Analysis
-
max time kernel
145s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
07/01/2024, 19:37
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
ac17088f70129d30cb6bab2413161494.exe
Resource
win7-20231215-en
5 signatures
150 seconds
General
-
Target
ac17088f70129d30cb6bab2413161494.exe
-
Size
75KB
-
MD5
ac17088f70129d30cb6bab2413161494
-
SHA1
1cfc3bd74642d3efe4b9af6d930ace3492d4f067
-
SHA256
28a09e5a32e54356687670ddbfed592f88213f17826a4a35d5f8fbebf1487f6e
-
SHA512
9fe64b921c4714a42ae6f1ce6220d984f30652cb20dbf4d86f8630c9df4fa971662ca382bb7d40e5604b953310d9a0a50ff37feb3de1901f4900d796972ae98a
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIkpi+qmPVe6fgt/V:ymb3NkkiQ3mdBjFIj+qmdXW/V
Malware Config
Signatures
-
Detect Blackmoon payload 37 IoCs
resource yara_rule behavioral1/memory/2228-3-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2164-14-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2984-44-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2776-64-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2624-75-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2792-122-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1660-207-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1812-246-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1964-284-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2820-343-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1312-437-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1404-453-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1792-582-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2340-621-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1000-837-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2932-735-0x0000000000220000-0x000000000022C000-memory.dmp family_blackmoon behavioral1/memory/1760-522-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2992-499-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2992-498-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1760-475-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2096-422-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1404-413-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2928-391-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2688-376-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2636-366-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2768-345-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1812-302-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1120-227-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2580-217-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/3000-188-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2052-178-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2096-120-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2960-103-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1532-85-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2892-54-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2840-33-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/840-1083-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 2164 bbnbhn.exe 2344 nbhbhb.exe 2840 lrxxlxl.exe 2984 hbbnnb.exe 2892 xxfrlff.exe 2776 vddjv.exe 2624 rrrflxr.exe 1532 tthbhb.exe 2176 5rxffll.exe 2960 fxlxlrf.exe 