Analysis
-
max time kernel
150s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20240412-en -
resource tags
arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system -
submitted
20/04/2024, 05:16
Behavioral task
behavioral1
Sample
feda4bec689ec6187b5768d2e5717be62896028b9066aabdf798f8e2f49cb2b5.exe
Resource
win7-20231129-en
windows7-x64
6 signatures
150 seconds
General
-
Target
feda4bec689ec6187b5768d2e5717be62896028b9066aabdf798f8e2f49cb2b5.exe
-
Size
59KB
-
MD5
b16b86579ba477d65df1d330aef7a460
-
SHA1
82604b6d2c103b24e03c89a8da18a06ae4762caf
-
SHA256
feda4bec689ec6187b5768d2e5717be62896028b9066aabdf798f8e2f49cb2b5
-
SHA512
48e2dd95c8da496be49d9d62f9385ecdea70b343eb74d31fbad2e9e9dec1cf6e3b1214e47a00c63107d56b197db1f171fb1f7aa3df18678731f59623eea06001
-
SSDEEP
1536:zvQBeOGtrYS3srx93UBWfwC6Ggnouy8iT4+IJ9OJc3GkV:zhOmTsF93UYfwC6GIoutiTmm+xV
Malware Config
Signatures
-
Detect Blackmoon payload 51 IoCs
resource yara_rule behavioral2/memory/1408-4-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1628-7-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2932-17-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3868-14-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1444-27-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2380-24-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2936-38-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4236-35-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1340-46-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2028-49-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1256-53-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4164-61-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1944-63-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3164-68-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2596-80-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3028-82-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4640-93-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3256-97-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3404-90-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3644-102-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1724-117-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1328-129-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4852-132-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/384-142-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1548-148-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3524-158-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1112-160-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3316-168-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3600-171-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/972-173-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1372-176-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4516-180-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2820-183-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3904-199-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2300-203-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/448-205-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1448-210-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5000-216-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3552-223-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/400-232-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4828-230-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1516-236-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2976-239-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4980-251-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1736-263-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3964-266-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3608-267-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4832-285-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2404-299-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3460-305-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2380-339-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 64 IoCs
