984328a414d599a273176939ab8022dcbab814b929dc9d9ff1b77d939014d652

Analysis

max time kernel
150s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15/05/2024, 11:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

45f139e8bbb689b188d17e55d0dca22f_JaffaCakes118.exe
Size

39KB
MD5

45f139e8bbb689b188d17e55d0dca22f
SHA1

322af0a74e4d750170a4aca067446df69d186a78
SHA256

984328a414d599a273176939ab8022dcbab814b929dc9d9ff1b77d939014d652
SHA512

44ae713b1803251bc8bb7965e0785301bbd76b80b5b65f0b8e9df16bf0f1c2ea07efe1c51a10a33d8647ab0c1d6854d44e268cf7b8292806cb9414b60bf1c96b
SSDEEP

768:KOxZOgIryM1P3oO2y8UN2ivcTTJlu71TFA9nn0OjDDdmo/SK2OURvXZX38mZUaFy:nSgy19JSVO1ONn511/tivXZnVGas

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

pid	Process
2192	hvlbb.exe
2864	nbjxfpb.exe
2996	xrtxp.exe
2608	nthjlr.exe
2292	fxfxhn.exe
2636	rhhdjd.exe
2740	vdjnpb.exe
2532	rhjprb.exe
2376	jdvdl.exe
2868	pxhrvt.exe
1652	fjddrxr.exe
1396	lnbbr.exe
1188	tbvtxp.exe
1916	prhrt.exe
2588	vtfbrpf.exe
2540	tdjhp.exe
2040	bvbfx.exe
1636	bbhdf.exe
1800	nrdtb.exe
2032	lpxprtb.exe
1128	pvxxx.exe
2352	bhxhhbd.exe
2908	trrprdn.exe
800	bvjthdb.exe
324	lfhpxn.exe
1708	hjpjxrp.exe
2812	lrjlt.exe
2280	nrphvb.exe
2156	pppddp.exe
2196	pblxfxh.exe
632	bdhxp.exe
1552	fhdntp.exe
1616	fvnfv.exe
1544	xndlhr.exe
2284	nlvth.exe
1992	vrtlrl.exe
2556	hrbbtr.exe
2916	bnblb.exe
1684	thbnd.exe
1772	tjlfd.exe
1728	tvfnr.exe
1704	brxhd.exe
2888	pfvbt.exe
2680	hvvrd.exe
3032	rbhnnb.exe
2492	dptnrrn.exe
2668	jdvjxpl.exe
2524	nltlh.exe
2604	bblbnr.exe
2592	lvrftlt.exe
2684	ddnbdf.exe
2232	hnhlhl.exe
2368	dnjprlp.exe
1964	xbrfjhv.exe
1696	ddnlj.exe
1592	plnvhxh.exe
548	ptxbphn.exe
1384	vpbjd.exe
884	jxrttl.exe
880	hnllf.exe
1200	hjfjxrd.exe
2584	pbdflx.exe
2596	frttx.exe
2540	hrhhxhn.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2888 wrote to memory of 2192	2888	45f139e8bbb689b188d17e55d0dca22f_JaffaCakes118.exe	28
PID 2888 wrote to memory of 2192	2888	45f139e8bbb689b188d17e55d0dca22f_JaffaCakes118.exe	28
PID 2888 wrote to memory of 2192	2888	45f139e8bbb689b188d17e55d0dca22f_JaffaCakes118.exe	28
PID 2888 wrote to memory of 2192	2888	45f139e8bbb689b188d17e55d0dca22f_JaffaCakes118.exe	28
PID 2192 wrote to memory of 2864	2192	hvlbb.exe	29
PID 2192 wrote to memory of 2864	2192	hvlbb.exe	29
PID 2192 wrote to memory of 2864	2192	hvlbb.exe	29
PID 2192 wrote to memory of 2864	2192	hvlbb.exe	29
PID 2864 wrote to memory of 2996	2864	nbjxfpb.exe	30
PID 2864 wrote to memory of 2996	2864	nbjxfpb.exe	30
PID 2864 wrote to memory of 2996	2864	nbjxfpb.exe	30
PID 2864 wrote to memory of 2996	2864	nbjxfpb.exe	30
PID 2996 wrote to memory of 2608	2996	xrtxp.exe	31
PID 2996 wrote to memory of 2608	2996	xrtxp.exe	31
PID 2996 wrote to memory of 2608	2996	xrtxp.exe	31
PID 2996 wrote to memory of 2608	2996	xrtxp.exe	31
PID 2608 wrote to memory of 2292	2608	nthjlr.exe	32
PID 2608 wrote to memory of 2292	2608	nthjlr.exe	32
PID 2608 wrote to memory of 2292	2608	nthjlr.exe	32
PID 2608 wrote to memory of 2292	2608	nthjlr.exe	32
PID 2292 wrote to memory of 2636	2292	fxfxhn.exe	33
PID 2292 wrote to memory of 2636	2292	fxfxhn.exe	33
PID 2292 wrote to memory of 2636	2292	fxfxhn.exe	33
PID 2292 wrote to memory of 2636	2292	fxfxhn.exe	33
PID 2636 wrote to memory of 2740	2636	rhhdjd.exe	34
PID 2636 wrote to memory of 2740	2636	rhhdjd.exe	34
PID 2636 wrote to memory of 2740	2636	rhhdjd.exe	34
PID 2636 wrote to memory of 2740	2636	rhhdjd.exe	34
PID 2740 wrote to memory of 2532	2740	vdjnpb.exe	35
PID 2740 wrote to memory of 2532	2740	vdjnpb.exe	35
PID 2740 wrote to memory of 2532	2740	vdjnpb.exe	35
PID 2740 wrote to memory of 2532	2740	vdjnpb.exe	35
PID 2532 wrote to memory of 2376	2532	rhjprb.exe	36
PID 2532 wrote to memory of 2376	2532	rhjprb.exe	36
PID 2532 wrote to memory of 2376	2532	rhjprb.exe	36
PID 2532 wrote to memory of 2376	2532	rhjprb.exe	36
PID 2376 wrote to memory of 2868	2376	jdvdl.exe	37
PID 2376 wrote to memory of 2868	2376	jdvdl.exe	37
PID 2376 wrote to memory of 2868	2376	jdvdl.exe	37
PID 2376 wrote to memory of 2868	2376	jdvdl.exe	37
PID 2868 wrote to memory of 1652	2868	pxhrvt.exe	38
PID 2868 wrote to memory of 1652	2868	pxhrvt.exe	38
PID 2868 wrote to memory of 1652	2868	pxhrvt.exe	38
PID 2868 wrote to memory of 1652	2868	pxhrvt.exe	38
PID 1652 wrote to memory of 1396	1652	fjddrxr.exe	39
PID 1652 wrote to memory of 1396	1652	fjddrxr.exe	39
PID 1652 wrote to memory of 1396	1652	fjddrxr.exe	39
PID 1652 wrote to memory of 1396	1652	fjddrxr.exe	39
PID 1396 wrote to memory of 1188	1396	lnbbr.exe	40
PID 1396 wrote to memory of 1188	1396	lnbbr.exe	40
PID 1396 wrote to memory of 1188	1396	lnbbr.exe	40
PID 1396 wrote to memory of 1188	1396	lnbbr.exe	40
PID 1188 wrote to memory of 1916	1188	tbvtxp.exe	41
PID 1188 wrote to memory of 1916	1188	tbvtxp.exe	41
PID 1188 wrote to memory of 1916	1188	tbvtxp.exe	41
PID 1188 wrote to memory of 1916	1188	tbvtxp.exe	41
PID 1916 wrote to memory of 2588	1916	prhrt.exe	42
PID 1916 wrote to memory of 2588	1916	prhrt.exe	42
PID 1916 wrote to memory of 2588	1916	prhrt.exe	42
PID 1916 wrote to memory of 2588	1916	prhrt.exe	42
PID 2588 wrote to memory of 2540	2588	vtfbrpf.exe	43
PID 2588 wrote to memory of 2540	2588	vtfbrpf.exe	43
PID 2588 wrote to memory of 2540	2588	vtfbrpf.exe	43
PID 2588 wrote to memory of 2540	2588	vtfbrpf.exe	43