2096 hhbntb.exe 2792 ppddp.exe 1044 xrlrrxl.exe 560 3pdpv.exe 764 xffxfxl.exe 1040 1jjdd.exe 1592 rlllxfl.exe 2052 1bnhbn.exe 3000 lflfllx.exe 2992 tbtnhn.exe 1660 ffrffff.exe 2580 dddpj.exe 1120 hbnhnn.exe 928 pvpdp.exe 1812 3lrlrxl.exe 1884 nhnnbn.exe 1652 fflxrlf.exe 1960 5thhnn.exe 1964 rrxffxr.exe 1712 3nbthn.exe 1512 rlfrlrl.exe 2324 7jjjp.exe 1340 bthttn.exe 2756 jvjjp.exe 2820 bttttt.exe 2768 7dvpv.exe 2648 nhhthn.exe 2636 3vddv.exe 2764 rlxxfxl.exe 2688 nttthh.exe 2656 pdvjj.exe 2928 3bnhtb.exe 1300 ddppv.exe 1404 1hbbhh.exe 1844 jdpdd.exe 2096 hhbntb.exe 1036 7ffxfff.exe 1312 flllfxx.exe 2712 xrlfllr.exe 2748 7xfrrxl.exe 2024 dvpdp.exe 1760 htnntt.exe 2068 jjdjv.exe 1928 5rlrlrx.exe 2888 djvvd.exe 2992 tbtnhn.exe 112 hbnntt.exe 448 pvppj.exe 2248 vdvjj.exe 1120 hbnhnn.exe 1932 jjjdj.exe 1812 3lrlrxl.exe 1000 jpjvv.exe 1752 rxfxfxr.exe -
resource yara_rule behavioral1/memory/2228-3-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2164-14-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2984-44-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2776-64-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2624-75-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2792-122-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1660-207-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1812-246-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1964-284-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2820-343-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1312-437-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1312-436-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2712-445-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1404-453-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1928-483-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1792-582-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2340-621-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1000-837-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2472-792-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2396-692-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2836-635-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2380-604-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1748-589-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1704-573-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1812-544-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1760-522-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2992-499-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2992-498-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1760-475-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2096-422-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1404-413-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2928-391-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2928-390-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2688-376-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2688-374-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2636-366-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2768-345-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2756-328-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1512-304-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