Analysis
-
max time kernel
8s -
max time network
9s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
01-05-2024 00:52
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
93487076b45f16fa3ddaa2a81793b0c1d85bcacb7a0d3b70d55555e7fba466f9.exe
Resource
win7-20240221-en
windows7-x64
6 signatures
150 seconds
Errors
Reason
Machine shutdown
General
-
Target
93487076b45f16fa3ddaa2a81793b0c1d85bcacb7a0d3b70d55555e7fba466f9.exe
-
Size
94KB
-
MD5
70b43b60e16400939b9b137c7cfb09b5
-
SHA1
80b1ebfb7a31e460001e3db91cfc8aa925ff015a
-
SHA256
93487076b45f16fa3ddaa2a81793b0c1d85bcacb7a0d3b70d55555e7fba466f9
-
SHA512
f94af7c94d4b2ba1c5d98445d3b17af7a5b6a7bee28a33f132ba3fb95c89bdd1a8f08baf3c409c6ca494235f775abf137979e54eb104ba767f854b64cac72344
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDInWeNCYGyA2R7JxJAg8dtQ:ymb3NkkiQ3mdBjFIWeFGyAsJAg2Q
Malware Config
Signatures
-
Detect Blackmoon payload 27 IoCs
resource yara_rule behavioral2/memory/1536-2-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1536-3-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3920-9-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5064-17-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4280-24-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3288-31-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4632-45-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2476-53-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1356-61-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2400-68-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1324-75-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/220-83-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4684-90-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4004-102-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3324-108-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3356-114-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5028-120-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4048-132-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4460-138-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1700-144-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4160-150-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/436-157-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4336-179-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1404-186-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/772-191-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/536-198-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3924-203-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 27 IoCs
resource yara_rule behavioral2/memory/1536-2-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/1536-3-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/3920-9-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/5064-17-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4280-24-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/3288-31-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4632-45-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/2476-53-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/1356-61-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/2400-68-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/1324-75-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/220-83-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4684-90-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4004-102-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/3324-108-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/3356-114-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