resource yara_rule behavioral2/memory/1408-0-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/1408-4-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000300000001e97a-3.dat UPX behavioral2/files/0x0006000000023270-9.dat UPX behavioral2/memory/1628-7-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002341e-11.dat UPX behavioral2/files/0x000700000002341f-19.dat UPX behavioral2/memory/2932-17-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3868-14-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023420-23.dat UPX behavioral2/memory/1444-27-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2380-24-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023421-29.dat UPX behavioral2/memory/4236-31-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023422-34.dat UPX behavioral2/memory/2936-38-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023423-40.dat UPX behavioral2/memory/4236-35-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023424-44.dat UPX behavioral2/memory/1340-46-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/2028-49-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023425-50.dat UPX behavioral2/memory/1256-53-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023426-55.dat UPX behavioral2/files/0x0007000000023427-59.dat UPX behavioral2/memory/4164-61-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/1944-63-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023428-65.dat UPX behavioral2/memory/3164-68-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023429-70.dat UPX behavioral2/files/0x000700000002342a-74.dat UPX behavioral2/files/0x000700000002342b-78.dat UPX behavioral2/memory/2596-80-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002342c-84.dat UPX behavioral2/memory/3028-82-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002342d-89.dat UPX behavioral2/memory/4640-93-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002342f-99.dat UPX behavioral2/memory/3256-97-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002342e-95.dat UPX behavioral2/memory/3404-90-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3644-102-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023430-104.dat UPX behavioral2/files/0x0007000000023431-108.dat UPX behavioral2/files/0x0007000000023432-112.dat UPX behavioral2/files/0x0007000000023433-116.dat UPX behavioral2/memory/1724-117-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023434-121.dat UPX behavioral2/files/0x0007000000023435-126.dat UPX behavioral2/memory/4852-127-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/1328-129-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/4852-132-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000800000002341b-131.dat UPX behavioral2/files/0x0007000000023436-136.dat UPX behavioral2/files/0x0007000000023437-140.dat UPX behavioral2/memory/384-142-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023438-145.dat UPX behavioral2/memory/1548-148-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x0007000000023439-150.dat UPX behavioral2/memory/3524-152-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/files/0x000700000002343a-155.dat UPX behavioral2/memory/3524-158-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/1112-160-0x0000000000400000-0x0000000000427000-memory.dmp UPX behavioral2/memory/3316-165-0x0000000000400000-0x0000000000427000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 1628 48666.exe 3868 jddvj.exe 2932 2622004.exe 2380 ddddd.exe 1444 40664.exe 4236 686044.exe 2936 pjjjd.exe 1340 