C:\Users\Admin\AppData\Local\Temp\45f139e8bbb689b188d17e55d0dca22f_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\45f139e8bbb689b188d17e55d0dca22f_JaffaCakes118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2888
- \??\c:\hvlbb.exe
  c:\hvlbb.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:2192
- - \??\c:\nbjxfpb.exe
    c:\nbjxfpb.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:2864
  - - \??\c:\xrtxp.exe
      c:\xrtxp.exe
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:2996
    - - \??\c:\nthjlr.exe
        
        c:\nthjlr.exe
        5⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2608
      - \??\c:\fxfxhn.exe
        
        c:\fxfxhn.exe
        6⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2292
        
        \??\c:\rhhdjd.exe
        
        c:\rhhdjd.exe
        7⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2636
        
        \??\c:\vdjnpb.exe
        
        c:\vdjnpb.exe
        8⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2740
        
        \??\c:\rhjprb.exe
        
        c:\rhjprb.exe
        9⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2532
        
        \??\c:\jdvdl.exe
        
        c:\jdvdl.exe
        10⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2376
        
        \??\c:\pxhrvt.exe
        
        c:\pxhrvt.exe
        11⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2868
        
        \??\c:\fjddrxr.exe
        
        c:\fjddrxr.exe
        12⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1652
        
        \??\c:\lnbbr.exe
        
        c:\lnbbr.exe
        13⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1396
        
        \??\c:\tbvtxp.exe
        
        c:\tbvtxp.exe
        14⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1188
        
        \??\c:\prhrt.exe
        
        c:\prhrt.exe
        15⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1916
        
        \??\c:\vtfbrpf.exe
        
        c:\vtfbrpf.exe
        16⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2588
        