1964-282-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1884-255-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1120-227-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2580-217-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/3000-188-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2052-178-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2096-120-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2960-103-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1532-85-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2892-54-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2984-41-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2840-33-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2212-1061-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/840-1083-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1932-1112-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/788-1120-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1704-1135-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2288-1150-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2228 wrote to memory of 2164 2228 fxlxxxf.exe 28 PID 2228 wrote to memory of 2164 2228 fxlxxxf.exe 28 PID 2228 wrote to memory of 2164 2228 fxlxxxf.exe 28 PID 2228 wrote to memory of 2164 2228 fxlxxxf.exe 28 PID 2164 wrote to memory of 2344 2164 bbnbhn.exe 161 PID 2164 wrote to memory of 2344 2164 bbnbhn.exe 161 PID 2164 wrote to memory of 2344 2164 bbnbhn.exe 161 PID 2164 wrote to memory of 2344 2164 bbnbhn.exe 161 PID 2344 wrote to memory of 2840 2344 nbhbhb.exe 160 PID 2344 wrote to memory of 2840 2344 nbhbhb.exe 160 PID 2344 wrote to memory of 2840 2344 nbhbhb.exe 160 PID 2344 wrote to memory of 2840 2344 nbhbhb.exe 160 PID 2840 wrote to memory of 2984 2840 lrxxlxl.exe 29 PID 2840 wrote to memory of 2984 2840 lrxxlxl.exe 29 PID 2840 wrote to memory of 2984 2840 lrxxlxl.exe 29 PID 2840 wrote to memory of 2984 2840 lrxxlxl.exe 29 PID 2984 wrote to memory of 2892 2984 hbbnnb.exe 159 PID 2984 wrote to memory of 2892 2984 hbbnnb.exe 159 PID 2984 wrote to memory of 2892 2984 hbbnnb.exe 159 PID 2984 wrote to memory of 2892 2984 hbbnnb.exe 159 PID 2892 wrote to memory of 2776 2892 xxfrlff.exe 158 PID 2892 wrote to memory of 2776 2892 xxfrlff.exe 158 PID 2892 wrote to memory of 2776 2892 xxfrlff.exe 158 PID 2892 wrote to memory of 2776 2892 xxfrlff.exe 158 PID 2776 wrote to memory of 2624 2776 vddjv.exe 157 PID 2776 wrote to memory of 2624 2776 vddjv.exe 157 PID 2776 wrote to memory of 2624 2776 vddjv.exe 157 PID 2776 wrote to memory of 2624 2776 vddjv.exe 157 PID 2624 wrote to memory of 1532 2624 rrrflxr.exe 30 PID 2624 wrote to memory of 1532 2624 rrrflxr.exe 30 PID 2624 wrote to memory of 1532 2624 rrrflxr.exe 30 PID 2624 wrote to memory of 1532 2624 rrrflxr.exe 30 PID 1532 wrote to memory of 2176 1532 tthbhb.exe 156 PID 1532 wrote to memory of 2176 1532 tthbhb.exe 156 PID 1532 wrote to memory of 2176 1532 tthbhb.exe 156 PID 1532 wrote to memory of 2176 1532 tthbhb.exe 156 PID 2176 wrote to memory of 2960 2176 5rxffll.exe 155 PID 2176 wrote to memory of 2960 2176 5rxffll.exe 155 PID 2176 wrote to memory of 2960 2176 5rxffll.exe 155 PID 2176 wrote to memory of 2960 2176 5rxffll.exe 155 PID 2960 wrote to memory of 2096 