nbbtnn.exe 2028 vjvpj.exe 1256 8460448.exe 4164 xrrlfff.exe 1944 i660000.exe 3164 280488.exe 4228 hthbbb.exe 2596 6220004.exe 3028 xrllllr.exe 3404 dvddd.exe 4640 006044.exe 3256 82204.exe 3644 0848660.exe 2064 pdddd.exe 4160 hbhbhh.exe 1724 40486.exe 376 m4600.exe 1328 82860.exe 4852 rrllrxf.exe 3076 4260824.exe 384 3djvp.exe 412 408826.exe 1548 xlflxlr.exe 3524 bttnhh.exe 1112 8600246.exe 2296 vvvvv.exe 2708 tnhbtt.exe 3316 224860.exe 3600 2680460.exe 972 4642464.exe 1372 q84482.exe 4516 k42004.exe 2820 bththt.exe 364 88042.exe 4500 g0660.exe 4768 02668.exe 4340 k82084.exe 1536 606042.exe 1832 c848604.exe 3904 24480.exe 2300 tnbbhh.exe 448 42666.exe 1448 264426.exe 2592 044862.exe 5000 dpvpj.exe 1872 nnbhbt.exe 3544 406600.exe 1108 xffrlfx.exe 3552 frrfrrl.exe 3248 m6262.exe 4828 rlxrxrf.exe 400 fllxrlx.exe 1516 w06600.exe 2976 6060084.exe 3412 tnnthh.exe 4424 jpjpj.exe 4352 5vvpp.exe -
resource yara_rule behavioral2/memory/1408-0-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1408-4-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000300000001e97a-3.dat upx behavioral2/files/0x0006000000023270-9.dat upx behavioral2/memory/1628-7-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002341e-11.dat upx behavioral2/files/0x000700000002341f-19.dat upx behavioral2/memory/2932-17-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3868-14-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023420-23.dat upx behavioral2/memory/1444-27-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2380-24-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023421-29.dat upx behavioral2/memory/4236-31-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023422-34.dat upx behavioral2/memory/2936-38-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023423-40.dat upx behavioral2/memory/4236-35-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023424-44.dat upx behavioral2/memory/1340-46-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2028-49-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023425-50.dat upx behavioral2/memory/1256-53-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023426-55.dat upx behavioral2/files/0x0007000000023427-59.dat upx behavioral2/memory/4164-61-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1944-63-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023428-65.dat upx behavioral2/memory/3164-68-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023429-70.dat upx behavioral2/files/0x000700000002342a-74.dat upx behavioral2/files/0x000700000002342b-78.dat upx behavioral2/memory/2596-80-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002342c-84.dat upx behavioral2/memory/3028-82-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002342d-89.dat upx behavioral2/memory/4640-93-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002342f-99.dat upx behavioral2/memory/3256-97-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002342e-95.dat upx behavioral2/memory/3404-90-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3644-102-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023430-104.dat upx behavioral2/files/0x0007000000023431-108.dat upx behavioral2/files/0x0007000000023432-112.dat upx behavioral2/files/0x0007000000023433-116.dat upx behavioral2/memory/1724-117-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023434-121.dat upx behavioral2/files/0x0007000000023435-126.dat upx behavioral2/memory/4852-127-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1328-129-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4852-132-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000800000002341b-131.dat upx behavioral2/files/0x0007000000023436-136.dat upx behavioral2/files/0x0007000000023437-140.dat upx behavioral2/memory/384-142-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023438-145.dat