        \??\c:\tdjhp.exe
        
        c:\tdjhp.exe
        17⤵
        Executes dropped EXE
        
        PID:2540
        
        \??\c:\bvbfx.exe
        
        c:\bvbfx.exe
        18⤵
        Executes dropped EXE
        
        PID:2040
        
        \??\c:\bbhdf.exe
        
        c:\bbhdf.exe
        19⤵
        Executes dropped EXE
        
        PID:1636
        
        \??\c:\nrdtb.exe
        
        c:\nrdtb.exe
        20⤵
        Executes dropped EXE
        
        PID:1800
        
        \??\c:\lpxprtb.exe
        
        c:\lpxprtb.exe
        21⤵
        Executes dropped EXE
        
        PID:2032
        
        \??\c:\pvxxx.exe
        
        c:\pvxxx.exe
        22⤵
        Executes dropped EXE
        
        PID:1128
        
        \??\c:\bhxhhbd.exe
        
        c:\bhxhhbd.exe
        23⤵
        Executes dropped EXE
        
        PID:2352
        
        \??\c:\trrprdn.exe
        
        c:\trrprdn.exe
        24⤵
        Executes dropped EXE
        
        PID:2908
        
        \??\c:\bvjthdb.exe
        
        c:\bvjthdb.exe
        25⤵
        Executes dropped EXE
        
        PID:800
        
        \??\c:\lfhpxn.exe
        
        c:\lfhpxn.exe
        26⤵
        Executes dropped EXE
        
        PID:324
        
        \??\c:\hjpjxrp.exe
        
        c:\hjpjxrp.exe
        27⤵
        Executes dropped EXE
        
        PID:1708
        
        \??\c:\lrjlt.exe
        
        c:\lrjlt.exe
        28⤵
        Executes dropped EXE
        
        PID:2812
        
        \??\c:\nrphvb.exe
        
        c:\nrphvb.exe
        29⤵
        Executes dropped EXE
        
        PID:2280
        
        \??\c:\pppddp.exe
        
        c:\pppddp.exe
        30⤵
        Executes dropped EXE
        
        PID:2156
        
        \??\c:\pblxfxh.exe
        
        c:\pblxfxh.exe
        31⤵
        Executes dropped EXE
        
        PID:2196
        
        \??\c:\bdhxp.exe
        
        c:\bdhxp.exe
        32⤵
        Executes dropped EXE
        
        PID:632
        
        \??\c:\fhdntp.exe
        
        c:\fhdntp.exe
        33⤵
        Executes dropped EXE
        
        PID:1552
        
        \??\c:\fvnfv.exe
        
        c:\fvnfv.exe
        34⤵
        Executes dropped EXE
        
        PID:1616
        
        \??\c:\xndlhr.exe
        
        c:\xndlhr.exe
        35⤵
        Executes dropped EXE
        
        PID:1544
        
        \??\c:\nlvth.exe
        
        c:\nlvth.exe
        36⤵
        Executes dropped EXE
        
        PID:2284
        
        \??\c:\vrtlrl.exe
        
        c:\vrtlrl.exe
        37⤵
        Executes dropped EXE
        
        PID:1992
        
        \??\c:\hrbbtr.exe
        
        c:\hrbbtr.exe
        38⤵
        Executes dropped EXE
        
        PID:2556
        
        \??\c:\bnblb.exe
        
        c:\bnblb.exe
        39⤵
        Executes dropped EXE
        
        PID:2916
        
        \??\c:\thbnd.exe
        
        c:\thbnd.exe
        40⤵
        Executes dropped EXE
        
        PID:1684
        
        \??\c:\tjlfd.exe
        
        c:\tjlfd.exe
        41⤵
        Executes dropped EXE
        
        PID:1772
        
        \??\c:\tvfnr.exe
        
        c:\tvfnr.exe
        42⤵
        Executes dropped EXE
        
        PID:1728
        
        \??\c:\brxhd.exe
        
        c:\brxhd.exe
        43⤵
        Executes dropped EXE
        
        PID:1704
        
        \??\c:\pfvbt.exe
        
        c:\pfvbt.exe
        44⤵
        Executes dropped EXE
        
        PID:2888
        
        \??\c:\hvvrd.exe
        
        c:\hvvrd.exe
        45⤵
        Executes dropped EXE
        
        PID:2680
        
        \??\c:\rbhnnb.exe
        
        c:\rbhnnb.exe
        46⤵
        Executes dropped EXE
        
        PID:3032
        
        \??\c:\dptnrrn.exe
        
        c:\dptnrrn.exe
        47⤵
        Executes dropped EXE
        
        PID:2492
        
        \??\c:\jdvjxpl.exe
        
        c:\jdvjxpl.exe
        48⤵
        Executes dropped EXE
        
        PID:2668
        
        \??\c:\nltlh.exe
        
        c:\nltlh.exe
        49⤵
        Executes dropped EXE
        
        PID:2524
        
        \??\c:\bblbnr.exe
        
        c:\bblbnr.exe
        50⤵
        Executes dropped EXE
        
        PID:2604
        
        \??\c:\lvrftlt.exe
        
        c:\lvrftlt.exe
        51⤵
        Executes dropped EXE
        
        PID:2592
        
        \??\c:\ddnbdf.exe
        
        c:\ddnbdf.exe
        52⤵
        Executes dropped EXE
        
        PID:2684
        
        \??\c:\hnhlhl.exe
        
        c:\hnhlhl.exe
        53⤵
        Executes dropped EXE
        
        PID:2232
        
        \??\c:\dnjprlp.exe
        
        c:\dnjprlp.exe
        54⤵
        Executes dropped EXE
        
        PID:2368
        
        \??\c:\xbrfjhv.exe
        
        c:\xbrfjhv.exe
        55⤵
        Executes dropped EXE
        
        PID:1964
        
        \??\c:\ddnlj.exe
        
        c:\ddnlj.exe
        56⤵
        Executes dropped EXE
        
        PID:1696
        
        \??\c:\plnvhxh.exe
        
        c:\plnvhxh.exe
        57⤵
        Executes dropped EXE
        
        PID:1592
        
        \??\c:\ptxbphn.exe
        
        c:\ptxbphn.exe
        58⤵
        Executes dropped EXE
        
        PID:548
        
        \??\c:\vpbjd.exe
        
        c:\vpbjd.exe
        59⤵
        Executes dropped EXE
        
        PID:1384
        
        \??\c:\jxrttl.exe
        
        c:\jxrttl.exe
        60⤵
        Executes dropped EXE
        
        PID:884
        
        \??\c:\hnllf.exe
        
        c:\hnllf.exe
        61⤵
        Executes dropped EXE
        
        PID:880
        
        \??\c:\hjfjxrd.exe
        
        c:\hjfjxrd.exe
        62⤵
        Executes dropped EXE
        
        PID:1200
        
        \??\c:\pbdflx.exe
        
        c:\pbdflx.exe
        63⤵
        Executes dropped EXE
        
        PID:2584
        
        \??\c:\frttx.exe
        
        c:\frttx.exe
        64⤵
        Executes dropped EXE
        
        PID:2596
        
        \??\c:\hrhhxhn.exe
        
        c:\hrhhxhn.exe
        65⤵
        Executes dropped EXE
        
        PID:2540
        
        \??\c:\dtpblt.exe
        
        c:\dtpblt.exe
        66⤵
        
        PID:2744
        
        \??\c:\hrrnp.exe
        
        c:\hrrnp.exe
        67⤵
        
        PID:1912
        
        \??\c:\xpfhbpx.exe
        
        c:\xpfhbpx.exe
        68⤵
        
        PID:1436
        
        \??\c:\pvpbfbh.exe
        
        c:\pvpbfbh.exe
        69⤵
        
        PID:1504
        
        \??\c:\jttbnrj.exe
        
        c:\jttbnrj.exe
        70⤵
        
        PID:2164
        
        \??\c:\xxvrf.exe
        
        c:\xxvrf.exe
        71⤵
        
        PID:2432
        
        \??\c:\rvjbdfl.exe
        
        c:\rvjbdfl.exe
        72⤵
        
        PID:1440
        
        \??\c:\xvdtjx.exe
        
        c:\xvdtjx.exe
        73⤵
        
        PID:1784
        
        \??\c:\bffhl.exe
        
        c:\bffhl.exe
        74⤵
        
        PID:2852
        
        \??\c:\rpnvrvn.exe
        
        c:\rpnvrvn.exe
        75⤵
        
        PID:940
        
        \??\c:\jjrxhj.exe
        
        c:\jjrxhj.exe
        76⤵
        
        PID:1532
        
        \??\c:\tvxhvt.exe
        
        c:\tvxhvt.exe
        77⤵
        
        PID:844
        
        \??\c:\lndfhp.exe
        
        c:\lndfhp.exe
        78⤵
        
        PID:2312
        
        \??\c:\tvvxp.exe
        
        c:\tvvxp.exe
        79⤵
        
        PID:2992
        
        \??\c:\pvjllr.exe
        
        c:\pvjllr.exe
        80⤵
        
        PID:2812
        
        \??\c:\vbpjdxp.exe
        
        c:\vbpjdxp.exe
        81⤵
        
        PID:2280
        
        \??\c:\rvfxf.exe
        
        c:\rvfxf.exe
        82⤵
        
        PID:1096
        
        \??\c:\pbftnnp.exe
        
        c:\pbftnnp.exe
        83⤵
        
        PID:1712
        
        \??\c:\vlxfjxb.exe
        
        c:\vlxfjxb.exe
        84⤵
        
        PID:2196
        
        \??\c:\jvnrjj.exe
        
        c:\jvnrjj.exe
        85⤵
        
        PID:1808
        
        \??\c:\hlrvb.exe
        
        c:\hlrvb.exe
        86⤵
        
        PID:1552
        
        \??\c:\nnlxfp.exe
        