/5028-120-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4048-132-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4460-138-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/1700-144-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4160-150-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/436-157-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4336-179-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/1404-186-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/772-191-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/536-198-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/3924-203-0x0000000000400000-0x0000000000429000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 3920 5hnntt.exe 5064 thnhhh.exe 4280 9ddvj.exe 3288 fxxrrxr.exe 4996 ttttnn.exe 4632 nbhbnn.exe 2476 ppddj.exe 1356 vdddp.exe 2400 fxlflff.exe 1324 3hbtnn.exe 220 jvvdp.exe 4684 rlllfrr.exe 3336 lfrlffx.exe 4004 bbbtbb.exe 3324 dpddp.exe 3356 fflxflx.exe 5028 bhbttt.exe 2396 jpddp.exe 4048 xffxlll.exe 4460 1xffrrl.exe 1700 tttntt.exe 4160 dvddv.exe 436 lfrlfxx.exe 2064 xrxxrrl.exe 3468 nhthhn.exe 872 vjvpj.exe 4336 vjpdv.exe 1404 xlllxxr.exe 772 3nnhhh.exe 536 nnnhbb.exe 3924 vpjdv.exe 4576 rrfxxlf.exe 4820 thbbnn.exe 4936 pvpdp.exe 4400 9vdvj.exe 2800 lfxxrrr.exe 4864 httnhh.exe 3004 nhbtnh.exe 4220 vvpjv.exe 5044 jdvpv.exe 4996 ffffrlx.exe 3604 xlllffx.exe 1164 thhhhh.exe 2024 bbhbtb.exe 2508 ddvvj.exe 4120 jddpj.exe 4832 jvpjd.exe 1324 1xfxlll.exe 1392 nhtnhn.exe 2384 btbbbb.exe 5016 7pvpd.exe 904 xxrlfrl.exe 848 5pdvp.exe 4416 rxllxff.exe 3324 tnnnbb.exe 4508 pvdjd.exe 4740 rflfxxx.exe 3440 pdjjd.exe 368 vvdvj.exe 4048 xrffrxr.exe 3456 nbbnhh.exe 608 9ppjv.exe 3360 llxrffx.exe 3224 xrxxxxr.exe -
resource yara_rule behavioral2/memory/1536-2-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1536-3-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3920-9-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5064-17-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4280-24-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3288-31-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4632-45-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2476-53-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1356-61-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2400-68-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1324-75-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/220-83-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4684-90-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4004-102-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3324-108-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3356-114-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5028-120-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4048-132-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4460-138-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1700-144-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4160-150-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/436-157-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4336-179-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1404-186-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/772-191-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/536-198-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3924-203-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1536 wrote to memory of 3920 1536 93487076b45f16fa3ddaa2a81793b0c1d85bcacb7a0d3b70d55555e7fba466f9.exe 86 PID 1536 wrote to memory of 3920 1536 93487076b45f16fa3ddaa2a81793b0c1d85bcacb7a0d3b70d55555e7fba466f9.exe 