID 2484 wrote to memory of 2768 2484 7e7fe80fdc6bf11f69961585750afbeedbbb6757c109d3b550546845dcedeaebN.exe dbnvpd.exe PID 2484 wrote to memory of 2768 2484 7e7fe80fdc6bf11f69961585750afbeedbbb6757c109d3b550546845dcedeaebN.exe dbnvpd.exe PID 2768 wrote to memory of 2772 2768 dbnvpd.exe nlfhbdh.exe PID 2768 wrote to memory of 2772 2768 dbnvpd.exe nlfhbdh.exe PID 2768 wrote to memory of 2772 2768 dbnvpd.exe nlfhbdh.exe PID 2768 wrote to memory of 2772 2768 dbnvpd.exe nlfhbdh.exe PID 2772 wrote to memory of 2864 2772 nlfhbdh.exe hxfpbfh.exe PID 2772 wrote to memory of 2864 2772 nlfhbdh.exe hxfpbfh.exe PID 2772 wrote to memory of 2864 2772 nlfhbdh.exe hxfpbfh.exe PID 2772 wrote to memory of 2864 2772 nlfhbdh.exe hxfpbfh.exe PID 2864 wrote to memory of 2960 2864 hxfpbfh.exe hjxfpt.exe PID 2864 wrote to memory of 2960 2864 hxfpbfh.exe hjxfpt.exe PID 2864 wrote to memory of 2960 2864 hxfpbfh.exe hjxfpt.exe PID 2864 wrote to memory of 2960 2864 hxfpbfh.exe hjxfpt.exe PID 2960 wrote to memory of 2672 2960 hjxfpt.exe bljddvn.exe PID 2960 wrote to memory of 2672 2960 hjxfpt.exe bljddvn.exe PID 2960 wrote to memory of 2672 2960 hjxfpt.exe bljddvn.exe PID 2960 wrote to memory of 2672 2960 hjxfpt.exe bljddvn.exe PID 2672 wrote to memory of 2696 2672 bljddvn.exe bxnrxbx.exe PID 2672 wrote to memory of 2696 2672 bljddvn.exe bxnrxbx.exe PID 2672 wrote to memory of 2696 2672 bljddvn.exe bxnrxbx.exe PID 2672 wrote to memory of 2696 2672 bljddvn.exe bxnrxbx.exe PID 2696 wrote to memory of 2324 2696 bxnrxbx.exe lbljbp.exe PID 2696 wrote to memory of 2324 2696 bxnrxbx.exe lbljbp.exe PID 2696 wrote to memory of 2324 2696 bxnrxbx.exe lbljbp.exe PID 2696 wrote to memory of 2324 2696 bxnrxbx.exe lbljbp.exe PID 2324 wrote to memory of 964 2324 lbljbp.exe fffxdjr.exe PID 2324 wrote to memory of 964 2324 lbljbp.exe fffxdjr.exe PID 2324 wrote to memory of 964 2324 lbljbp.exe fffxdjr.exe PID 2324 wrote to memory of 964 2324 lbljbp.exe fffxdjr.exe PID 964 wrote to memory of 1672 964 fffxdjr.exe fppdlv.exe PID 964 wrote to memory of 1672 964 fffxdjr.exe fppdlv.exe PID 964 wrote to memory of 1672 964 fffxdjr.exe fppdlv.exe PID 964 wrote to memory of 1672 964 fffxdjr.exe fppdlv.exe PID 1672 wrote to memory of 2840 1672 fppdlv.exe vfxpxbj.exe PID 1672 wrote to memory of 2840 1672 fppdlv.exe vfxpxbj.exe PID 1672 wrote to memory of 2840 1672 fppdlv.exe vfxpxbj.exe PID 1672 wrote to memory of 2840 1672 fppdlv.exe vfxpxbj.exe PID 2840 wrote