upx behavioral2/memory/1548-148-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023439-150.dat upx behavioral2/memory/3524-152-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002343a-155.dat upx behavioral2/memory/3524-158-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1112-160-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3316-165-0x0000000000400000-0x0000000000427000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1408 wrote to memory of 1628 1408 feda4bec689ec6187b5768d2e5717be62896028b9066aabdf798f8e2f49cb2b5.exe 85 PID 1408 wrote to memory of 1628 1408 feda4bec689ec6187b5768d2e5717be62896028b9066aabdf798f8e2f49cb2b5.exe 85 PID 1408 wrote to memory of 1628 1408 feda4bec689ec6187b5768d2e5717be62896028b9066aabdf798f8e2f49cb2b5.exe 85 PID 1628 wrote to memory of 3868 1628 48666.exe 86 PID 1628 wrote to memory of 3868 1628 48666.exe 86 PID 1628 wrote to memory of 3868 1628 48666.exe 86 PID 3868 wrote to memory of 2932 3868 jddvj.exe 87 PID 3868 wrote to memory of 2932 3868 jddvj.exe 87 PID 3868 wrote to memory of 2932 3868 jddvj.exe 87 PID 2932 wrote to memory of 2380 2932 2622004.exe 88 PID 2932 wrote to memory of 2380 2932 2622004.exe 88 PID 2932 wrote to memory of 2380 2932 2622004.exe 88 PID 2380 wrote to memory of 1444 2380 ddddd.exe 89 PID 2380 wrote to memory of 1444 2380 ddddd.exe 89 PID 2380 wrote to memory of 1444 2380 ddddd.exe 89 PID 1444 wrote to memory of 4236 1444 40664.exe 90 PID 1444 wrote to memory of 4236 1444 40664.exe 90 PID 1444 wrote to memory of 4236 1444 40664.exe 90 PID 4236 wrote to memory of 2936 4236 686044.exe 91 PID 4236 wrote to memory of 2936 4236 686044.exe 91 PID 4236 wrote to memory of 2936 4236 686044.exe 91 PID 2936 wrote to memory of 1340 2936 pjjjd.exe 92 PID 2936 wrote to memory of 1340 2936 pjjjd.exe 92 PID 2936 wrote to memory of 1340 2936 pjjjd.exe 92 PID 1340 wrote to memory of 2028 1340 nbbtnn.exe 93 PID 1340 wrote to memory of 2028 1340 nbbtnn.exe 93 PID 1340 wrote to memory of 2028 1340 nbbtnn.exe 93 PID 2028 wrote to memory of 1256 2028 vjvpj.exe 94 PID 2028 wrote to memory of 1256 2028 vjvpj.exe 94 PID 2028 wrote to memory of 1256 2028 vjvpj.exe 94 PID 1256 wrote to memory of 4164 1256 8460448.exe 95 PID 1256 wrote to memory of 4164 1256 8460448.exe 95 PID 1256 wrote to memory of 4164 1256 8460448.exe 95 PID 4164 wrote to memory of 1944 4164 xrrlfff.exe 96 PID 4164 wrote to memory of 1944 4164 xrrlfff.exe 96 PID 4164 wrote to memory of 1944 4164 xrrlfff.exe 96 PID 1944 wrote to memory of 3164 1944 i660000.exe 97 PID 1944 wrote to memory of 3164 1944 i660000.exe 97 PID 1944 wrote to memory of 3164 1944 i660000.exe 97 PID 3164 wrote to memory of 4228 3164 280488.exe 98 PID 3164 wrote to memory of 4228 3164 280488.exe 98 PID 3164 wrote to memory of 4228 3164 280488.exe 98 PID 4228 wrote to memory of 2596 4228 hthbbb.exe 99 PID 4228 wrote to memory of 2596 4228 hthbbb.exe 99 PID 4228 wrote to memory of 2596 4228 hthbbb.exe 99 PID 2596 wrote to memory of 3028 2596 6220004.exe 100 PID 2596 wrote to memory of 3028 2596 6220004.exe 100 PID 2596 wrote to memory of 3028 2596 6220004.exe 100 PID 3028 wrote to memory of 3404 3028 xrllllr.exe 101 PID 3028 wrote to memory of 3404 3028 xrllllr.exe 101 PID 3028 wrote to memory of 3404 3028 xrllllr.exe 101 PID 3404 wrote to memory of 4640 3404 dvddd.exe 102 PID 3404 wrote to memory of 4640 3404 dvddd.exe 102 PID 3404 wrote to memory of 4640 3404 dvddd.exe 102 PID 4640 wrote to memory of 3256 4640 006044.exe 156 PID 4640 wrote to memory of 3256 4640 006044.exe 156 PID 4640 wrote to memory of 3256 4640 006044.exe 156 PID 3256 wrote to memory of 3644 3256 82204.exe 104 PID 3256 wrote to memory of 3644 3256 82204.exe 104 PID 3256 wrote to memory of 3644 3256 82204.exe 104 PID 3644 wrote to memory of 2064 3644 0848660.exe 105 PID 3644 wrote to memory of 2064 3644 0848660.exe 105 PID 3644 wrote to memory of 2064 3644 0848660.exe 105 PID 2064 wrote to memory of 4160 2064 pdddd.exe 106