        c:\nnlxfp.exe
        87⤵
        
        PID:1480
        
        \??\c:\tjfrhnl.exe
        
        c:\tjfrhnl.exe
        88⤵
        
        PID:1672
        
        \??\c:\rhtvtxb.exe
        
        c:\rhtvtxb.exe
        89⤵
        
        PID:2080
        
        \??\c:\xvntj.exe
        
        c:\xvntj.exe
        90⤵
        
        PID:2932
        
        \??\c:\dfvvrl.exe
        
        c:\dfvvrl.exe
        91⤵
        
        PID:2140
        
        \??\c:\trvxpl.exe
        
        c:\trvxpl.exe
        92⤵
        
        PID:1676
        
        \??\c:\hvbrhx.exe
        
        c:\hvbrhx.exe
        93⤵
        
        PID:1564
        
        \??\c:\bpvhfdx.exe
        
        c:\bpvhfdx.exe
        94⤵
        
        PID:1792
        
        \??\c:\xnntn.exe
        
        c:\xnntn.exe
        95⤵
        
        PID:2176
        
        \??\c:\dpxbx.exe
        
        c:\dpxbx.exe
        96⤵
        
        PID:2892
        
        \??\c:\thbhj.exe
        
        c:\thbhj.exe
        97⤵
        
        PID:1744
        
        \??\c:\fdvjx.exe
        
        c:\fdvjx.exe
        98⤵
        
        PID:3020
        
        \??\c:\bnjbnb.exe
        
        c:\bnjbnb.exe
        99⤵
        
        PID:2508
        
        \??\c:\jndnx.exe
        
        c:\jndnx.exe
        100⤵
        
        PID:2996
        
        \??\c:\njdpppn.exe
        
        c:\njdpppn.exe
        101⤵
        
        PID:2672
        
        \??\c:\dnnvhj.exe
        
        c:\dnnvhj.exe
        102⤵
        
        PID:2632
        
        \??\c:\lxhppx.exe
        
        c:\lxhppx.exe
        103⤵
        
        PID:2648
        
        \??\c:\rvnfj.exe
        
        c:\rvnfj.exe
        104⤵
        
        PID:2416
        
        \??\c:\bpjhr.exe
        
        c:\bpjhr.exe
        105⤵
        
        PID:2740
        
        \??\c:\pfdhrhb.exe
        
        c:\pfdhrhb.exe
        106⤵
        
        PID:2660
        
        \??\c:\xtdhdh.exe
        
        c:\xtdhdh.exe
        107⤵
        
        PID:2440
        
        \??\c:\hfnpxl.exe
        
        c:\hfnpxl.exe
        108⤵
        
        PID:2044
        
        \??\c:\rnprbx.exe
        
        c:\rnprbx.exe
        109⤵
        
        PID:3040
        
        \??\c:\hpbllxt.exe
        
        c:\hpbllxt.exe
        110⤵
        
        PID:240
        
        \??\c:\jftpd.exe
        
        c:\jftpd.exe
        111⤵
        
        PID:2984
        
        \??\c:\trdfr.exe
        
        c:\trdfr.exe
        112⤵
        
        PID:1364
        
        \??\c:\rvfhpj.exe
        
        c:\rvfhpj.exe
        113⤵
        
        PID:1928
        
        \??\c:\xjjtt.exe
        
        c:\xjjtt.exe
        114⤵
        
        PID:1372
        
        \??\c:\pxblhtd.exe
        
        c:\pxblhtd.exe
        115⤵
        
        PID:280
        
        \??\c:\nbbbrr.exe
        
        c:\nbbbrr.exe
        116⤵
        
        PID:2696
        
        \??\c:\pdhtvv.exe
        
        c:\pdhtvv.exe
        117⤵
        
        PID:2752
        
        \??\c:\jhhprb.exe
        
        c:\jhhprb.exe
        118⤵
        
        PID:2332
        
        \??\c:\bxvhp.exe
        
        c:\bxvhp.exe
        119⤵
        
        PID:2040
        
        \??\c:\nhxlxdb.exe
        
        c:\nhxlxdb.exe
        120⤵
        
        PID:1104
        
        \??\c:\lpxtv.exe
        
        c:\lpxtv.exe
        121⤵
        
        PID:1980
        
        \??\c:\xtffj.exe
        
        c:\xtffj.exe
        122⤵
        
        PID:1976
        
        \??\c:\ffdlld.exe
        
        c:\ffdlld.exe
        123⤵
        
        PID:1504
        
        \??\c:\xvhnb.exe
        
        c:\xvhnb.exe
        124⤵
        
        PID:2464
        
        \??\c:\tvjxbll.exe
        
        c:\tvjxbll.exe
        125⤵
        
        PID:1452
        
        \??\c:\rtlfl.exe
        
        c:\rtlfl.exe
        126⤵
        
        PID:2244
        
        \??\c:\rllptvn.exe
        
        c:\rllptvn.exe
        127⤵
        
        PID:2352
        
        \??\c:\hdvvr.exe
        
        c:\hdvvr.exe
        128⤵
        
        PID:1768
        
        \??\c:\bptlhb.exe
        
        c:\bptlhb.exe
        129⤵
        
        PID:2304
        
        \??\c:\nxttjxh.exe
        
        c:\nxttjxh.exe
        130⤵
        
        PID:2136
        
        \??\c:\rpldjld.exe
        
        c:\rpldjld.exe
        131⤵
        
        PID:844
        
        \??\c:\rjbfbv.exe
        
        c:\rjbfbv.exe
        132⤵
        
        PID:3004
        
        \??\c:\brphrh.exe
        
        c:\brphrh.exe
        133⤵
        
        PID:676
        
        \??\c:\vdbxtnp.exe
        
        c:\vdbxtnp.exe
        134⤵
        
        PID:2296
        
        \??\c:\pxnhb.exe
        
        c:\pxnhb.exe
        135⤵
        
        PID:2064
        
        \??\c:\fdnll.exe
        
        c:\fdnll.exe
        136⤵
        
        PID:1724
        
        \??\c:\dnvtjhb.exe
        
        c:\dnvtjhb.exe
        137⤵
        
        PID:2012
        
        \??\c:\ddxnf.exe
        
        c:\ddxnf.exe
        138⤵
        
        PID:1816
        
        \??\c:\dfbdhp.exe
        
        c:\dfbdhp.exe
        139⤵
        
        PID:2000
        
        \??\c:\rxftrj.exe
        
        c:\rxftrj.exe
        140⤵
        
        PID:1552
        
        \??\c:\tvhth.exe
        
        c:\tvhth.exe
        141⤵
        
        PID:1480
        
        \??\c:\vjjvpnr.exe
        
        c:\vjjvpnr.exe
        142⤵
        
        PID:364
        
        \??\c:\rthtjh.exe
        
        c:\rthtjh.exe
        143⤵
        
        PID:3052
        
        \??\c:\fxdrnj.exe
        
        c:\fxdrnj.exe
        144⤵
        
        PID:2932
        
        \??\c:\hpfrl.exe
        
        c:\hpfrl.exe
        145⤵
        
        PID:2916
        
        \??\c:\blrnnvx.exe
        
        c:\blrnnvx.exe
        146⤵
        
        PID:3000
        
        \??\c:\rvtlnf.exe
        
        c:\rvtlnf.exe
        147⤵
        
        PID:1648
        
        \??\c:\fvvvbp.exe
        
        c:\fvvvbp.exe
        148⤵
        
        PID:1792
        
        \??\c:\xvxlhxh.exe
        
        c:\xvxlhxh.exe
        149⤵
        
        PID:2896
        
        \??\c:\fbhlnx.exe
        
        c:\fbhlnx.exe
        150⤵
        
        PID:2944
        
        \??\c:\dbtflf.exe
        
        c:\dbtflf.exe
        151⤵
        
        PID:1744
        
        \??\c:\pjtfrhf.exe
        
        c:\pjtfrhf.exe
        152⤵
        
        PID:2640
        
        \??\c:\hlrxtrb.exe
        
        c:\hlrxtrb.exe
        153⤵
        
        PID:3024
        
        \??\c:\jrndlnl.exe
        
        c:\jrndlnl.exe
        154⤵
        
        PID:2652
        
        \??\c:\rdrbhdx.exe
        
        c:\rdrbhdx.exe
        155⤵
        
        PID:2748
        
        \??\c:\rvftnrh.exe
        
        c:\rvftnrh.exe
        156⤵
        
        PID:2604
        
        \??\c:\vptrrjp.exe
        
        c:\vptrrjp.exe
        157⤵
        
        PID:2528
        
        \??\c:\rvnvhnl.exe
        
        c:\rvnvhnl.exe
        158⤵
        
        PID:2360
        
        \??\c:\brxndxh.exe
        
        c:\brxndxh.exe
        159⤵
        
        PID:2428
        
        \??\c:\fhrdxh.exe
        
        c:\fhrdxh.exe
        160⤵
        
        PID:2368
        
        \??\c:\drhnfx.exe
        
        c:\drhnfx.exe
        161⤵
        
        PID:2408
        
        \??\c:\jfptvn.exe
        
        c:\jfptvn.exe
        162⤵
        
        PID:1696
        
        \??\c:\xxbvhp.exe
        
        c:\xxbvhp.exe
        163⤵
        
        PID:1388
        
        \??\c:\pdvxj.exe
        
        c:\pdvxj.exe
        164⤵
        
        PID:1652
        
        \??\c:\jjxhl.exe
        
        c:\jjxhl.exe
        165⤵
        
        PID:2348
        
        \??\c:\bbbnjf.exe
        
        c:\bbbnjf.exe
        166⤵
        
        PID:884
        
        \??\c:\vtrjn.exe
        
        c:\vtrjn.exe
        167⤵
        
        PID:880
        
        \??\c:\rxtrrbn.exe
        
        c:\rxtrrbn.exe
        168⤵
        
        PID:2560
        
        \??\c:\fnhxn.exe
        
        c:\fnhxn.exe
        169⤵
        
        PID:2760
        
        \??\c:\xftxjn.exe
        