to memory of 1104 2840 vfxpxbj.exe plxrb.exe PID 2840 wrote to memory of 1104 2840 vfxpxbj.exe plxrb.exe PID 2840 wrote to memory of 1104 2840 vfxpxbj.exe plxrb.exe PID 2840 wrote to memory of 1104 2840 vfxpxbj.exe plxrb.exe PID 1104 wrote to memory of 1700 1104 plxrb.exe hhhhlp.exe PID 1104 wrote to memory of 1700 1104 plxrb.exe hhhhlp.exe PID 1104 wrote to memory of 1700 1104 plxrb.exe hhhhlp.exe PID 1104 wrote to memory of 1700 1104 plxrb.exe hhhhlp.exe PID 1700 wrote to memory of 2588 1700 hhhhlp.exe bpfnlh.exe PID 1700 wrote to memory of 2588 1700 hhhhlp.exe bpfnlh.exe PID 1700 wrote to memory of 2588 1700 hhhhlp.exe bpfnlh.exe PID 1700 wrote to memory of 2588 1700 hhhhlp.exe bpfnlh.exe PID 2588 wrote to memory of 564 2588 bpfnlh.exe trtfl.exe PID 2588 wrote to memory of 564 2588 bpfnlh.exe trtfl.exe PID 2588 wrote to memory of 564 2588 bpfnlh.exe trtfl.exe PID 2588 wrote to memory of 564 2588 bpfnlh.exe trtfl.exe PID 564 wrote to memory of 1048 564 trtfl.exe fvjnxv.exe PID 564 wrote to memory of 1048 564 trtfl.exe fvjnxv.exe PID 564 wrote to memory of 1048 564 trtfl.exe fvjnxv.exe PID 564 wrote to memory of 1048 564 trtfl.exe fvjnxv.exe PID 1048 wrote to memory of 296 1048 fvjnxv.exe xfdvpnv.exe PID 1048 wrote to memory of 296 1048 fvjnxv.exe xfdvpnv.exe PID 1048 wrote to memory of 296 1048 fvjnxv.exe xfdvpnv.exe PID 1048 wrote to memory of 296 1048 fvjnxv.exe xfdvpnv.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\7e7fe80fdc6bf11f69961585750afbeedbbb6757c109d3b550546845dcedeaebN.exe"C:\Users\Admin\AppData\Local\Temp\7e7fe80fdc6bf11f69961585750afbeedbbb6757c109d3b550546845dcedeaebN.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2484 -
\??\c:\dbnvpd.exec:\dbnvpd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2768 -
\??\c:\nlfhbdh.exec:\nlfhbdh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2772 -
\??\c:\hxfpbfh.exec:\hxfpbfh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2864 -
\??\c:\hjxfpt.exec:\hjxfpt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2960 -
\??\c:\bljddvn.exec:\bljddvn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2672 -
\??\c:\bxnrxbx.exec:\bxnrxbx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2696 -
\??\c:\lbljbp.exec:\lbljbp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2324 -
\??\c:\fffxdjr.exec:\fffxdjr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:964 -
\??\c:\fppdlv.exec:\fppdlv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1672 -