Processes
-
C:\Users\Admin\AppData\Local\Temp\feda4bec689ec6187b5768d2e5717be62896028b9066aabdf798f8e2f49cb2b5.exe"C:\Users\Admin\AppData\Local\Temp\feda4bec689ec6187b5768d2e5717be62896028b9066aabdf798f8e2f49cb2b5.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1408 -
\??\c:\48666.exec:\48666.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1628 -
\??\c:\jddvj.exec:\jddvj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3868 -
\??\c:\2622004.exec:\2622004.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2932 -
\??\c:\ddddd.exec:\ddddd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2380 -
\??\c:\40664.exec:\40664.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1444 -
\??\c:\686044.exec:\686044.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4236 -
\??\c:\pjjjd.exec:\pjjjd.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2936 -
\??\c:\nbbtnn.exec:\nbbtnn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1340 -
\??\c:\vjvpj.exec:\vjvpj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2028 -
\??\c:\8460448.exec:\8460448.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1256 -
\??\c:\xrrlfff.exec:\xrrlfff.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4164 -
\??\c:\i660000.exec:\i660000.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1944 -
\??\c:\280488.exec:\280488.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3164 -
\??\c:\hthbbb.exec:\hthbbb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4228 -
\??\c:\6220004.exec:\6220004.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2596 -
\??\c:\xrllllr.exec:\xrllllr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3028 -
\??\c:\dvddd.exec:\dvddd.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3404 -
\??\c:\006044.exec:\006044.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4640 -
\??\c:\82204.exec:\82204.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3256 -
\??\c:\0848660.exec:\0848660.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3644 -
\??\c:\pdddd.exec:\pdddd.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2064 -
\??\c:\hbhbhh.exec:\hbhbhh.exe23⤵
- Executes dropped EXE
PID:4160 -
\??\c:\40486.exec:\40486.exe24⤵
- Executes dropped EXE
PID:1724 -
\??\c:\m4600.exec:\m4600.exe25⤵
- Executes dropped EXE
PID:376 -
\??\c:\82860.exec:\82860.exe26⤵
- Executes dropped EXE
PID:1328 -
\??\c:\rrllrxf.exec:\rrllrxf.exe27⤵
- Executes dropped EXE
PID:4852 -
\??\c:\4260824.exec:\4260824.exe28⤵
- Executes dropped EXE
PID:3076 -
\??\c:\3djvp.exec:\3djvp.exe29⤵
- Executes dropped EXE
PID:384 -
\??\c:\408826.exec:\408826.exe30⤵
- Executes dropped EXE
PID:412 -
\??\c:\xlflxlr.exec:\xlflxlr.exe31⤵
- Executes dropped EXE
PID:1548 -
\??\c:\bttnhh.exec:\bttnhh.exe32⤵
- Executes dropped EXE
PID:3524 -
\??\c:\8600246.exec:\8600246.exe33⤵
- Executes dropped EXE
PID:1112 -
\??\c:\vvvvv.exec:\vvvvv.exe34⤵
- Executes dropped EXE
PID:2296 -
\??\c:\tnhbtt.exec:\tnhbtt.exe35⤵
- Executes dropped EXE
PID:2708 -
\??\c:\224860.exec:\224860.exe36⤵
- Executes dropped EXE
PID:3316 -
\??\c:\2680460.exec:\2680460.exe37⤵
- Executes dropped EXE
PID:3600 -
\??\c:\4642464.exec:\4642464.exe38⤵
- Executes dropped EXE
PID:972 -
\??\c:\q84482.exec:\q84482.exe39⤵
- Executes dropped EXE
PID:1372 -
\??\c:\k42004.exec:\k42004.exe40⤵
- Executes dropped EXE
PID:4516 -
\??\c:\bththt.exec:\bththt.exe41⤵
- Executes dropped EXE
PID:2820 -
\??\c:\88042.exec:\88042.exe42⤵
- Executes dropped EXE
PID:364 -
\??\c:\g0660.exec:\g0660.exe43⤵
- Executes dropped EXE
PID:4500 -
\??\c:\02668.exec:\02668.exe44⤵
- Executes dropped EXE
PID:4768 -
\??\c:\k82084.exec:\k82084.exe45⤵
- Executes dropped EXE
PID:4340 -
\??\c:\606042.exec:\606042.exe46⤵
- Executes dropped EXE
PID:1536 -
\??\c:\c848604.exec:\c848604.exe47⤵
- Executes dropped EXE
PID:1832 -
\??\c:\24480.exec:\24480.exe48⤵
- Executes dropped EXE
PID:3904 -
\??\c:\tnbbhh.exec:\tnbbhh.exe49⤵
- Executes dropped EXE
PID:2300 -
\??\c:\42666.exec:\42666.exe50⤵
- Executes dropped EXE
PID:448 -
\??\c:\264426.exec:\264426.exe51⤵
- Executes dropped EXE
PID:1448 -
\??\c:\044862.exec:\044862.exe52⤵
- Executes dropped EXE
PID:2592 -
\??\c:\dpvpj.exec:\dpvpj.exe53⤵
- Executes dropped EXE
PID:5000 -
\??\c:\nnbhbt.exec:\nnbhbt.exe54⤵
- Executes dropped EXE
PID:1872 -
\??\c:\406600.exec:\406600.exe55⤵
- Executes dropped EXE
PID:3544 -
\??\c:\xffrlfx.exec:\xffrlfx.exe56⤵
- Executes dropped EXE
PID:1108 -
\??\c:\frrfrrl.exec:\frrfrrl.exe57⤵
- Executes dropped EXE
PID:3552 -
\??\c:\m6262.exec:\m6262.exe58⤵
- Executes dropped EXE
PID:3248 -
\??\c:\rlxrxrf.exec:\rlxrxrf.exe59⤵
- Executes dropped EXE
PID:4828 -
\??\c:\fllxrlx.exec:\fllxrlx.exe60⤵
- Executes dropped EXE
PID:400 -
\??\c:\w06600.exec:\w06600.exe61⤵
- Executes dropped EXE
PID:1516 -
\??\c:\6060084.exec:\6060084.exe62⤵
- Executes dropped EXE
PID:2976 -
\??\c:\tnnthh.exec:\tnnthh.exe63⤵
- Executes dropped EXE
PID:3412 -
\??\c:\jpjpj.exec:\jpjpj.exe64⤵
- Executes dropped EXE
PID:4424 -
\??\c:\5vvpp.exec:\5vvpp.exe65⤵
- Executes dropped EXE
PID:4352 -
\??\c:\flrlrrr.exec:\flrlrrr.exe66⤵PID:3948
-
\??\c:\llrfxlf.exec:\llrfxlf.exe67⤵PID:784
-
\??\c:\pjpvd.exec:\pjpvd.exe68⤵PID:4980
-
\??\c:\xrflrrx.exec:\xrflrrx.exe69⤵PID:3928
-
\??\c:\86882.exec:\86882.exe70⤵PID:3256
-
\??\c:\htbbbt.exec:\htbbbt.exe71⤵PID:2160
-
\??\c:\42604.exec:\42604.exe72⤵PID:3604
-
\??\c:\4806828.exec:\4806828.exe73⤵PID:1736
-
\??\c:\jdvpp.exec:\jdvpp.exe74⤵PID:3964
-
\??\c:\7pjdv.exec:\7pjdv.exe75⤵PID:3608
-
\??\c:\2004404.exec:\2004404.exe76⤵PID:2184
-
\??\c:\dvdvp.exec:\dvdvp.exe77⤵PID:4328
-
\??\c:\08264.exec:\08264.exe78⤵PID:2636
-
\??\c:\hbtntt.exec:\hbtntt.exe79⤵PID:3516
-
\??\c:\ffxlfxr.exec:\ffxlfxr.exe80⤵PID:4608
-
\??\c:\pjvpj.exec:\pjvpj.exe81⤵PID:4872
-
\??\c:\7dvjp.exec:\7dvjp.exe82⤵PID:4832
-
\??\c:\822648.exec:\822648.exe83⤵PID:3476
-
\??\c:\1tnhbt.exec:\1tnhbt.exe84⤵PID:1548
-
\??\c:\xfllxxf.exec:\xfllxxf.exe85⤵PID:1928
-
\??\c:\82688.exec:\82688.exe86⤵PID:4512
-
\??\c:\288024.exec:\288024.exe87⤵PID:680
-
\??\c:\8620684.exec:\8620684.exe88⤵PID:2404
-
\??\c:\djvdd.exec:\djvdd.exe89⤵PID:4444
-
\??\c:\tnnhhh.exec:\tnnhhh.exe90⤵PID:3460
-
\??\c:\5djdv.exec:\5djdv.exe91⤵PID:3600
-
\??\c:\484860.exec:\484860.exe92⤵PID:972
-
\??\c:\rxfllxl.exec:\rxfllxl.exe93⤵PID:1648
-
\??\c:\0804642.exec:\0804642.exe94⤵PID:4516
-
\??\c:\dvvpj.exec:\dvvpj.exe95⤵PID:4088
-
\??\c:\dvjdp.exec:\dvjdp.exe96⤵PID:2732
-
\??\c:\46280.exec:\46280.exe97⤵PID:3064
-
\??\c:\nbhbhb.exec:\nbhbhb.exe98⤵PID:3816
-
\??\c:\tthbtb.exec:\tthbtb.exe99⤵PID:3024
-
\??\c:\rxxlxrl.exec:\rxxlxrl.exe100⤵PID:1984
-
\??\c:\vppjv.exec:\vppjv.exe101⤵PID:4656
-
\??\c:\fffrlfx.exec:\fffrlfx.exe102⤵PID:2084
-
\??\c:\3nnnnt.exec:\3nnnnt.exe103⤵PID:1628
-
\??\c:\8802462.exec:\8802462.exe104⤵PID:3052
-
\??\c:\xllxfrf.exec:\xllxfrf.exe105⤵PID:3280
-
\??\c:\82688.exec:\82688.exe106⤵PID:752
-
\??\c:\42608.exec:\42608.exe107⤵PID:2380
-
\??\c:\4640468.exec:\4640468.exe108⤵PID:3556
-
\??\c:\vjpdv.exec:\vjpdv.exe109⤵PID:2284
-
\??\c:\xrlrfxf.exec:\xrlrfxf.exe110⤵PID:4144
-
\??\c:\lrflffx.exec:\lrflffx.exe111⤵PID:1744
-
\??\c:\pjdpp.exec:\pjdpp.exe112⤵PID:2400
-
\??\c:\82006.exec:\82006.exe113⤵PID:1588
-
\??\c:\000466.exec:\000466.exe114⤵PID:2120
-
\??\c:\60660.exec:\60660.exe115⤵PID:4148
-
\??\c:\nttnhb.exec:\nttnhb.exe116⤵PID:400
-
\??\c:\lffxrll.exec:\lffxrll.exe117⤵PID:2660
-
\??\c:\82444.exec:\82444.exe118⤵PID:2288
-
\??\c:\66208.exec:\66208.exe119⤵PID:3412
-
\??\c:\vpvpp.exec:\vpvpp.exe120⤵PID:2780
-
\??\c:\vvpdp.exec:\vvpdp.exe121⤵PID:4636
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-