        c:\xftxjn.exe
        170⤵
        
        PID:2588
        
        \??\c:\fxfnlt.exe
        
        c:\fxfnlt.exe
        171⤵
        
        PID:2764
        
        \??\c:\fltdfbt.exe
        
        c:\fltdfbt.exe
        172⤵
        
        PID:1840
        
        \??\c:\vfjfn.exe
        
        c:\vfjfn.exe
        173⤵
        
        PID:1912
        
        \??\c:\jfbdv.exe
        
        c:\jfbdv.exe
        174⤵
        
        PID:1904
        
        \??\c:\nhnpph.exe
        
        c:\nhnpph.exe
        175⤵
        
        PID:2320
        
        \??\c:\jbrrx.exe
        
        c:\jbrrx.exe
        176⤵
        
        PID:1100
        
        \??\c:\drntndr.exe
        
        c:\drntndr.exe
        177⤵
        
        PID:1128
        
        \??\c:\jtprl.exe
        
        c:\jtprl.exe
        178⤵
        
        PID:2576
        
        \??\c:\jvdtl.exe
        
        c:\jvdtl.exe
        179⤵
        
        PID:764
        
        \??\c:\xjdjdl.exe
        
        c:\xjdjdl.exe
        180⤵
        
        PID:868
        
        \??\c:\bvfhb.exe
        
        c:\bvfhb.exe
        181⤵
        
        PID:2848
        
        \??\c:\hdphfbv.exe
        
        c:\hdphfbv.exe
        182⤵
        
        PID:2276
        
        \??\c:\rnltbj.exe
        
        c:\rnltbj.exe
        183⤵
        
        PID:3008
        
        \??\c:\fxtvr.exe
        
        c:\fxtvr.exe
        184⤵
        
        PID:540
        
        \??\c:\bjtpn.exe
        
        c:\bjtpn.exe
        185⤵
        
        PID:584
        
        \??\c:\xltjnj.exe
        
        c:\xltjnj.exe
        186⤵
        
        PID:2172
        
        \??\c:\ffnvr.exe
        
        c:\ffnvr.exe
        187⤵
        
        PID:2316
        
        \??\c:\lfjxnd.exe
        
        c:\lfjxnd.exe
        188⤵
        
        PID:964
        
        \??\c:\hrjtlt.exe
        
        c:\hrjtlt.exe
        189⤵
        
        PID:1112
        
        \??\c:\nhrrfv.exe
        
        c:\nhrrfv.exe
        190⤵
        
        PID:708
        
        \??\c:\brbpl.exe
        
        c:\brbpl.exe
        191⤵
        
        PID:632
        
        \??\c:\xlntjfl.exe
        
        c:\xlntjfl.exe
        192⤵
        
        PID:2016
        
        \??\c:\xbtvrj.exe
        
        c:\xbtvrj.exe
        193⤵
        
        PID:1624
        
        \??\c:\dppllf.exe
        
        c:\dppllf.exe
        194⤵
        
        PID:2804
        
        \??\c:\lhflx.exe
        
        c:\lhflx.exe
        195⤵
        
        PID:1544
        
        \??\c:\hprhv.exe
        
        c:\hprhv.exe
        196⤵
        
        PID:1736
        
        \??\c:\jhvpllx.exe
        
        c:\jhvpllx.exe
        197⤵
        
        PID:2932
        
        \??\c:\drjbr.exe
        
        c:\drjbr.exe
        198⤵
        
        PID:1432
        
        \??\c:\dlrxr.exe
        
        c:\dlrxr.exe
        199⤵
        
        PID:1688
        
        \??\c:\lvlvhth.exe
        
        c:\lvlvhth.exe
        200⤵
        
        PID:2772
        
        \??\c:\ttjlpb.exe
        
        c:\ttjlpb.exe
        201⤵
        
        PID:2100
        
        \??\c:\jbflx.exe
        
        c:\jbflx.exe
        202⤵
        
        PID:2552
        
        \??\c:\fbxxhd.exe
        
        c:\fbxxhd.exe
        203⤵
        
        PID:2784
        
        \??\c:\fxxfn.exe
        
        c:\fxxfn.exe
        204⤵
        
        PID:2096
        
        \??\c:\jpldh.exe
        
        c:\jpldh.exe
        205⤵
        
        PID:1744
        
        \??\c:\tnrtn.exe
        
        c:\tnrtn.exe
        206⤵
        
        PID:2148
        
        \??\c:\txlrtfr.exe
        
        c:\txlrtfr.exe
        207⤵
        
        PID:3024
        
        \??\c:\nfrdlh.exe
        
        c:\nfrdlh.exe
        208⤵
        
        PID:2808
        
        \??\c:\bpbnjvl.exe
        
        c:\bpbnjvl.exe
        209⤵
        
        PID:2964
        
        \??\c:\njttlt.exe
        
        c:\njttlt.exe
        210⤵
        
        PID:2500
        
        \??\c:\drfdnht.exe
        
        c:\drfdnht.exe
        211⤵
        
        PID:2536
        
        \??\c:\bvnjfrb.exe
        
        c:\bvnjfrb.exe
        212⤵
        
        PID:2716
        
        \??\c:\fdjbvv.exe
        
        c:\fdjbvv.exe
        213⤵
        
        PID:2232
        
        \??\c:\pljbtxn.exe
        
        c:\pljbtxn.exe
        214⤵
        
        PID:1824
        
        \??\c:\bjtrhvl.exe
        
        c:\bjtrhvl.exe
        215⤵
        
        PID:2412
        
        \??\c:\txtxbv.exe
        
        c:\txtxbv.exe
        216⤵
        
        PID:2872
        
        \??\c:\xvlptdp.exe
        
        c:\xvlptdp.exe
        217⤵
        
        PID:644
        
        \??\c:\brvnj.exe
        
        c:\brvnj.exe
        218⤵
        
        PID:1384
        
        \??\c:\rldtdr.exe
        
        c:\rldtdr.exe
        219⤵
        
        PID:2884
        
        \??\c:\fxntln.exe
        
        c:\fxntln.exe
        220⤵
        
        PID:968
        
        \??\c:\vhrlj.exe
        
        c:\vhrlj.exe
        221⤵
        
        PID:2700
        
        \??\c:\xdfrp.exe
        
        c:\xdfrp.exe
        222⤵
        
        PID:280
        
        \??\c:\ljddj.exe
        
        c:\ljddj.exe
        223⤵
        
        PID:2704
        
        \??\c:\pfrlxtr.exe
        
        c:\pfrlxtr.exe
        224⤵
        
        PID:2752
        
        \??\c:\xnbhlb.exe
        
        c:\xnbhlb.exe
        225⤵
        
        PID:1656
        
        \??\c:\nnnrx.exe
        
        c:\nnnrx.exe
        226⤵
        
        PID:2168
        
        \??\c:\hjjlj.exe
        
        c:\hjjlj.exe
        227⤵
        
        PID:1104
        
        \??\c:\vfxfv.exe
        
        c:\vfxfv.exe
        228⤵
        
        PID:1980
        
        \??\c:\tlnrb.exe
        
        c:\tlnrb.exe
        229⤵
        
        PID:1436
        
        \??\c:\tjhjvh.exe
        
        c:\tjhjvh.exe
        230⤵
        
        PID:1504
        
        \??\c:\jbdtxvj.exe
        
        c:\jbdtxvj.exe
        231⤵
        
        PID:1100
        
        \??\c:\drfdj.exe
        
        c:\drfdj.exe
        232⤵
        
        PID:2432
        
        \??\c:\frjtjd.exe
        
        c:\frjtjd.exe
        233⤵
        
        PID:2244
        
        \??\c:\pntrh.exe
        
        c:\pntrh.exe
        234⤵
        
        PID:800
        
        \??\c:\hllfnvd.exe
        
        c:\hllfnvd.exe
        235⤵
        
        PID:940
        
        \??\c:\xjrbh.exe
        
        c:\xjrbh.exe
        236⤵
        
        PID:3048
        
        \??\c:\nvvrr.exe
        
        c:\nvvrr.exe
        237⤵
        
        PID:2276
        
        \??\c:\pvdjd.exe
        
        c:\pvdjd.exe
        238⤵
        
        PID:1708
        
        \??\c:\jhvxrn.exe
        
        c:\jhvxrn.exe
        239⤵
        
        PID:2300
        
        \??\c:\vbhxjxv.exe
        
        c:\vbhxjxv.exe
        240⤵
        
        PID:436
        
        \??\c:\jljtv.exe
        
        c:\jljtv.exe
        241⤵
        
        PID:2296
        
        \??\c:\xjbbdp.exe
        
        c:\xjbbdp.exe
        242⤵
        
        PID:2064
        
        \??\c:\tvphf.exe
        
        c:\tvphf.exe
        243⤵
        
        PID:692
        
        \??\c:\bvjxnj.exe
        
        c:\bvjxnj.exe
        244⤵
        
        PID:2012
        
        \??\c:\vftnbl.exe
        
        c:\vftnbl.exe
        245⤵
        
        PID:708
        
        \??\c:\rvxlpv.exe
        
        c:\rvxlpv.exe
        246⤵
        
        PID:936
        
        \??\c:\vvxlnvr.exe
        
        c:\vvxlnvr.exe
        247⤵
        
        PID:632
        
        \??\c:\prjbnnv.exe
        
        c:\prjbnnv.exe
        248⤵
        
        PID:2016
        
        \??\c:\nrjrrbr.exe
        
        c:\nrjrrbr.exe
        249⤵
        
        PID:1624
        
        \??\c:\tlprfjh.exe
        
        c:\tlprfjh.exe
        250⤵
        
        PID:1996
        
        \??\c:\fbhxrb.exe
        
        c:\fbhxrb.exe
        251⤵
        
        PID:2556
        
        \??\c:\fxnrlp.exe
        
        c:\fxnrlp.exe
        252⤵
        
        PID:3012
        
        \??\c:\fxnljdl.exe
        
        c:\fxnljdl.exe
        253⤵
        