\??\c:\vfxpxbj.exec:\vfxpxbj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2840 -
\??\c:\plxrb.exec:\plxrb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1104 -
\??\c:\hhhhlp.exec:\hhhhlp.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1700 -
\??\c:\bpfnlh.exec:\bpfnlh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2588 -
\??\c:\trtfl.exec:\trtfl.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:564 -
\??\c:\fvjnxv.exec:\fvjnxv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1048 -
\??\c:\xfdvpnv.exec:\xfdvpnv.exe17⤵
- Executes dropped EXE
PID:296 -
\??\c:\ftvnvdp.exec:\ftvnvdp.exe18⤵
- Executes dropped EXE
PID:620 -
\??\c:\rtfblp.exec:\rtfblp.exe19⤵
- Executes dropped EXE
PID:2468 -
\??\c:\xpthppf.exec:\xpthppf.exe20⤵
- Executes dropped EXE
PID:2332 -
\??\c:\xvndx.exec:\xvndx.exe21⤵
- Executes dropped EXE
PID:2456 -
\??\c:\ddbxh.exec:\ddbxh.exe22⤵
- Executes dropped EXE
PID:1928 -
\??\c:\jbffpx.exec:\jbffpx.exe23⤵
- Executes dropped EXE
PID:1328 -
\??\c:\jnfhx.exec:\jnfhx.exe24⤵
- Executes dropped EXE
PID:1576 -
\??\c:\bhlxbd.exec:\bhlxbd.exe25⤵
- Executes dropped EXE
PID:2056 -
\??\c:\pjtvdj.exec:\pjtvdj.exe26⤵
- Executes dropped EXE
PID:1332 -
\??\c:\vhrdljp.exec:\vhrdljp.exe27⤵
- Executes dropped EXE
PID:1736 -
\??\c:\dxddflt.exec:\dxddflt.exe28⤵
- Executes dropped EXE
PID:1992 -
\??\c:\nvftj.exec:\nvftj.exe29⤵
- Executes dropped EXE
PID:112 -
\??\c:\brxhbdl.exec:\brxhbdl.exe30⤵
- Executes dropped EXE
PID:2516 -
\??\c:\ppdxtb.exec:\ppdxtb.exe31⤵
- Executes dropped EXE
PID:1020 -
\??\c:\vfrnd.exec:\vfrnd.exe32⤵
- Executes dropped EXE
PID:1044 -
\??\c:\ppvxd.exec:\ppvxd.exe33⤵
- Executes dropped EXE
PID:2248 -
\??\c:\lxdxx.exec:\lxdxx.exe34⤵
- Executes dropped EXE
PID:2816 -
\??\c:\ldpflf.exec:\ldpflf.exe35⤵
- Executes dropped EXE
PID:3008 -
\??\c:\tvxjtn.exec:\tvxjtn.exe36⤵
- Executes dropped EXE
PID:1548 -
\??\c:\pvvnlt.exec:\pvvnlt.exe37⤵
- Executes dropped EXE
PID:2772 -
\??\c:\rxbbppn.exec:\rxbbppn.exe38⤵
- Executes dropped EXE
PID:2900 -
\??\c:\lrfdpfr.exec:\lrfdpfr.exe39⤵
- Executes dropped EXE
PID:1824 -
\??\c:\djrdrhn.exec:\djrdrhn.exe40⤵
- Executes dropped EXE
PID:2960 -
\??\c:\prbdj.exec:\prbdj.exe41⤵
- Executes dropped EXE
PID:2740 -
\??\c:\vhjtlrb.exec:\vhjtlrb.exe42⤵
- Executes dropped EXE
PID:2072 -
\??\c:\pxbvhp.exec:\pxbvhp.exe43⤵
- Executes dropped EXE
PID:2600 -
\??\c:\rtdhpx.exec:\rtdhpx.exe44⤵
- Executes dropped EXE
PID:2324 -