2960 fxlxlrf.exe 154 PID 2960 wrote to memory of 2096 2960 fxlxlrf.exe 154 PID 2960 wrote to memory of 2096 2960 fxlxlrf.exe 154 PID 2960 wrote to memory of 2096 2960 fxlxlrf.exe 154 PID 2096 wrote to memory of 2792 2096 hhbntb.exe 153 PID 2096 wrote to memory of 2792 2096 hhbntb.exe 153 PID 2096 wrote to memory of 2792 2096 hhbntb.exe 153 PID 2096 wrote to memory of 2792 2096 hhbntb.exe 153 PID 2792 wrote to memory of 1044 2792 ppddp.exe 152 PID 2792 wrote to memory of 1044 2792 ppddp.exe 152 PID 2792 wrote to memory of 1044 2792 ppddp.exe 152 PID 2792 wrote to memory of 1044 2792 ppddp.exe 152 PID 1044 wrote to memory of 560 1044 xrlrrxl.exe 151 PID 1044 wrote to memory of 560 1044 xrlrrxl.exe 151 PID 1044 wrote to memory of 560 1044 xrlrrxl.exe 151 PID 1044 wrote to memory of 560 1044 xrlrrxl.exe 151 PID 560 wrote to memory of 764 560 3pdpv.exe 150 PID 560 wrote to memory of 764 560 3pdpv.exe 150 PID 560 wrote to memory of 764 560 3pdpv.exe 150 PID 560 wrote to memory of 764 560 3pdpv.exe 150 PID 764 wrote to memory of 1040 764 xffxfxl.exe 149 PID 764 wrote to memory of 1040 764 xffxfxl.exe 149 PID 764 wrote to memory of 1040 764 xffxfxl.exe 149 PID 764 wrote to memory of 1040 764 xffxfxl.exe 149
Processes
-
C:\Users\Admin\AppData\Local\Temp\ac17088f70129d30cb6bab2413161494.exe"C:\Users\Admin\AppData\Local\Temp\ac17088f70129d30cb6bab2413161494.exe"1⤵PID:2228
-
\??\c:\bbnbhn.exec:\bbnbhn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2164 -
\??\c:\nbhbhb.exec:\nbhbhb.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2344
-
-
-
\??\c:\htbbhb.exec:\htbbhb.exe2⤵PID:2860
-
-
\??\c:\hbbnnb.exec:\hbbnnb.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2984 -
\??\c:\xxfrlff.exec:\xxfrlff.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2892
-
-
\??\c:\tthbhb.exec:\tthbhb.exe1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1532 -
\??\c:\5rxffll.exec:\5rxffll.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2176
-
-
\??\c:\nhnnbn.exec:\nhnnbn.exe1⤵
- Executes dropped EXE
PID:1884 -
\??\c:\fflxrlf.exec:\fflxrlf.exe2⤵
- Executes dropped EXE
PID:1652
-
-
\??\c:\bthttn.exec:\bthttn.exe1⤵
- Executes dropped EXE
PID:1340 -
\??\c:\jvjjp.exec:\jvjjp.exe2⤵
- Executes dropped EXE
PID:2756
-
-
\??\c:\pdvjj.exec:\pdvjj.exe1⤵
- Executes dropped EXE
PID:2656 -
\??\c:\3bnhtb.exec:\3bnhtb.exe2⤵
- Executes dropped EXE
PID:2928
-
-
\??\c:\thhnbb.exec:\thhnbb.exe1⤵PID:1312
-
\??\c:\nhbbnn.exec:\nhbbnn.exe2⤵PID:2932
-
-
\??\c:\7ffxfff.exec:\7ffxfff.exe1⤵
- Executes dropped EXE
PID:1036
-
\??\c:\5rlrlrx.exec:\5rlrlrx.exe1⤵
- Executes dropped EXE
PID:1928 -
\??\c:\djvvd.exec:\djvvd.exe2⤵
- Executes dropped EXE
PID:2888
-
-
\??\c:\hbnntt.exec:\hbnntt.exe1⤵
- Executes dropped EXE
PID:112 -
\??\c:\pvppj.exec:\pvppj.exe2⤵
- Executes dropped EXE
PID:448 -
\??\c:\vdvjj.exec:\vdvjj.exe3⤵
- Executes dropped EXE
PID:2248
-
-
-
\??\c:\vpjdd.exec:\vpjdd.exe1⤵PID:1932
-
\??\c:\fxrxlfr.exec:\fxrxlfr.exe2⤵PID:688
-
-
\??\c:\9bntbh.exec:\9bntbh.exe1⤵PID:2720
-
\??\c:\dvjjp.exec:\dvjjp.exe2⤵PID:2836
-
-
\??\c:\rrrxlrx.exec:\rrrxlrx.exe1⤵PID:1796
-
\??\c:\hnbbtb.exec:\hnbbtb.exe2⤵PID:3064
-
-
\??\c:\hbnbnb.exec:\hbnbnb.exe1⤵PID:1056
-
\??\c:\7rfxffl.exec:\7rfxffl.exe2⤵PID:1844
-
\??\c:\9lrrllr.exec:\9lrrllr.exe3⤵PID:2096
-