        PID:2932
        
        \??\c:\ptvrflp.exe
        
        c:\ptvrflp.exe
        254⤵
        
        PID:832
        
        \??\c:\xjpff.exe
        
        c:\xjpff.exe
        255⤵
        
        PID:1688
        
        \??\c:\bbxjvp.exe
        
        c:\bbxjvp.exe
        256⤵
        
        PID:2324
        
        \??\c:\xdxnr.exe
        
        c:\xdxnr.exe
        257⤵
        
        PID:2264
        
        \??\c:\ntrvr.exe
        
        c:\ntrvr.exe
        258⤵
        
        PID:2888
        
        \??\c:\tvrhx.exe
        
        c:\tvrhx.exe
        259⤵
        
        PID:2504
        
        \??\c:\phbvnv.exe
        
        c:\phbvnv.exe
        260⤵
        
        PID:2944
        
        \??\c:\hjhhbf.exe
        
        c:\hjhhbf.exe
        261⤵
        
        PID:2668
        
        \??\c:\pjbdh.exe
        
        c:\pjbdh.exe
        262⤵
        
        PID:2480
        
        \??\c:\rjtdr.exe
        
        c:\rjtdr.exe
        263⤵
        
        PID:2524
        
        \??\c:\ljhxtpj.exe
        
        c:\ljhxtpj.exe
        264⤵
        
        PID:2656
        
        \??\c:\jxlnxbh.exe
        
        c:\jxlnxbh.exe
        265⤵
        
        PID:2616
        
        \??\c:\vbvrnld.exe
        
        c:\vbvrnld.exe
        266⤵
        
        PID:2684
        
        \??\c:\jvdbd.exe
        
        c:\jvdbd.exe
        267⤵
        
        PID:2476
        
        \??\c:\tfbhtv.exe
        
        c:\tfbhtv.exe
        268⤵
        
        PID:2740
        
        \??\c:\bdrtxjb.exe
        
        c:\bdrtxjb.exe
        269⤵
        
        PID:2440
        
        \??\c:\pldxrn.exe
        
        c:\pldxrn.exe
        270⤵
        
        PID:2184
        
        \??\c:\fdbrjbp.exe
        
        c:\fdbrjbp.exe
        271⤵
        
        PID:2876
        
        \??\c:\rfjpj.exe
        
        c:\rfjpj.exe
        272⤵
        
        PID:240
        
        \??\c:\dpjxdrb.exe
        
        c:\dpjxdrb.exe
        273⤵
        
        PID:520
        
        \??\c:\btnxh.exe
        
        c:\btnxh.exe
        274⤵
        
        PID:1348
        
        \??\c:\rhtpbj.exe
        
        c:\rhtpbj.exe
        275⤵
        
        PID:2884
        
        \??\c:\ftvbh.exe
        
        c:\ftvbh.exe
        276⤵
        
        PID:568
        
        \??\c:\rhjnhlf.exe
        
        c:\rhjnhlf.exe
        277⤵
        
        PID:2572
        
        \??\c:\xhvnf.exe
        
        c:\xhvnf.exe
        278⤵
        
        PID:2600
        
        \??\c:\jjrtlxl.exe
        
        c:\jjrtlxl.exe
        279⤵
        
        PID:2732
        
        \??\c:\tldjhdl.exe
        
        c:\tldjhdl.exe
        280⤵
        
        PID:2340
        
        \??\c:\xllxjpf.exe
        
        c:\xllxjpf.exe
        281⤵
        
        PID:2332
        
        \??\c:\txjdvj.exe
        
        c:\txjdvj.exe
        282⤵
        
        PID:2328
        
        \??\c:\rfnjbjl.exe
        
        c:\rfnjbjl.exe
        283⤵
        
        PID:1104
        
        \??\c:\bdhbrn.exe
        
        c:\bdhbrn.exe
        284⤵
        
        PID:1800
        
        \??\c:\fpnbhv.exe
        
        c:\fpnbhv.exe
        285⤵
        
        PID:1536
        
        \??\c:\vnfpb.exe
        
        c:\vnfpb.exe
        286⤵
        
        PID:1504
        
        \??\c:\fnflx.exe
        
        c:\fnflx.exe
        287⤵
        
        PID:2544
        
        \??\c:\rvpvjxx.exe
        
        c:\rvpvjxx.exe
        288⤵
        
        PID:1116
        
        \??\c:\xjrjf.exe
        
        c:\xjrjf.exe
        289⤵
        
        PID:768
        
        \??\c:\lfdxfdv.exe
        
        c:\lfdxfdv.exe
        290⤵
        
        PID:2852
        
        \??\c:\flrvxjn.exe
        
        c:\flrvxjn.exe
        291⤵
        
        PID:1768
        
        \??\c:\dhhnpn.exe
        
        c:\dhhnpn.exe
        292⤵
        
        PID:2816
        
        \??\c:\rbbhvb.exe
        
        c:\rbbhvb.exe
        293⤵
        
        PID:3008
        
        \??\c:\fjrnnbj.exe
        
        c:\fjrnnbj.exe
        294⤵
        
        PID:1708
        
        \??\c:\fdlhft.exe
        
        c:\fdlhft.exe
        295⤵
        
        PID:676
        
        \??\c:\xrhfft.exe
        
        c:\xrhfft.exe
        296⤵
        
        PID:2920
        
        \??\c:\vhftxhp.exe
        
        c:\vhftxhp.exe
        297⤵
        
        PID:1064
        
        \??\c:\bbvdtn.exe
        
        c:\bbvdtn.exe
        298⤵
        
        PID:2272
        
        \??\c:\tbtrp.exe
        
        c:\tbtrp.exe
        299⤵
        
        PID:1724
        
        \??\c:\lhrjn.exe
        
        c:\lhrjn.exe
        300⤵
        
        PID:984
        
        \??\c:\blvntbn.exe
        
        c:\blvntbn.exe
        301⤵
        
        PID:1816
        
        \??\c:\dhpxl.exe
        
        c:\dhpxl.exe
        302⤵
        
        PID:932
        
        \??\c:\fvdpjfx.exe
        
        c:\fvdpjfx.exe
        303⤵
        
        PID:1480
        
        \??\c:\hbxjlbp.exe
        
        c:\hbxjlbp.exe
        304⤵
        
        PID:564
        
        \??\c:\rbprbb.exe
        
        c:\rbprbb.exe
        305⤵
        
        PID:2080
        
        \??\c:\xhvxxhj.exe
        
        c:\xhvxxhj.exe
        306⤵
        
        PID:2140
        
        \??\c:\xvldvjj.exe
        
        c:\xvldvjj.exe
        307⤵
        
        PID:1556
        
        \??\c:\vvrhr.exe
        
        c:\vvrhr.exe
        308⤵
        
        PID:1684
        
        \??\c:\jpdjnb.exe
        
        c:\jpdjnb.exe
        309⤵
        
        PID:1564
        
        \??\c:\bljhx.exe
        
        c:\bljhx.exe
        310⤵
        
        PID:1144
        
        \??\c:\nrlph.exe
        
        c:\nrlph.exe
        311⤵
        
        PID:2180
        
        \??\c:\ddhllb.exe
        
        c:\ddhllb.exe
        312⤵
        
        PID:2324
        
        \??\c:\jflrh.exe
        
        c:\jflrh.exe
        313⤵
        
        PID:1604
        
        \??\c:\vpjvjph.exe
        
        c:\vpjvjph.exe
        314⤵
        
        PID:2784
        
        \??\c:\hpxjlph.exe
        
        c:\hpxjlph.exe
        315⤵
        
        PID:2864
        
        \??\c:\jxdbpl.exe
        
        c:\jxdbpl.exe
        316⤵
        
        PID:2664
        
        \??\c:\trpdhjh.exe
        
        c:\trpdhjh.exe
        317⤵
        
        PID:1960
        
        \??\c:\vjlljdj.exe
        
        c:\vjlljdj.exe
        318⤵
        
        PID:2644
        
        \??\c:\fdxddhr.exe
        
        c:\fdxddhr.exe
        319⤵
        
        PID:3024
        
        \??\c:\vvhnbnb.exe
        
        c:\vvhnbnb.exe
        320⤵
        
        PID:2388
        
        \??\c:\hljtn.exe
        
        c:\hljtn.exe
        321⤵
        
        PID:2500
        
        \??\c:\xphfhb.exe
        
        c:\xphfhb.exe
        322⤵
        
        PID:2536
        
        \??\c:\vfrbrrj.exe
        
        c:\vfrbrrj.exe
        323⤵
        
        PID:2396
        
        \??\c:\dlpptt.exe
        
        c:\dlpptt.exe
        324⤵
        
        PID:2124
        
        \??\c:\fhlbdh.exe
        
        c:\fhlbdh.exe
        325⤵
        
        PID:2044
        
        \??\c:\bjbpr.exe
        
        c:\bjbpr.exe
        326⤵
        
        PID:2412
        
        \??\c:\jlpbjd.exe
        
        c:\jlpbjd.exe
        327⤵
        
        PID:2872
        
        \??\c:\pdndpt.exe
        
        c:\pdndpt.exe
        328⤵
        
        PID:2984
        
        \??\c:\ddfbd.exe
        
        c:\ddfbd.exe
        329⤵
        
        PID:1072

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\bbhdf.exe

Filesize
39KB

MD5
2ea0ffcb5b251e9a37ae17c289cb5f14

SHA1
d9cfa82c21b7bfce5c7604e4f1dd767b77e17029

SHA256
e0bfd9e9e6108b23722c54743eded50bb12485aa954f761079bdf5e4c2f814dd

SHA512
c81168174c1bd61e804d6021e331f5f1d6565c562dbf8ddaf76111a9abd78663814825571a29ff26bbd6f5146a3cbfd62835884b45120e7dea79e4735bbc2f1f

Download Submit
C:\bdhxp.exe

Filesize
40KB

MD5
22e9663bc5ba2e11a5941e1dcfe092f3

SHA1
37760bf7180d32e335d13b9833b61bf91c18a28a

SHA256
e532d6833475578d8536eae655aab9d6b663e00738bf8fb48b14340ad3229a7b

SHA512
89e14fd8e1437086a0b6504043605d21731968f4fa8b12f907dc6ade5cdb7c89946a3a86692d237a97c4e58fe3e458ff0e8c15b797aec043abfb1c8f054b9461