\??\c:\dlxrdtj.exec:\dlxrdtj.exe45⤵
- Executes dropped EXE
PID:964 -
\??\c:\prdjxhr.exec:\prdjxhr.exe46⤵
- Executes dropped EXE
PID:3016 -
\??\c:\vpfpvj.exec:\vpfpvj.exe47⤵
- Executes dropped EXE
PID:2304 -
\??\c:\jlvhdn.exec:\jlvhdn.exe48⤵
- Executes dropped EXE
PID:2000 -
\??\c:\lhftfn.exec:\lhftfn.exe49⤵
- Executes dropped EXE
PID:2104 -
\??\c:\jpbhtvl.exec:\jpbhtvl.exe50⤵
- Executes dropped EXE
PID:664 -
\??\c:\tdftvvb.exec:\tdftvvb.exe51⤵
- Executes dropped EXE
PID:1308 -
\??\c:\nfplx.exec:\nfplx.exe52⤵
- Executes dropped EXE
PID:1632 -
\??\c:\vvdlxpt.exec:\vvdlxpt.exe53⤵
- Executes dropped EXE
PID:2152 -
\??\c:\fxfjx.exec:\fxfjx.exe54⤵
- Executes dropped EXE
PID:264 -
\??\c:\bfrjb.exec:\bfrjb.exe55⤵
- Executes dropped EXE
PID:2160 -
\??\c:\fjvjh.exec:\fjvjh.exe56⤵
- Executes dropped EXE
PID:2428 -
\??\c:\jtpbxdx.exec:\jtpbxdx.exe57⤵
- Executes dropped EXE
PID:2348 -
\??\c:\ljttv.exec:\ljttv.exe58⤵
- Executes dropped EXE
PID:2256 -
\??\c:\txfldj.exec:\txfldj.exe59⤵
- Executes dropped EXE
PID:1396 -
\??\c:\hrhrtff.exec:\hrhrtff.exe60⤵
- Executes dropped EXE
PID:1384 -
\??\c:\jntxtr.exec:\jntxtr.exe61⤵
- Executes dropped EXE
PID:1616 -
\??\c:\xpdpn.exec:\xpdpn.exe62⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:972 -
\??\c:\njfvxn.exec:\njfvxn.exe63⤵
- Executes dropped EXE
PID:2012 -
\??\c:\hvpll.exec:\hvpll.exe64⤵
- Executes dropped EXE
PID:600 -
\??\c:\pbbfph.exec:\pbbfph.exe65⤵
- Executes dropped EXE
PID:1056 -
\??\c:\nfjfjtr.exec:\nfjfjtr.exe66⤵PID:1688
-
\??\c:\dfdxjl.exec:\dfdxjl.exe67⤵PID:1312
-
\??\c:\pxlbtx.exec:\pxlbtx.exe68⤵PID:1788
-
\??\c:\pbfnn.exec:\pbfnn.exe69⤵
- System Location Discovery: System Language Discovery
PID:2532 -
\??\c:\xdlnlxd.exec:\xdlnlxd.exe70⤵PID:2184
-
\??\c:\dlxpvll.exec:\dlxpvll.exe71⤵PID:1372
-
\??\c:\flfdvv.exec:\flfdvv.exe72⤵PID:304
-
\??\c:\tvxptb.exec:\tvxptb.exe73⤵PID:772
-
\??\c:\btvdbx.exec:\btvdbx.exe74⤵PID:2384
-
\??\c:\rvbxh.exec:\rvbxh.exe75⤵PID:2828
-
\??\c:\nljdp.exec:\nljdp.exe76⤵PID:2248
-
\??\c:\hlhdx.exec:\hlhdx.exe77⤵PID:2768
-
\??\c:\lhvpn.exec:\lhvpn.exe78⤵PID:2724
-
\??\c:\pfbrnl.exec:\pfbrnl.exe79⤵PID:2776
-
\??\c:\jtpttr.exec:\jtpttr.exe80⤵PID:2780
-
\??\c:\nxdff.exec:\nxdff.exe81⤵PID:2900
-
\??\c:\llrnp.exec:\llrnp.exe82⤵
- System Location Discovery: System Language Discovery
PID:2620 -
\??\c:\txfbtd.exec:\txfbtd.exe83⤵PID:2080
-
\??\c:\hfhnjd.exec:\hfhnjd.exe84⤵PID:2224
-
\??\c:\nltxh.exec:\nltxh.exe85⤵PID:2668
-