86 PID 1536 wrote to memory of 3920 1536 93487076b45f16fa3ddaa2a81793b0c1d85bcacb7a0d3b70d55555e7fba466f9.exe 86 PID 3920 wrote to memory of 5064 3920 5hnntt.exe 87 PID 3920 wrote to memory of 5064 3920 5hnntt.exe 87 PID 3920 wrote to memory of 5064 3920 5hnntt.exe 87 PID 5064 wrote to memory of 4280 5064 thnhhh.exe 88 PID 5064 wrote to memory of 4280 5064 thnhhh.exe 88 PID 5064 wrote to memory of 4280 5064 thnhhh.exe 88 PID 4280 wrote to memory of 3288 4280 9ddvj.exe 89 PID 4280 wrote to memory of 3288 4280 9ddvj.exe 89 PID 4280 wrote to memory of 3288 4280 9ddvj.exe 89 PID 3288 wrote to memory of 4996 3288 fxxrrxr.exe 90 PID 3288 wrote to memory of 4996 3288 fxxrrxr.exe 90 PID 3288 wrote to memory of 4996 3288 fxxrrxr.exe 90 PID 4996 wrote to memory of 4632 4996 ttttnn.exe 91 PID 4996 wrote to memory of 4632 4996 ttttnn.exe 91 PID 4996 wrote to memory of 4632 4996 ttttnn.exe 91 PID 4632 wrote to memory of 2476 4632 nbhbnn.exe 92 PID 4632 wrote to memory of 2476 4632 nbhbnn.exe 92 PID 4632 wrote to memory of 2476 4632 nbhbnn.exe 92 PID 2476 wrote to memory of 1356 2476 ppddj.exe 93 PID 2476 wrote to memory of 1356 2476 ppddj.exe 93 PID 2476 wrote to memory of 1356 2476 ppddj.exe 93 PID 1356 wrote to memory of 2400 1356 vdddp.exe 94 PID 1356 wrote to memory of 2400 1356 vdddp.exe 94 PID 1356 wrote to memory of 2400 1356 vdddp.exe 94 PID 2400 wrote to memory of 1324 2400 fxlflff.exe 95 PID 2400 wrote to memory of 1324 2400 fxlflff.exe 95 PID 2400 wrote to memory of 1324 2400 fxlflff.exe 95 PID 1324 wrote to memory of 220 1324 3hbtnn.exe 96 PID 1324 wrote to memory of 220 1324 3hbtnn.exe 96 PID 1324 wrote to memory of 220 1324 3hbtnn.exe 96 PID 220 wrote to memory of 4684 220 jvvdp.exe 97 PID 220 wrote to memory of 4684 220 jvvdp.exe 97 PID 220 wrote to memory of 4684 220 jvvdp.exe 97 PID 4684 wrote to memory of 3336 4684 rlllfrr.exe 98 PID 4684 wrote to memory of 3336 4684 rlllfrr.exe 98 PID 4684 wrote to memory of 3336 4684 rlllfrr.exe 98 PID 3336 wrote to memory of 4004 3336 lfrlffx.exe 99 PID 3336 wrote to memory of 4004 3336 lfrlffx.exe 99 PID 3336 wrote to memory of 4004 3336 lfrlffx.exe 99 PID 4004 wrote to memory of 3324 4004 bbbtbb.exe 100 PID 4004 wrote to memory of 3324 4004 bbbtbb.exe 100 PID 4004 wrote to memory of 3324 4004 bbbtbb.exe 100 PID 3324 wrote to memory of 3356 3324 dpddp.exe 101 PID 3324 wrote to memory of 3356 3324 dpddp.exe 101 PID 3324 wrote to memory of 3356 3324 dpddp.exe 101 PID 3356 wrote to memory of 5028 3356 fflxflx.exe 102 PID 3356 wrote to memory of 5028 3356 fflxflx.exe 102 PID 3356 wrote to memory of 5028 3356 fflxflx.exe 102 PID 5028 wrote to memory of 2396 5028 bhbttt.exe 103 PID 5028 wrote to memory of 2396 5028 bhbttt.exe 103 PID 5028 wrote to memory of 2396 5028 bhbttt.exe 103 PID 2396 wrote to memory of 4048 2396 jpddp.exe 104 PID 2396 wrote to memory of 4048 2396 jpddp.exe 104 PID 2396 wrote to memory of 4048 2396 jpddp.exe 104 PID 4048 wrote to memory of 4460 4048 xffxlll.exe 105 PID 4048 wrote to memory of 4460 4048 xffxlll.exe 105 PID 4048 wrote to memory of 4460 4048 xffxlll.exe 105 PID 4460 wrote to memory of 1700 4460 1xffrrl.exe 106 PID 4460 wrote to memory of 1700 4460 1xffrrl.exe 106 PID 4460 wrote to memory of 1700 4460 1xffrrl.exe 106 PID 1700 wrote to memory of 4160 1700 tttntt.exe 107
Processes
-
C:\Users\Admin\AppData\Local\Temp\93487076b45f16fa3ddaa2a81793b0c1d85bcacb7a0d3b70d55555e7fba466f9.exe"C:\Users\Admin\AppData\Local\Temp\93487076b45f16fa3ddaa2a81793b0c1d85bcacb7a0d3b70d55555e7fba466f9.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1536 -