Download Submit
C:\bhxhhbd.exe

Filesize
39KB

MD5
a42b0a7be91051b0dd36ca9bba6566bd

SHA1
e0d4e23a11c5bc65f821eaa35161d433f4d64d30

SHA256
3c04fc0af53991d246af8fa3d48223c034426d8f1c8c70e63ed3325872685061

SHA512
2fdd686b20112e7c279d65ec8c7f495de56f2798bb88f09d50be923883a13980c41ea993453011e3ba78ea79c43a841f5caf5c0cd7af2f998e953bcb5aeee514

Download Submit
C:\bvbfx.exe

Filesize
39KB

MD5
6b3efd4ff7e9950dc586cbe649ef02b4

SHA1
9d5a566f4a8926f4840676173085524eb2423f99

SHA256
a82ecbc9dc2859494ec41c2dc7312823e5c2e6cafc9789e830027f9aa8d9a9ef

SHA512
d3441dc96d4e0ac4df4cd1f95b08e9ce79a8fef50c57455a16e348646aa554bb9bf7df9bedbbc853b2954462e5c8ffac6ccbc17b3b8fcf988cf4d5caaafeb605

Download Submit
C:\bvjthdb.exe

Filesize
39KB

MD5
87f3bd4097fa68571ae7b3b8631a34f2

SHA1
da54019a0c34a2bd1df4b80365238862e38a40fe

SHA256
41a9fc2c085f8e4b6d50e1612742498e9decf097aedc1d403a41b891e88359dc

SHA512
9497233a0ba773206a7d433679a040283eaade585955d9d59256a9a4e786a89ad63f4f46748a9947cdf5e4d083ddaead7f6c28572326897d8aa09b073094e6b5

Download Submit
C:\fhdntp.exe

Filesize
40KB

MD5
945fc7654694779622e4f27a3ed59fa8

SHA1
4231c2851158d1684dfa8087836157d8682fb436

SHA256
f0febab723d57a1c2dd342cacdf804c10e93f538410e54807e3d9c3d73216ae0

SHA512
d0baf7341a510ac365dcedf26097308eb5d3b2ca51f807b5a249b857e005d5db35b6d27a92a00084ee6d6752a3dae5bd3c042a4a99be0a3c4ee2a617cc4d81e4

Download Submit
C:\fjddrxr.exe

Filesize
39KB

MD5
3659688ab53e5f93ee12202f9ade86db

SHA1
215e757856678629d243f5c00ba35a17a18ccd12

SHA256
98e1895dba2e9ea38a2a1207856e1164fb05fafb581a840f41d3288d7344e649

SHA512
2a7f1427f6c1c9f615f597c498157232b841672b7728200841090b36e3385b99417807486e3600f30466147293b5488e1f4f88fd28dc5fc64d2cb07ad0ec2e9f

Download Submit
C:\fxfxhn.exe

Filesize
39KB

MD5
93ee5557485826207446959ab3df81f3

SHA1
96542db6ad2cf5ae16039d687638b85bd539a808

SHA256
e52535a731bcef41db095bf29de4d8a55ab417db0d4edb2c05f9461ba89091bb

SHA512
4b95e08f4330dd96c5ddbe829238f62f8dd556736c7ba169805b4d8eee37a26766285170bb9a5ee966521be8e152d6fa709ea83ac0ba513f1876a5206af67bf8

Download Submit
C:\hjpjxrp.exe

Filesize
39KB

MD5
caa76f2e41d3ea2916fe8c129e269454

SHA1
f0e560efa1a80d88383bf89e7aca719742624343

SHA256
9e915352180df1539d9b60c96a6e87be69c52e889d3b06863fd8ebe48b04446b

SHA512
db2c74332cab21e5b216dd5b741ef8e94238cb46cc90efff8a5ffe773818fae0e221af0ddeca93de882a2d61b0b22064ba1100c2cd08498d798b5dcc49a83bfb

Download Submit
C:\hvlbb.exe

Filesize
39KB

MD5
1d1ae842a8b3b400d5f725c6f5c7b782

SHA1
40ceddbfa86fc0847d6e7d9f567774f6707e0e14

SHA256
c0cb0d935246da28b27de1645c71313719634da84fc416191c328f1d275f15c9

SHA512
6d2685eebc6ace4c6e6f5a57a8c1cacdc99fa9d6409d3b09845f3acff1cbf75faf7d79d4f678234c37301e2f25ae85610b1dded90b7f592e02d5795b2ef3c31d

Download Submit
C:\jdvdl.exe

Filesize
39KB

MD5
345a4effa069d1050d16a2c19bfb5aee

SHA1
23b036c9b983410b421344f25f289d9cfaf70b3e

SHA256
16cd9cdc783a259da8a794b85c0d46fb73b669758aa5f162052e9a29baca876e

SHA512
a26ff8636b382f4bc4a1da3464d348ac3b6aeba9960d4f6907662caf1b7236ec128bc79d8ef93248b3ed1dddee50d63eefd91383c135151a73c89b6a27c6617c

Download Submit
C:\lfhpxn.exe

Filesize
39KB

MD5
3d34af2945e68dfba892b2b2c3135783

SHA1
612a56abce0f8c1d77ec5c27c0792cc02ac0072d

SHA256
0ca5c1d0b9e320c6cfc3bfef87f5b4a4b4456fd69863bec3307d8abd09b94bf7

SHA512
e57629eb06afabe777d79db41319cd7d23239e2a4925f9621dbc49e6a88e37162c5cd76ca7bdc8bf8fb7c6d63735ab9ca918d7dc032962e7ee1c9d1ca13744d5

Download Submit
C:\lnbbr.exe

Filesize
39KB

MD5
6d852ac71a3040761e08944255339a44

SHA1
d3ec7920e21b4bc1d39146d265980b26a496a178

SHA256
ca8ec1a22af63de6179d0d3f47853cf60b9f8161087bd93841471c49d91eb8a8

SHA512
58fb94c19d9b9b816b2084783f393c2d0c4daaf09cd30a8d73c8deb356dae2dfe2f67b8c6df272cc3a4dee849345178eb29dbf0da0f40da4eaaa9d4447d9e319

Download Submit
C:\lpxprtb.exe

Filesize
39KB

MD5
d53b0339234a55c9fa0176b4abf26f78

SHA1
55eb6d2e2e49aa0ad68153f108fecb96e29a36cb

SHA256
b656af5e6143fa04692cfc1519aea6433e82710096aab4124d5ba94bf18582fb

SHA512
b0795a5c3da44b95cf1adeb889e3a899794a1e8273cd73a092804382246688dd39a2dff6505377d6bd7226f43df2a06b16547a0e57d5d7c40212ded1c502276f

Download Submit
C:\lrjlt.exe

Filesize
39KB

MD5
dd983bf8e0e9c9962edf5b82523eb0e4

SHA1
ac2d441708d583abb7665b67ee4524f5ae5b45a0

SHA256
fe91d9a924266837152a84b70e123214fcfd1c6e3b26fc8975832f53d2ef149f

SHA512
dfff6d92e8d2e5257c86994c8a9e628e08c1f4580d31f4396a1e866ef8a28a79c6ade703f8c9efe5fb7b753c4a09ffc169e6c58b898393e9b016541ba1e25a45

Download Submit
C:\nbjxfpb.exe

Filesize
39KB

MD5
44d4ca65bab1bc4001218da4e3d9cc07

SHA1
18ebb8ded2e8a41db79d1058168d105fb23955bd

SHA256
b5628bbcf652bb1bbe6c0cbf0f897ab573d25444950a7fccb954a20d62c50907

SHA512
c8896e5e3dad89e758d369d2c8cbf4125b387dcbed739e70693c8ddc77b5bb0e3fc88ef7c514ab1ac22960621aea657ca407b1142d32a10d8f12f4ad972bafdf

Download Submit
C:\nrdtb.exe

Filesize
39KB

MD5
6fb01f35d39c0c81eacc6a0407c3b178

SHA1
7349ad252a45caa874faddf266eac3b22445d12e

SHA256
14f1c5e77af04fb096a03b6164c61f3b5603738149538d338f64877cd7727cbf

SHA512
00818d04e50ff80e4bd1caa64238ee9d2bd0ca6b7befa6224e0eb101c8c17dfeafc323de509b6f2bb48ace39dc1aa09bfce03c56b213095d2bde9717889d45ca

Download Submit
C:\nrphvb.exe

Filesize
39KB

MD5
dbda8f6582b6077945bdd52cc6d776f8

SHA1
57935c66e5695440146e0029b71f49105c0b46bb

SHA256
4e945d3d348d85eea06ab967b6781d0d41e3e4efaf8436757798b00f8df84cf1

SHA512
efbc20b3aa222f7ecf5e942536f4471d4897f92ca829095e1aea48fd001c5865ae243520a8f78b617a3d79c80e4a8d66923e11de94d2c779cc63f7ef0871a335