\??\c:\lfhbnv.exec:\lfhbnv.exe86⤵PID:1648
-
\??\c:\fdndpdh.exec:\fdndpdh.exe87⤵PID:1800
-
\??\c:\pprjxt.exec:\pprjxt.exe88⤵PID:3032
-
\??\c:\vpnhx.exec:\vpnhx.exe89⤵PID:2328
-
\??\c:\vhtppvp.exec:\vhtppvp.exe90⤵PID:2948
-
\??\c:\fxxfll.exec:\fxxfll.exe91⤵PID:2904
-
\??\c:\bbrnrb.exec:\bbrnrb.exe92⤵PID:1160
-
\??\c:\jdjvdln.exec:\jdjvdln.exe93⤵PID:1272
-
\??\c:\htdhp.exec:\htdhp.exe94⤵PID:940
-
\??\c:\rnbtvd.exec:\rnbtvd.exe95⤵PID:1632
-
\??\c:\plxxhtx.exec:\plxxhtx.exe96⤵PID:2412
-
\??\c:\pdblvv.exec:\pdblvv.exe97⤵
- System Location Discovery: System Language Discovery
PID:580 -
\??\c:\rptnn.exec:\rptnn.exe98⤵PID:1944
-
\??\c:\nljttl.exec:\nljttl.exe99⤵PID:2284
-
\??\c:\pplxrhx.exec:\pplxrhx.exe100⤵PID:2332
-
\??\c:\trrlnv.exec:\trrlnv.exe101⤵PID:2456
-
\??\c:\ffhpft.exec:\ffhpft.exe102⤵PID:1396
-
\??\c:\hphlbb.exec:\hphlbb.exe103⤵PID:904
-
\??\c:\rrjtxpd.exec:\rrjtxpd.exe104⤵PID:2504
-
\??\c:\tptlhlj.exec:\tptlhlj.exe105⤵PID:1468
-
\??\c:\hpdpl.exec:\hpdpl.exe106⤵PID:2352
-
\??\c:\hffvxv.exec:\hffvxv.exe107⤵PID:1656
-
\??\c:\jjjjxj.exec:\jjjjxj.exe108⤵PID:1588
-
\??\c:\hfrjrj.exec:\hfrjrj.exe109⤵PID:3012
-
\??\c:\npfbldr.exec:\npfbldr.exe110⤵PID:2220
-
\??\c:\rhhjjt.exec:\rhhjjt.exe111⤵PID:112
-
\??\c:\tbnrdf.exec:\tbnrdf.exe112⤵PID:2052
-
\??\c:\fvdjdtd.exec:\fvdjdtd.exe113⤵PID:1120
-
\??\c:\xlfxrfx.exec:\xlfxrfx.exe114⤵PID:884
-
\??\c:\hdrpbdl.exec:\hdrpbdl.exe115⤵PID:2280
-
\??\c:\flbrjbd.exec:\flbrjbd.exe116⤵PID:2092
-
\??\c:\vvxxj.exec:\vvxxj.exe117⤵PID:2484
-
\??\c:\pvjrhl.exec:\pvjrhl.exe118⤵PID:1540
-
\??\c:\bfljtr.exec:\bfljtr.exe119⤵PID:3004
-
\??\c:\xjvll.exec:\xjvll.exe120⤵PID:2860
-
\??\c:\htxdf.exec:\htxdf.exe121⤵PID:2656
-
\??\c:\xhdjn.exec:\xhdjn.exe122⤵PID:2644
-
\??\c:\fthpf.exec:\fthpf.exe123⤵PID:2616
-
\??\c:\djlbplj.exec:\djlbplj.exe124⤵PID:2960
-
\??\c:\lxdnhp.exec:\lxdnhp.exe125⤵PID:2068
-
\??\c:\dvlbv.exec:\dvlbv.exe126⤵PID:1252
-
\??\c:\dvxxj.exec:\dvxxj.exe127⤵PID:604
-
\??\c:\vhhtvnb.exec:\vhhtvnb.exe128⤵PID:1856
-
\??\c:\flvlrrx.exec:\flvlrrx.exe129⤵PID:3024
-
\??\c:\hblpnh.exec:\hblpnh.exe130⤵PID:924
-
\??\c:\rxttj.exec:\rxttj.exe131⤵PID:2432
-
\??\c:\rrhpphx.exec:\rrhpphx.exe132⤵PID:948
-
\??\c:\bhvft.exec:\bhvft.exe133⤵PID:2104
-
\??\c:\hvnxjjn.exec:\hvnxjjn.exe134⤵PID:760
-
\??\c:\nrnxjx.exec:\nrnxjx.exe135⤵PID:1452
-
\??\c:\rtvllj.exec:\rtvllj.exe136⤵
- System Location Discovery: System Language Discovery
PID:1152 -
\??\c:\jrlnxld.exec:\jrlnxld.exe137⤵PID:1608
-