\??\c:\5hnntt.exec:\5hnntt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3920 -
\??\c:\thnhhh.exec:\thnhhh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5064 -
\??\c:\9ddvj.exec:\9ddvj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4280 -
\??\c:\fxxrrxr.exec:\fxxrrxr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3288 -
\??\c:\ttttnn.exec:\ttttnn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4996 -
\??\c:\nbhbnn.exec:\nbhbnn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4632 -
\??\c:\ppddj.exec:\ppddj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2476 -
\??\c:\vdddp.exec:\vdddp.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1356 -
\??\c:\fxlflff.exec:\fxlflff.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2400 -
\??\c:\3hbtnn.exec:\3hbtnn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1324 -
\??\c:\jvvdp.exec:\jvvdp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:220 -
\??\c:\rlllfrr.exec:\rlllfrr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4684 -
\??\c:\lfrlffx.exec:\lfrlffx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3336 -
\??\c:\bbbtbb.exec:\bbbtbb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4004 -
\??\c:\dpddp.exec:\dpddp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3324 -
\??\c:\fflxflx.exec:\fflxflx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3356 -
\??\c:\bhbttt.exec:\bhbttt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5028 -
\??\c:\jpddp.exec:\jpddp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2396 -
\??\c:\xffxlll.exec:\xffxlll.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4048 -
\??\c:\1xffrrl.exec:\1xffrrl.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4460 -
\??\c:\tttntt.exec:\tttntt.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1700 -
\??\c:\dvddv.exec:\dvddv.exe23⤵
- Executes dropped EXE
PID:4160 -
\??\c:\lfrlfxx.exec:\lfrlfxx.exe24⤵
- Executes dropped EXE
PID:436 -
\??\c:\xrxxrrl.exec:\xrxxrrl.exe25⤵
- Executes dropped EXE
PID:2064 -
\??\c:\nhthhn.exec:\nhthhn.exe26⤵
- Executes dropped EXE
PID:3468 -
\??\c:\vjvpj.exec:\vjvpj.exe27⤵
- Executes dropped EXE
PID:872 -
\??\c:\vjpdv.exec:\vjpdv.exe28⤵
- Executes dropped EXE
PID:4336 -
\??\c:\xlllxxr.exec:\xlllxxr.exe29⤵
- Executes dropped EXE
PID:1404 -
\??\c:\3nnhhh.exec:\3nnhhh.exe30⤵
- Executes dropped EXE
PID:772 -
\??\c:\nnnhbb.exec:\nnnhbb.exe31⤵
- Executes dropped EXE
PID:536 -
\??\c:\vpjdv.exec:\vpjdv.exe32⤵
- Executes dropped EXE
PID:3924 -
\??\c:\rrfxxlf.exec:\rrfxxlf.exe33⤵
- Executes dropped EXE
PID:4576 -
\??\c:\thbbnn.exec:\thbbnn.exe34⤵
- Executes dropped EXE
PID:4820 -
\??\c:\pvpdp.exec:\pvpdp.exe35⤵
- Executes dropped EXE
PID:4936 -
\??\c:\9vdvj.exec:\9vdvj.exe36⤵
- Executes dropped EXE
PID:4400 -
\??\c:\lfxxrrr.exec:\lfxxrrr.exe37⤵
- Executes dropped EXE
PID:2800 -
\??\c:\httnhh.exec:\httnhh.exe38⤵
- Executes dropped EXE
PID:4864 -
\??\c:\nhbtnh.exec:\nhbtnh.exe39⤵
- Executes dropped EXE
PID:3004 -
\??\c:\vvpjv.exec:\vvpjv.exe40⤵
- Executes dropped EXE
PID:4220 -
\??\c:\jdvpv.exec:\jdvpv.exe41⤵
- Executes dropped EXE
PID:5044 -
\??\c:\ffffrlx.exec:\ffffrlx.exe42⤵
- Executes dropped EXE
PID:4996 -
\??\c:\xlllffx.exec:\xlllffx.exe43⤵
- Executes dropped EXE
PID:3604 -
\??\c:\thhhhh.exec:\thhhhh.exe44⤵
- Executes dropped EXE
PID:1164 -
\??\c:\bbhbtb.exec:\bbhbtb.exe45⤵
- Executes dropped EXE
PID:2024 -
\??\c:\ddvvj.exec:\ddvvj.exe46⤵
- Executes dropped EXE
PID:2508 -
\??\c:\jddpj.exec:\jddpj.exe47⤵
- Executes dropped EXE
PID:4120 -
\??\c:\jvpjd.exec:\jvpjd.exe48⤵
- Executes dropped EXE
PID:4832 -
\??\c:\1xfxlll.exec:\1xfxlll.exe49⤵
- Executes dropped EXE
PID:1324 -
\??\c:\nhtnhn.exec:\nhtnhn.exe50⤵