\??\c:\ppddp.exec:\ppddp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2792
-
-
-
-
\??\c:\hbhhtt.exec:\hbhhtt.exe1⤵PID:2184
-
\??\c:\9jddj.exec:\9jddj.exe2⤵PID:1984
-
-
\??\c:\5thhnn.exec:\5thhnn.exe1⤵PID:2788
-
\??\c:\ppjvj.exec:\ppjvj.exe2⤵PID:1972
-
-
\??\c:\hhtbhh.exec:\hhtbhh.exe2⤵PID:2600
-
\??\c:\5jpdj.exec:\5jpdj.exe3⤵PID:2368
-
-
-
\??\c:\ffxxfrf.exec:\ffxxfrf.exe1⤵PID:780
-
\??\c:\vvjvj.exec:\vvjvj.exe2⤵PID:1988
-
-
\??\c:\bnhhhh.exec:\bnhhhh.exe1⤵PID:1032
-
\??\c:\pppvd.exec:\pppvd.exe2⤵PID:872
-
-
\??\c:\9lflflr.exec:\9lflflr.exe1⤵PID:2716
-
\??\c:\ddvjv.exec:\ddvjv.exe2⤵PID:2836
-
\??\c:\lfffflr.exec:\lfffflr.exe3⤵PID:2700
-
-
-
\??\c:\5rfxxfl.exec:\5rfxxfl.exe1⤵PID:2500
-
\??\c:\3dpvd.exec:\3dpvd.exe2⤵PID:1536
-
-
\??\c:\jdpdd.exec:\jdpdd.exe1⤵PID:1744
-
\??\c:\9tnbnb.exec:\9tnbnb.exe2⤵PID:2944
-
-
\??\c:\jdvdp.exec:\jdvdp.exe1⤵PID:2680
-
\??\c:\bnnhbt.exec:\bnnhbt.exe2⤵PID:664
-
\??\c:\nhtbtt.exec:\nhtbtt.exe3⤵PID:1524
-
-
-
\??\c:\5lrlfxx.exec:\5lrlfxx.exe1⤵PID:868
-
\??\c:\7bhtnt.exec:\7bhtnt.exe1⤵PID:1760
-
\??\c:\rrxlxlx.exec:\rrxlxlx.exe2⤵PID:2024
-
-
\??\c:\jjdjv.exec:\jjdjv.exe2⤵
- Executes dropped EXE
PID:2068
-
-
\??\c:\hthbnb.exec:\hthbnb.exe1⤵PID:2200
-
\??\c:\flffllr.exec:\flffllr.exe2⤵PID:3000
-
\??\c:\ppjjd.exec:\ppjjd.exe3⤵PID:2212
-
\??\c:\bbbthh.exec:\bbbthh.exe4⤵PID:2296
-
\??\c:\llxxflf.exec:\llxxflf.exe5⤵PID:1664
-
\??\c:\vvpjd.exec:\vvpjd.exe6⤵PID:840
-
\??\c:\hhbhbb.exec:\hhbhbb.exe7⤵PID:780
-
\??\c:\hthhtt.exec:\hthhtt.exe8⤵PID:960
-
\??\c:\rrffrxr.exec:\rrffrxr.exe9⤵PID:2076
-
\??\c:\jjjdj.exec:\jjjdj.exe10⤵
- Executes dropped EXE
PID:1932 -
\??\c:\hbhhhh.exec:\hbhhhh.exe11⤵PID:788
-
\??\c:\lxlrxxl.exec:\lxlrxxl.exe12⤵PID:2492
-
\??\c:\hbntbh.exec:\hbntbh.exe13⤵PID:1704
-
\??\c:\jpddp.exec:\jpddp.exe14⤵PID:2180
-
\??\c:\bnnbnn.exec:\bnnbnn.exe15⤵PID:2288
-
\??\c:\vddvp.exec:\vddvp.exe16⤵PID:2284
-
\??\c:\9xlffxx.exec:\9xlffxx.exe17⤵PID:2704
-
\??\c:\dvpvj.exec:\dvpvj.exe18⤵PID:1608
-
\??\c:\xlflxfl.exec:\xlflxfl.exe19⤵PID:1212
-
\??\c:\nnhhnt.exec:\nnhhnt.exe20⤵PID:2132
-
\??\c:\rfrxxfl.exec:\rfrxxfl.exe21⤵PID:2820
-
\??\c:\9htbht.exec:\9htbht.exe22⤵PID:2636
-
\??\c:\bbttbn.exec:\bbttbn.exe23⤵PID:2836
-
\??\c:\jdpdp.exec:\jdpdp.exe24⤵PID:1732
-
\??\c:\nbbhbn.exec:\nbbhbn.exe25⤵PID:2732
-
\??\c:\3vjpv.exec:\3vjpv.exe26⤵PID:2896
-
\??\c:\bnnttb.exec:\bnnttb.exe27⤵PID:300
-
\??\c:\dvjpd.exec:\dvjpd.exe28⤵PID:2684
-
\??\c:\hbbbbb.exec:\hbbbbb.exe29⤵PID:1940
-
\??\c:\pjpdp.exec:\pjpdp.exe30⤵PID:2964
-
\??\c:\7nbtnb.exec:\7nbtnb.exe31⤵PID:2392
-
\??\c:\7xrfxlx.exec:\7xrfxlx.exe32⤵PID:2096
-
\??\c:\vvjvp.exec:\vvjvp.exe33⤵PID:848
-
\??\c:\xrrflrr.exec:\xrrflrr.exe34⤵PID:1984
-
\??\c:\dvddp.exec:\dvddp.exe35⤵PID:1648
-
\??\c:\hhnbtn.exec:\hhnbtn.exe36⤵PID:1312
-
\??\c:\pjppj.exec:\pjppj.exe37⤵PID:1592
-
\??\c:\hhbttn.exec:\hhbttn.exe38⤵PID:2084
-
\??\c:\jvjvj.exec:\jvjvj.exe39⤵PID:2068
-
\??\c:\ttbntn.exec:\ttbntn.exe40⤵PID:1772
-
\??\c:\rrxflrl.exec:\rrxflrl.exe41⤵PID:2272
-
\??\c:\tbtntn.exec:\tbtntn.exe42⤵PID:820
-
\??\c:\nntttt.exec:\nntttt.exe43⤵PID:2364
-
\??\c:\vjpvp.exec:\vjpvp.exe44⤵PID:1784
-
\??\c:\frflrlf.exec:\frflrlf.exe45⤵PID:2556
-
\??\c:\pdppv.exec:\pdppv.exe46⤵PID:1820
-
\??\c:\lfrrrxx.exec:\lfrrrxx.exe47⤵PID:240
-
\??\c:\bthntt.exec:\bthntt.exe48⤵PID:1080
-
\??\c:\rrflxlr.exec:\rrflxlr.exe49⤵PID:2100
-
\??\c:\vvpvp.exec:\vvpvp.exe50⤵PID:2852
-
\??\c:\hhbhbb.exec:\hhbhbb.exe51⤵PID:1628
-
\??\c:\vpjdp.exec:\vpjdp.exe52⤵PID:572
-
\??\c:\llllxxf.exec:\llllxxf.exe53⤵PID:896
-
\??\c:\ppjdv.exec:\ppjdv.exe54⤵PID:1616
-
\??\c:\xlxxrxf.exec:\xlxxrxf.exe55⤵PID:1328
-
\??\c:\vdpjj.exec:\vdpjj.exe56⤵PID:3068
-
\??\c:\vddvp.exec:\vddvp.exe57⤵PID:2232
-
\??\c:\rrllrxx.exec:\rrllrxx.exe58⤵PID:2752
-
\??\c:\9vpdp.exec:\9vpdp.exe59⤵PID:2340
-
\??\c:\rlllxrf.exec:\rlllxrf.exe60⤵PID:2860
-
\??\c:\jppjp.exec:\jppjp.exe61⤵PID:1728
-
\??\c:\rlfxrxr.exec:\rlfxrxr.exe62⤵PID:1832
-
\??\c:\jvvpj.exec:\jvvpj.exe63⤵PID:2700
-
\??\c:\rflfffr.exec:\rflfffr.exe64⤵PID:2636
-
\??\c:\pjpjp.exec:\pjpjp.exe65⤵PID:2148
-
\??\c:\tntbtb.exec:\tntbtb.exe66⤵PID:2980
-
\??\c:\ppvdd.exec:\ppvdd.exe67⤵PID:1532
-
\??\c:\htthbh.exec:\htthbh.exe68⤵PID:2956
-
\??\c:\hhttbh.exec:\hhttbh.exe69⤵PID:1440
-
\??\c:\3xxxffx.exec:\3xxxffx.exe70⤵PID:2960
-
\??\c:\nbhhtn.exec:\nbhhtn.exe71⤵PID:2944
-
\??\c:\7lrllll.exec:\7lrllll.exe72⤵PID:2192
-
\??\c:\thbhtb.exec:\thbhtb.exe73⤵PID:868
-
\??\c:\jvvvj.exec:\jvvvj.exe74⤵PID:2096
-
\??\c:\rxxlxxr.exec:\rxxlxxr.exe75⤵PID:764
-
\??\c:\tbbbtt.exec:\tbbbtt.exe76⤵PID:2904
-
\??\c:\9rxlrfl.exec:\9rxlrfl.exe77⤵PID:2240
-
\??\c:\1hbntb.exec:\1hbntb.exe78⤵PID:2060
-
\??\c:\7frllxl.exec:\7frllxl.exe79⤵PID:2056
-
\??\c:\hntbhn.exec:\hntbhn.exe80⤵PID:2600
-
\??\c:\7frrrrx.exec:\7frrrrx.exe81⤵PID:640
-
\??\c:\9nttbh.exec:\9nttbh.exe82⤵PID:1656
-
\??\c:\frllxxf.exec:\frllxxf.exe83⤵PID:2272
-
\??\c:\1pvpv.exec:\1pvpv.exe84⤵PID:2212
-
\??\c:\xrffxxl.exec:\xrffxxl.exe85⤵PID:2044
-
\??\c:\nnbhnt.exec:\nnbhnt.exe86⤵PID:1784
-
\??\c:\9lffrrl.exec:\9lffrrl.exe87⤵PID:1356
-
\??\c:\jpppj.exec:\jpppj.exe88⤵PID:2136
-
\??\c:\ttnnhh.exec:\ttnnhh.exe89⤵PID:288
-
\??\c:\5vpdj.exec:\5vpdj.exe90⤵PID:3040
-
\??\c:\ffrxllr.exec:\ffrxllr.exe91⤵PID:2100
-
\??\c:\hnnbth.exec:\hnnbth.exe92⤵PID:916
-
\??\c:\rrlfllf.exec:\rrlfllf.exe93⤵PID:2372
-
\??\c:\nbnhht.exec:\nbnhht.exe94⤵PID:788
-
\??\c:\rrrllxl.exec:\rrrllxl.exe95⤵PID:1064
-
\??\c:\rrfxfrr.exec:\rrfxfrr.exe96⤵PID:1584
-
\??\c:\nntnnt.exec:\nntnnt.exe97⤵PID:2288
-
\??\c:\pjjvv.exec:\pjjvv.exe98⤵PID:2816
-
\??\c:\ttnhnn.exec:\ttnhnn.exe99⤵PID:884
-
\??\c:\lllrxrf.exec:\lllrxrf.exe100⤵PID:2404
-
\??\c:\vjpvd.exec:\vjpvd.exe101⤵PID:2828
-
\??\c:\llflflr.exec:\llflflr.exe102⤵PID:2092
-
\??\c:\thbnht.exec:\thbnht.exe103⤵PID:2008
-
\??\c:\fxrrflx.exec:\fxrrflx.exe104⤵PID:2648
-
\??\c:\tnbnbn.exec:\tnbnbn.exe105⤵PID:2464
-
\??\c:\ffrrrrf.exec:\ffrrrrf.exe106⤵PID:2912
-
\??\c:\nthnnt.exec:\nthnnt.exe107⤵PID:1800
-
\??\c:\vpppj.exec:\vpppj.exe108⤵PID:2676
-
\??\c:\nnbhhn.exec:\nnbhhn.exe109⤵PID:1300
-
\??\c:\vpdvj.exec:\vpdvj.exe110⤵PID:2708
-
\??\c:\ntnthn.exec:\ntnthn.exe111⤵PID:2928
-
\??\c:\vvpdp.exec:\vvpdp.exe112⤵PID:1712
-
\??\c:\9lfrllx.exec:\9lfrllx.exe113⤵PID:560
-
\??\c:\ppjpd.exec:\ppjpd.exe114⤵PID:1540
-
\??\c:\ffrfrfr.exec:\ffrfrfr.exe115⤵PID:2920
-
\??\c:\nthbnh.exec:\nthbnh.exe116⤵PID:1984
-
\??\c:\fxlrxlx.exec:\fxlrxlx.exe117⤵PID:1648
-
\??\c:\btbnnn.exec:\btbnnn.exe118⤵PID:1312
-
\??\c:\vddpp.exec:\vddpp.exe119⤵PID:632
-
\??\c:\ttnntt.exec:\ttnntt.exe120⤵PID:1760
-
\??\c:\xrrlxfx.exec:\xrrlxfx.exe121⤵PID:2368
-
\??\c:\bthhtn.exec:\bthhtn.exe122⤵PID:1976
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-