\??\c:\jnfhhx.exec:\jnfhhx.exe138⤵PID:1488
-
\??\c:\pbhnb.exec:\pbhnb.exe139⤵PID:2144
-
\??\c:\jbtvjxr.exec:\jbtvjxr.exe140⤵PID:1912
-
\??\c:\xfnrjt.exec:\xfnrjt.exe141⤵PID:2364
-
\??\c:\xbrlxv.exec:\xbrlxv.exe142⤵PID:2300
-
\??\c:\nfnpj.exec:\nfnpj.exe143⤵PID:2496
-
\??\c:\rjtnx.exec:\rjtnx.exe144⤵PID:2464
-
\??\c:\rbjndv.exec:\rbjndv.exe145⤵PID:1844
-
\??\c:\dhxxff.exec:\dhxxff.exe146⤵PID:552
-
\??\c:\dlhllfp.exec:\dlhllfp.exe147⤵PID:904
-
\??\c:\bdrtdv.exec:\bdrtdv.exe148⤵PID:1576
-
\??\c:\vdbbfvt.exec:\vdbbfvt.exe149⤵PID:1468
-
\??\c:\xxpjh.exec:\xxpjh.exe150⤵PID:1772
-
\??\c:\flxphjv.exec:\flxphjv.exe151⤵PID:1656
-
\??\c:\vhddrl.exec:\vhddrl.exe152⤵PID:1932
-
\??\c:\njhvx.exec:\njhvx.exe153⤵PID:1788
-
\??\c:\btphdbp.exec:\btphdbp.exe154⤵PID:1560
-
\??\c:\dflttbf.exec:\dflttbf.exe155⤵PID:3000
-
\??\c:\ptdbnj.exec:\ptdbnj.exe156⤵PID:1004
-
\??\c:\ppfnvh.exec:\ppfnvh.exe157⤵PID:2528
-
\??\c:\fpjrdt.exec:\fpjrdt.exe158⤵PID:2388
-
\??\c:\hlfpdbx.exec:\hlfpdbx.exe159⤵PID:2292
-
\??\c:\lbpph.exec:\lbpph.exe160⤵PID:2836
-
\??\c:\dlnfjbv.exec:\dlnfjbv.exe161⤵PID:2892
-
\??\c:\hrfffb.exec:\hrfffb.exe162⤵PID:2768
-
\??\c:\tdxrlvx.exec:\tdxrlvx.exe163⤵PID:1544
-
\??\c:\htrhnfn.exec:\htrhnfn.exe164⤵
- System Location Discovery: System Language Discovery
PID:2868 -
\??\c:\hjtvdnt.exec:\hjtvdnt.exe165⤵PID:2784
-
\??\c:\tdpffld.exec:\tdpffld.exe166⤵PID:2416
-
\??\c:\vllhpd.exec:\vllhpd.exe167⤵PID:2652
-
\??\c:\tdtpxd.exec:\tdtpxd.exe168⤵PID:1028
-
\??\c:\bdlnvh.exec:\bdlnvh.exe169⤵PID:2888
-
\??\c:\tnbhvbb.exec:\tnbhvbb.exe170⤵PID:2072
-
\??\c:\ttpptfb.exec:\ttpptfb.exe171⤵PID:1820
-
\??\c:\tttpll.exec:\tttpll.exe172⤵PID:2324
-
\??\c:\nfnhvtd.exec:\nfnhvtd.exe173⤵PID:2668
-
\??\c:\jfdbfv.exec:\jfdbfv.exe174⤵PID:3016
-
\??\c:\ttrld.exec:\ttrld.exe175⤵PID:2312
-
\??\c:\lhdblvb.exec:\lhdblvb.exe176⤵PID:2432
-
\??\c:\rpnpnn.exec:\rpnpnn.exe177⤵PID:2716
-
\??\c:\dppbjt.exec:\dppbjt.exe178⤵PID:1708
-
\??\c:\ndprfv.exec:\ndprfv.exe179⤵PID:1776
-
\??\c:\fjhpp.exec:\fjhpp.exe180⤵PID:564
-
\??\c:\xpddtt.exec:\xpddtt.exe181⤵PID:2576
-
\??\c:\hrvdjvb.exec:\hrvdjvb.exe182⤵PID:2544
-
\??\c:\jxhrfn.exec:\jxhrfn.exe183⤵PID:2368
-
\??\c:\jftpn.exec:\jftpn.exe184⤵PID:2160
-
\??\c:\fnxjdbb.exec:\fnxjdbb.exe185⤵PID:2468
-
\??\c:\ttxfldf.exec:\ttxfldf.exe186⤵PID:2348
-
\??\c:\xddrvtn.exec:\xddrvtn.exe187⤵PID:2556
-
\??\c:\hpblxh.exec:\hpblxh.exe188⤵PID:1676
-
\??\c:\blbntjv.exec:\blbntjv.exe189⤵PID:2456
-
\??\c:\hbjpb.exec:\hbjpb.exe190⤵PID:1844
-
\??\c:\lplhph.exec:\lplhph.exe191⤵PID:972
-
\??\c:\fjtvbb.exec:\fjtvbb.exe192⤵PID:904
-
\??\c:\ntltfxh.exec:\ntltfxh.exe193⤵PID:1980
-
\??\c:\jnbpvnx.exec:\jnbpvnx.exe194⤵PID:1468
-
\??\c:\tvhjbpb.exec:\tvhjbpb.exe195⤵PID:1688
-
\??\c:\tdjfv.exec:\tdjfv.exe196⤵PID:1656
-
\??\c:\lvvfl.exec:\lvvfl.exe197⤵PID:2592
-
\??\c:\pdjpvfr.exec:\pdjpvfr.exe198⤵PID:2220
-
\??\c:\hbfpt.exec:\hbfpt.exe199⤵PID:3052
-
\??\c:\bbbrb.exec:\bbbrb.exe200⤵PID:2184
-
\??\c:\xbdbt.exec:\xbdbt.exe201⤵PID:2136
-
\??\c:\djhhr.exec:\djhhr.exe202⤵PID:884
-
\??\c:\nntpfnr.exec:\nntpfnr.exe203⤵PID:2748
-
\??\c:\jfflrv.exec:\jfflrv.exe204⤵PID:2392
-
\??\c:\jxvrbl.exec:\jxvrbl.exe205⤵PID:2248
-
\??\c:\bbdfxfp.exec:\bbdfxfp.exe206⤵PID:2436
-
\??\c:\jprvd.exec:\jprvd.exe207⤵PID:2768
-
\??\c:\tdvlrj.exec:\tdvlrj.exe208⤵PID:1784
-
\??\c:\jrtrnlb.exec:\jrtrnlb.exe209⤵PID:2780
-
\??\c:\jnnplp.exec:\jnnplp.exe210⤵PID:2676
-
\??\c:\hhbdrtp.exec:\hhbdrtp.exe211⤵PID:2636
-
\??\c:\hbdvl.exec:\hbdvl.exe212⤵PID:2876
-
\??\c:\fvxdhnd.exec:\fvxdhnd.exe213⤵PID:2068
-
\??\c:\hpvfnxh.exec:\hpvfnxh.exe214⤵PID:2340
-
\??\c:\jhfnn.exec:\jhfnn.exe215⤵PID:2072
-
\??\c:\frrvf.exec:\frrvf.exe216⤵PID:2276
-
\??\c:\lrdxxnb.exec:\lrdxxnb.exe217⤵PID:964
-
\??\c:\tdppvx.exec:\tdppvx.exe218⤵PID:3032
-
\??\c:\dpfdv.exec:\dpfdv.exe219⤵PID:1132
-
\??\c:\rprjf.exec:\rprjf.exe220⤵PID:1800
-
\??\c:\dppllrd.exec:\dppllrd.exe221⤵PID:2008
-
\??\c:\vfxlhdp.exec:\vfxlhdp.exe222⤵PID:2588
-
\??\c:\xfrlx.exec:\xfrlx.exe223⤵PID:2296
-
\??\c:\jvxnrht.exec:\jvxnrht.exe224⤵PID:1956
-
\??\c:\vhttth.exec:\vhttth.exe225⤵
- System Location Discovery: System Language Discovery
PID:460 -
\??\c:\hfdbtrn.exec:\hfdbtrn.exe226⤵PID:1908
-
\??\c:\xbvdlbh.exec:\xbvdlbh.exe227⤵PID:1796
-
\??\c:\lbvbx.exec:\lbvbx.exe228⤵
- System Location Discovery: System Language Discovery
PID:2368 -
\??\c:\ddhvn.exec:\ddhvn.exe229⤵PID:1912
-
\??\c:\fnlltl.exec:\fnlltl.exe230⤵PID:2468
-
\??\c:\dbtbf.exec:\dbtbf.exe231⤵PID:2480
-
\??\c:\xrtdpdx.exec:\xrtdpdx.exe232⤵PID:2556
-
\??\c:\fvnllf.exec:\fvnllf.exe233⤵PID:2464
-
\??\c:\hpxvd.exec:\hpxvd.exe234⤵PID:1768
-
\??\c:\tlfvtj.exec:\tlfvtj.exe235⤵PID:2504
-
\??\c:\rjvptxn.exec:\rjvptxn.exe236⤵PID:1336
-
\??\c:\jthln.exec:\jthln.exe237⤵PID:2460
-
\??\c:\npxdt.exec:\npxdt.exe238⤵PID:1464
-
\??\c:\rvtdpb.exec:\rvtdpb.exe239⤵PID:3068
-
\??\c:\pdnpt.exec:\pdnpt.exe240⤵PID:1588
-
\??\c:\jldpdx.exec:\jldpdx.exe241⤵PID:748
-
\??\c:\dbjlj.exec:\dbjlj.exe242⤵PID:1108