- Executes dropped EXE
PID:1392 -
\??\c:\btbbbb.exec:\btbbbb.exe51⤵
- Executes dropped EXE
PID:2384 -
\??\c:\7pvpd.exec:\7pvpd.exe52⤵
- Executes dropped EXE
PID:5016 -
\??\c:\xxrlfrl.exec:\xxrlfrl.exe53⤵
- Executes dropped EXE
PID:904 -
\??\c:\5pdvp.exec:\5pdvp.exe54⤵
- Executes dropped EXE
PID:848 -
\??\c:\rxllxff.exec:\rxllxff.exe55⤵
- Executes dropped EXE
PID:4416 -
\??\c:\tnnnbb.exec:\tnnnbb.exe56⤵
- Executes dropped EXE
PID:3324 -
\??\c:\pvdjd.exec:\pvdjd.exe57⤵
- Executes dropped EXE
PID:4508 -
\??\c:\rflfxxx.exec:\rflfxxx.exe58⤵
- Executes dropped EXE
PID:4740 -
\??\c:\pdjjd.exec:\pdjjd.exe59⤵
- Executes dropped EXE
PID:3440 -
\??\c:\vvdvj.exec:\vvdvj.exe60⤵
- Executes dropped EXE
PID:368 -
\??\c:\xrffrxr.exec:\xrffrxr.exe61⤵
- Executes dropped EXE
PID:4048 -
\??\c:\nbbnhh.exec:\nbbnhh.exe62⤵
- Executes dropped EXE
PID:3456 -
\??\c:\9ppjv.exec:\9ppjv.exe63⤵
- Executes dropped EXE
PID:608 -
\??\c:\llxrffx.exec:\llxrffx.exe64⤵
- Executes dropped EXE
PID:3360 -
\??\c:\xrxxxxr.exec:\xrxxxxr.exe65⤵
- Executes dropped EXE
PID:3224 -
\??\c:\tbnnnn.exec:\tbnnnn.exe66⤵PID:4924
-
\??\c:\1vvpj.exec:\1vvpj.exe67⤵PID:2424
-
\??\c:\xxxxrrl.exec:\xxxxrrl.exe68⤵PID:3180
-
\??\c:\xlxxrrx.exec:\xlxxrrx.exe69⤵PID:4480
-
\??\c:\hbbhht.exec:\hbbhht.exe70⤵PID:2796
-
\??\c:\djppj.exec:\djppj.exe71⤵PID:4336
-
\??\c:\fxxxxxf.exec:\fxxxxxf.exe72⤵PID:2348
-
\??\c:\hhhbnn.exec:\hhhbnn.exe73⤵PID:4644
-
\??\c:\nhtnhb.exec:\nhtnhb.exe74⤵PID:1072
-
\??\c:\jdjjj.exec:\jdjjj.exe75⤵PID:4232
-
\??\c:\rxfflrl.exec:\rxfflrl.exe76⤵PID:3924
-
\??\c:\rrxrfff.exec:\rrxrfff.exe77⤵PID:2784
-
\??\c:\bntnnt.exec:\bntnnt.exe78⤵PID:1504
-
\??\c:\btbtnh.exec:\btbtnh.exe79⤵PID:4976
-
\??\c:\pvjdp.exec:\pvjdp.exe80⤵PID:4820
-
\??\c:\rxrfrlf.exec:\rxrfrlf.exe81⤵PID:4988
-
\??\c:\flfxrlr.exec:\flfxrlr.exe82⤵PID:1232
-
\??\c:\nbthbt.exec:\nbthbt.exe83⤵PID:2272
-
\??\c:\bnnbnh.exec:\bnnbnh.exe84⤵PID:3728
-
\??\c:\djjvp.exec:\djjvp.exe85⤵PID:1660
-
\??\c:\jdvpd.exec:\jdvpd.exe86⤵PID:2060
-
\??\c:\7rrlrrl.exec:\7rrlrrl.exe87⤵PID:3628
-
\??\c:\frrflfx.exec:\frrflfx.exe88⤵PID:748
-
\??\c:\hbthbt.exec:\hbthbt.exe89⤵PID:3604
-
\??\c:\hnhbnn.exec:\hnhbnn.exe90⤵PID:2388
-
\??\c:\7ppjd.exec:\7ppjd.exe91⤵PID:652
-
\??\c:\3jjdp.exec:\3jjdp.exe92⤵PID:2496
-
\??\c:\5llrllf.exec:\5llrllf.exe93⤵PID:4464
-
\??\c:\tntnnn.exec:\tntnnn.exe94⤵PID:4664
-
\??\c:\7bhbnn.exec:\7bhbnn.exe95⤵PID:4624
-
\??\c:\5vjdp.exec:\5vjdp.exe96⤵PID:3752
-
\??\c:\xxfrlfx.exec:\xxfrlfx.exe97⤵PID:1684
-
\??\c:\fllfrlf.exec:\fllfrlf.exe98⤵PID:972
-
\??\c:\tbhbtn.exec:\tbhbtn.exe99⤵PID:4448
-
\??\c:\vvvpp.exec:\vvvpp.exe100⤵PID:2300
-
\??\c:\vvpjd.exec:\vvpjd.exe101⤵PID:1088
-
\??\c:\fxrxllr.exec:\fxrxllr.exe102⤵PID:1288
-
\??\c:\3llfxxr.exec:\3llfxxr.exe103⤵PID:4068
-
\??\c:\bnbbtn.exec:\bnbbtn.exe104⤵PID:5028
-
\??\c:\bttnbb.exec:\bttnbb.exe105⤵PID:636
-
\??\c:\5djvj.exec:\5djvj.exe106⤵PID:2552
-
\??\c:\rrxxffr.exec:\rrxxffr.exe107⤵PID:1264
-
\??\c:\frrlfxr.exec:\frrlfxr.exe108⤵PID:3828
-
\??\c:\nnnhhh.exec:\nnnhhh.exe109⤵PID:3104
-
\??\c:\ttbthb.exec:\ttbthb.exe110⤵PID:4368
-
\??\c:\vdvpd.exec:\vdvpd.exe111⤵PID:3620
-
\??\c:\dpdjj.exec:\dpdjj.exe112⤵PID:880
-
\??\c:\5lxrffl.exec:\5lxrffl.exe113⤵PID:680
-
\??\c:\7nttbb.exec:\7nttbb.exe114⤵PID:4032
-
\??\c:\btbttn.exec:\btbttn.exe115⤵PID:4776
-
\??\c:\pjjdd.exec:\pjjdd.exe116⤵PID:3328
-
\??\c:\jddvp.exec:\jddvp.exe117⤵PID:4336
-
\??\c:\lxxlxxl.exec:\lxxlxxl.exe118⤵PID:2348
-
\??\c:\xflrlff.exec:\xflrlff.exe119⤵PID:3720
-
\??\c:\nbhhhh.exec:\nbhhhh.exe120⤵PID:1072
-
\??\c:\pvdvp.exec:\pvdvp.exe121⤵PID:4232
-
\??\c:\jjdvj.exec:\jjdvj.exe122⤵PID:3236
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-