Download Submit
C:\nthjlr.exe

Filesize
39KB

MD5
4eea289c1448c3c13d93900f883b593f

SHA1
e892e39a8ef26d4c06bb3f6e1a28bdd6500136cd

SHA256
b29284733980d5194cbf3a9c78ae14fbc6e53549aed871e8bdf69a3a46e1087d

SHA512
8755521e1677954d213eacf70d02d976b8ecd331bf66665ccd4efdad74ca106b584b88159a0194daf56a8661452e6ed89a1ced74b6561158ece07097769d9f63

Download Submit
C:\pblxfxh.exe

Filesize
40KB

MD5
0bc2dd35593e6087c779239efd613cbd

SHA1
0181e8036e42d50700d8f648f30d4fdc20ec5bee

SHA256
4d659ee960ef560db7df317b902f62afa6a47c61a5934b40fb11b3a78502c603

SHA512
63d730f48a8062e2043aa667472fa0ef83e5cb542513cf6218979f6543222e4e153e92c1af155115da066b11ffa55452c89911d49dd7d238d0f9313e37dbb788

Download Submit
C:\pppddp.exe

Filesize
40KB

MD5
ab35fc27aaef5b0ac8689020ed57e675

SHA1
25c26f50cfa043781c683b4c85d98a55dd1fc2c4

SHA256
95359fa4c0edc4f2538920a3cfa8782e50d754c633189891c9965a61db44011a

SHA512
822d232d60b148c39e7d77e5abe66020ab2c82ad01031c49fe1553e91856614f669c6fa89da0da93ee89891e6bda05be02eff269b74a3ba1cc75c9bb0bb9abc3

Download Submit
C:\prhrt.exe

Filesize
39KB

MD5
9b34c4bf99ecc2c2a0f6e76bb7d83e56

SHA1
b0a3fcb1033d299b6754b3e0688a562e76c3138f

SHA256
d15bba90cc14cd576f5a2bad6a54efb62234db1978c0a668fa381fac76e6f656

SHA512
f733796463d96390dd6d6f0969318f7eca6ad1d0f396dbac0406a6b270f5fe1beff2a66d743aaa9779aeb95e9d5b82cc6c3ebfcdd30fff1dce6467f77abe29ec

Download Submit
C:\pvxxx.exe

Filesize
39KB

MD5
e959ab36edd8d45c13439732c792e2ba

SHA1
981bdf944ace5ef5afa3217a049843c643965b76

SHA256
0261695f89524ba7fa0a7df08f68710bc01da1d5dd78cdd2ca5487dee53d9330

SHA512
4cf59ba060caa21f95f5aa3c048687a4500f1df9b5e1a7ceb27d805a3af6f52b9c82749378bc8f540c80179cc079e8205f088b314ed80254e9616d26f3533447

Download Submit
C:\pxhrvt.exe

Filesize
39KB

MD5
c090060eef513d2483cb867ea5b6f342

SHA1
fdb6f19bd088791c59a7eaa93aa229ac6d2ec84a

SHA256
07d7c91a0d5124e78649bcec41dd7dd331b1826e03aa7d6be27519a81ee1f870

SHA512
3b04ef9c04a3201bcd18ec08cd7fa78d592865dff90405d5d50cdd00bb33f7802b307b25620e6964012f61c8406524eae1715a1383503e1bc89db50d835ea089

Download Submit
C:\rhhdjd.exe

Filesize
39KB

MD5
0844a68daf9f87af1004071f55ebe65a

SHA1
d5dbb33db0d1d4dfba66aea805b03e30f9911387

SHA256
f9016063d2152e7970a85cbbfc2fedb6e08bd92ba4af853fe3ed7fedff41096f

SHA512
3461b0eceb429f7f6905e05e4da80930740d0983490cffd2be6fa27932ed341c01aa70c404c55c67bbef12c2a7457de82846ef36c66b1a925bda0a25bd381e50

Download Submit
C:\rhjprb.exe

Filesize
39KB

MD5
abf18ac6300c57b8c38a49009eb54479

SHA1
6ff7d0bfe07a51f74c86297a03e03198ad6f79b3

SHA256
8324e9a81bc0b38da3da928f412097721b480e987024cedbe10223fcb536b45c

SHA512
617839dc9c106ba01d1fc975f19fc20bfb510d52549d6201a2540662c8023d0ab825b5d2c7ebb1fbc544f0d8fea341400fe838a4806bf4006971d3b2129b3d2d

Download Submit
C:\tbvtxp.exe

Filesize
39KB

MD5
5afa7b7116824b87a5946f431d37b342

SHA1
750d901062c09ae482d16aefb981a236f1365791

SHA256
16e21472d8d335e47a61bc31e127af13d26caedffe22f71f5df0b723312d09c6

SHA512
2e89ee4c970c78c6e875fdbaf5840cf9f83ac169a1c0b712883128711cb12306d612009a9ba20016c8e99b7c6c930d21fb0ad568e8bdf9c9ff54c1d46659801e

Download Submit
C:\tdjhp.exe

Filesize
39KB

MD5
640dcd76f1169dc2531bc493afa26afb

SHA1
382ffbb8cf1423913d7c8b0e6482cd2bf5175708

SHA256
64974bceb478522728f9ebeb6357340bb0dd4438af0c810631268edf7708ac4a

SHA512
641cc8734a66735d91dccbc8847c3ef79063913f6fc8472d2acfb012f2d2ade32559c153acba4fa362c59414da80e79003b787b799c5fc7c401054ae85b221f2

Download Submit
C:\trrprdn.exe

Filesize
39KB

MD5
5d3f3d66f7f828b0b1c9cbf02bbd096e

SHA1
b7fe0fc1946b6033b77392a08c83d11426150f47

SHA256
b5ca2ccaee219b3c569d9dd79635015cb3cc4efafa89df40ce924a307b5e0c0e

SHA512
f22ed7dda856df3992c72c93030cb66199b366b3260f22b6b8ffe0b345994c38deb5c50b8a3d7ef950f4cb6107c742b95ac579c7b4af426d5087367490513bb7

Download Submit
C:\vdjnpb.exe

Filesize
39KB

MD5
6b3e32d4ce3b5d8544ae80f1b2f090a7

SHA1
5d171b9bd4c26c9aed12dc215cf8b1eb9a10db97

SHA256
d37942db47fc7f5afcaf540571c17efa2bd8527d60200ad08be9820b61052e74

SHA512
b8bfb758d758fb6f3bc29d7cd3e771d815c464d47272a68fe3c1a0c02db202a0a5050fc89820a07634840746640cf3f271094a915b6eec70d5906e7dca99ed18

Download Submit
C:\vtfbrpf.exe

Filesize
39KB

MD5
ac188337475753003c34d9e09b862fd4

SHA1
c9850ad6d488b0cc12cdf55238d964ec3e814af1

SHA256
07ce50cc06eaf1082e4aba9b138e624dbe0363830b3bf25504454246a9623add

SHA512
ce2dafac3fdc4df49e6114c5916c8bea642401697e97624db0b46556c38cb56b87ccff7817d6392c7e44fbb030d828e8da2348959fe5c53c7204cb5f26804b24

Download Submit
C:\xrtxp.exe

Filesize
39KB

MD5
462c290a9b61416d5b40d28effc9b9d7

SHA1
e74eb1bedb091f9b2eeda31cd709c269ecd2d42e

SHA256
9a77263988aa46d4f755d626b88eefcff0a516fc91f04f6b1639f276a337b0e4

SHA512
69f377fa8b21e69e5c69f00b6c87e9996ec39ef18efd11febcc25740cc05f0faefa6a0aff5fdfb55c8d05be66647a80a35b5393d18f471aea6ce0be62306731a

Download Submit
memory/2324-1339-0x0000000077020000-0x000000007713F000-memory.dmp

Filesize
1.1MB

Download
memory/2324-1340-0x0000000076F20000-0x000000007701A000-memory.dmp

Filesize
1000KB

Download
memory/2324-1616-0x0000000077020000-0x000000007713F000-memory.dmp

Filesize
1.1MB

Download
memory/2324-1617-0x0000000076F20000-0x000000007701A000-memory.dmp

Filesize
1000KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads