Analysis
-
max time kernel
150s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 00:47
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
95dacae897d29f9c07eece8cb6404ee483eb171c80602ed017a56c1298510cc1.exe
Resource
win7-20240221-en
6 signatures
150 seconds
General
-
Target
95dacae897d29f9c07eece8cb6404ee483eb171c80602ed017a56c1298510cc1.exe
-
Size
414KB
-
MD5
77306c0ec501c7c6411d9446df0607a8
-
SHA1
497e97c489924197f0bc9ec4200b83bf813a16c8
-
SHA256
95dacae897d29f9c07eece8cb6404ee483eb171c80602ed017a56c1298510cc1
-
SHA512
24d946aca077e1a693e05c4286b4ba5d4b48c9ead931f558810d71c0b298125cece4ad070ca233116f051105aa5d87ca2300bbd3546c6b20ce523d42a0c6792b
-
SSDEEP
12288:n3C9ytvngQj4DtvnV9wLn9UTfC8eieJNBNIsYPB:SgdnJUdnV9h
Malware Config
Signatures
-
Detect Blackmoon payload 25 IoCs
resource yara_rule behavioral1/memory/1936-4-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2836-15-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2632-29-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2564-35-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2632-30-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/3008-54-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2608-59-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2608-67-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2944-81-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/112-91-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2832-125-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/952-142-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1032-151-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2744-169-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2412-160-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1516-178-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2312-187-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2296-196-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2868-205-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/3016-214-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/3060-232-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2368-242-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1476-250-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2168-268-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1748-304-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 29 IoCs
resource yara_rule behavioral1/memory/1936-4-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2836-15-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2632-29-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2564-35-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/3008-46-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/3008-44-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/3008-54-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2608-59-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2608-57-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2608-56-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2608-67-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2420-70-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2944-81-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/112-91-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2832-125-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/952-142-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1032-151-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2744-169-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2412-160-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1516-178-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2312-187-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2296-196-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2868-205-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/3016-214-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/3060-232-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2368-242-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1476-250-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2168-268-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1748-304-0x0000000000400000-0x0000000000429000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 2836 flfnp.exe 2632 tdddtv.exe 2564 tbvjj.exe 3008 nbjbtn.exe 2608 bdjdnn.exe 2420 hhdbhd.exe 2944 xhddb.exe 112 pxntntb.exe 2348 rdptrl.exe 2800 hpvjj.exe 2832 bfddbj.exe 1848 tpprxhr.exe 952 jxxfbh.exe 1032 hjnvnff.exe 2412 ptfbdx.exe 2744 dfpbrbl.exe 1516 xvbnx.exe 2312 xvdjdf.exe 2296 pdlhdx.exe 2868 ltxttr.exe 3016 xlpxf.exe 2248 tnthx.exe 3060 hblhjv.exe 2368 fplxd.exe 1476 xpbrt.exe 1836 njvpx.exe 2168 pljbvxb.exe 916 bfddv.exe 1824 jjdvvbh.exe 1316 pnxppx.exe 1748 rflvblj.exe 1632 ldrlrp.exe 2952 fthhlrh.exe 2912 jftnnt.exe 2692 jjlnvp.exe 1788 bndhb.exe 2552 plvrrd.exe 2564 xlbvr.exe 2448 njvdbpf.exe 3008 rbfjnn.exe 2468 xvnxnx.exe 2488 lxppn.exe 2496 vdtjfxd.exe 2936 fhrfx.exe 532 tvfjft.exe 240 fpfvlr.exe 2816 lhjdhbf.exe 2940 lthbf.exe 2828 bhxdtvr.exe 2012 bfpdf.exe 812 tbrhdrh.exe 952 lhvlvp.exe 276 pxvfblh.exe 2512 nxlptd.exe 2700 nfjhdv.exe 1036 fjjjnp.exe 1660 ddhprhj.exe 468 txrtjn.exe 2860 htnnljh.exe 3032 ptbtblh.exe 2076 jnbxxph.exe 652 vtnfr.exe 400 btjbbd.exe 1852 rdpxp.exe -
resource yara_rule behavioral1/memory/1936-4-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2836-15-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2632-29-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2564-35-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/3008-46-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/3008-44-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/3008-54-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2608-59-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2608-57-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2608-56-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2608-67-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2420-70-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2944-81-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/112-91-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2832-125-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/952-142-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1032-151-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2744-169-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2412-160-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1516-178-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2312-187-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2296-196-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2868-205-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/3016-214-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/3060-232-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2368-242-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1476-250-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2168-268-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1748-304-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1936 wrote to memory of 2836 1936 95dacae897d29f9c07eece8cb6404ee483eb171c80602ed017a56c1298510cc1.exe 28 PID 1936 wrote to memory of 2836 1936 95dacae897d29f9c07eece8cb6404ee483eb171c80602ed017a56c1298510cc1.exe 28 PID 1936 wrote to memory of 2836 1936 95dacae897d29f9c07eece8cb6404ee483eb171c80602ed017a56c1298510cc1.exe 28 PID 1936 wrote to memory of 2836 1936 95dacae897d29f9c07eece8cb6404ee483eb171c80602ed017a56c1298510cc1.exe 28 PID 2836 wrote to memory of 2632 2836 flfnp.exe 29 PID 2836 wrote to memory of 2632 2836 flfnp.exe 29 PID 2836 wrote to memory of 2632 2836 flfnp.exe 29 PID 2836 wrote to memory of 2632 2836 flfnp.exe 29 PID 2632 wrote to memory of 2564 2632 tdddtv.exe 30 PID 2632 wrote to memory of 2564 2632 tdddtv.exe 30 PID 2632 wrote to memory of 2564 2632 tdddtv.exe 30 PID 2632 wrote to memory of 2564 2632 tdddtv.exe 30 PID 2564 wrote to memory of 3008 2564 tbvjj.exe 31 PID 2564 wrote to memory of 3008 2564 tbvjj.exe 31 PID 2564 wrote to memory of 3008 2564 tbvjj.exe 31 PID 2564 wrote to memory of 3008 2564 tbvjj.exe 31 PID 3008 wrote to memory of 2608 3008 nbjbtn.exe 32 PID 3008 wrote to memory of 2608 3008 nbjbtn.exe 32 PID 3008 wrote to memory of 2608 3008 nbjbtn.exe 32 PID 3008 wrote to memory of 2608 3008 nbjbtn.exe 32 PID 2608 wrote to memory of 2420 2608 bdjdnn.exe 33 PID 2608 wrote to memory of 2420 2608 bdjdnn.exe 33 PID 2608 wrote to memory of 2420 2608 bdjdnn.exe 33 PID 2608 wrote to memory of 2420 2608 bdjdnn.exe 33 PID 2420 wrote to memory of 2944 2420 hhdbhd.exe 34 PID 2420 wrote to memory of 2944 2420 hhdbhd.exe 34 PID 2420 wrote to memory of 2944 2420 hhdbhd.exe 34 PID 2420 wrote to memory of 2944 2420 hhdbhd.exe 34 PID 2944 wrote to memory of 112 2944 xhddb.exe 35 PID 2944 wrote to memory of 112 2944 xhddb.exe 35 PID 2944 wrote to memory of 112 2944 xhddb.exe 35 PID 2944 wrote to memory of 112 2944 xhddb.exe 35 PID 112 wrote to memory of 2348 112 pxntntb.exe 36 PID 112 wrote to memory of 2348 112 pxntntb.exe 36 PID 112 wrote to memory of 2348 112 pxntntb.exe 36 PID 112 wrote to memory of 2348 112 pxntntb.exe 36 PID 2348 wrote to memory of 2800 2348 rdptrl.exe 37 PID 2348 wrote to memory of 2800 2348 rdptrl.exe 37 PID 2348 wrote to memory of 2800 2348 rdptrl.exe 37 PID 2348 wrote to memory of 2800 2348 rdptrl.exe 37 PID 2800 wrote to memory of 2832 2800 hpvjj.exe 38 PID 2800 wrote to memory of 2832 2800 hpvjj.exe 38 PID 2800 wrote to memory of 2832 2800 hpvjj.exe 38 PID 2800 wrote to memory of 2832 2800 hpvjj.exe 38 PID 2832 wrote to memory of 1848 2832 bfddbj.exe 39 PID 2832 wrote to memory of 1848 2832 bfddbj.exe 39 PID 2832 wrote to memory of 1848 2832 bfddbj.exe 39 PID 2832 wrote to memory of 1848 2832 bfddbj.exe 39 PID 1848 wrote to memory of 952 1848 tpprxhr.exe 40 PID 1848 wrote to memory of 952 1848 tpprxhr.exe 40 PID 1848 wrote to memory of 952 1848 tpprxhr.exe 40 PID 1848 wrote to memory of 952 1848 tpprxhr.exe 40 PID 952 wrote to memory of 1032 952 jxxfbh.exe 41 PID 952 wrote to memory of 1032 952 jxxfbh.exe 41 PID 952 wrote to memory of 1032 952 jxxfbh.exe 41 PID 952 wrote to memory of 1032 952 jxxfbh.exe 41 PID 1032 wrote to memory of 2412 1032 hjnvnff.exe 42 PID 1032 wrote to memory of 2412 1032 hjnvnff.exe 42 PID 1032 wrote to memory of 2412 1032 hjnvnff.exe 42 PID 1032 wrote to memory of 2412 1032 hjnvnff.exe 42 PID 2412 wrote to memory of 2744 2412 ptfbdx.exe 43 PID 2412 wrote to memory of 2744 2412 ptfbdx.exe 43 PID 2412 wrote to memory of 2744 2412 ptfbdx.exe 43 PID 2412 wrote to memory of 2744 2412 ptfbdx.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\95dacae897d29f9c07eece8cb6404ee483eb171c80602ed017a56c1298510cc1.exe"C:\Users\Admin\AppData\Local\Temp\95dacae897d29f9c07eece8cb6404ee483eb171c80602ed017a56c1298510cc1.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1936 -
\??\c:\flfnp.exec:\flfnp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2836 -
\??\c:\tdddtv.exec:\tdddtv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2632 -
\??\c:\tbvjj.exec:\tbvjj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2564 -
\??\c:\nbjbtn.exec:\nbjbtn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3008 -
\??\c:\bdjdnn.exec:\bdjdnn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2608 -
\??\c:\hhdbhd.exec:\hhdbhd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2420 -
\??\c:\xhddb.exec:\xhddb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2944 -
\??\c:\pxntntb.exec:\pxntntb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:112 -
\??\c:\rdptrl.exec:\rdptrl.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2348 -
\??\c:\hpvjj.exec:\hpvjj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2800 -
\??\c:\bfddbj.exec:\bfddbj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2832 -
\??\c:\tpprxhr.exec:\tpprxhr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1848 -
\??\c:\jxxfbh.exec:\jxxfbh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:952 -
\??\c:\hjnvnff.exec:\hjnvnff.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1032 -
\??\c:\ptfbdx.exec:\ptfbdx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2412 -
\??\c:\dfpbrbl.exec:\dfpbrbl.exe17⤵
- Executes dropped EXE
PID:2744 -
\??\c:\xvbnx.exec:\xvbnx.exe18⤵
- Executes dropped EXE
PID:1516 -
\??\c:\xvdjdf.exec:\xvdjdf.exe19⤵
- Executes dropped EXE
PID:2312 -
\??\c:\pdlhdx.exec:\pdlhdx.exe20⤵
- Executes dropped EXE
PID:2296 -
\??\c:\ltxttr.exec:\ltxttr.exe21⤵
- Executes dropped EXE
PID:2868 -
\??\c:\xlpxf.exec:\xlpxf.exe22⤵
- Executes dropped EXE
PID:3016 -
\??\c:\tnthx.exec:\tnthx.exe23⤵
- Executes dropped EXE
PID:2248 -
\??\c:\hblhjv.exec:\hblhjv.exe24⤵
- Executes dropped EXE
PID:3060 -
\??\c:\fplxd.exec:\fplxd.exe25⤵
- Executes dropped EXE
PID:2368 -
\??\c:\xpbrt.exec:\xpbrt.exe26⤵
- Executes dropped EXE
PID:1476 -
\??\c:\njvpx.exec:\njvpx.exe27⤵
- Executes dropped EXE
PID:1836 -
\??\c:\pljbvxb.exec:\pljbvxb.exe28⤵
- Executes dropped EXE
PID:2168 -
\??\c:\bfddv.exec:\bfddv.exe29⤵
- Executes dropped EXE
PID:916 -
\??\c:\jjdvvbh.exec:\jjdvvbh.exe30⤵
- Executes dropped EXE
PID:1824 -
\??\c:\pnxppx.exec:\pnxppx.exe31⤵
- Executes dropped EXE
PID:1316 -
\??\c:\rflvblj.exec:\rflvblj.exe32⤵
- Executes dropped EXE
PID:1748 -
\??\c:\ldrlrp.exec:\ldrlrp.exe33⤵
- Executes dropped EXE
PID:1632 -
\??\c:\fthhlrh.exec:\fthhlrh.exe34⤵
- Executes dropped EXE
PID:2952 -
\??\c:\jftnnt.exec:\jftnnt.exe35⤵
- Executes dropped EXE
PID:2912 -
\??\c:\dlhbn.exec:\dlhbn.exe36⤵PID:2568
-
\??\c:\jjlnvp.exec:\jjlnvp.exe37⤵
- Executes dropped EXE
PID:2692 -
\??\c:\bndhb.exec:\bndhb.exe38⤵
- Executes dropped EXE
PID:1788 -
\??\c:\plvrrd.exec:\plvrrd.exe39⤵
- Executes dropped EXE
PID:2552 -
\??\c:\xlbvr.exec:\xlbvr.exe40⤵
- Executes dropped EXE
PID:2564 -
\??\c:\njvdbpf.exec:\njvdbpf.exe41⤵
- Executes dropped EXE
PID:2448 -
\??\c:\rbfjnn.exec:\rbfjnn.exe42⤵
- Executes dropped EXE
PID:3008 -
\??\c:\xvnxnx.exec:\xvnxnx.exe43⤵
- Executes dropped EXE
PID:2468 -
\??\c:\lxppn.exec:\lxppn.exe44⤵
- Executes dropped EXE
PID:2488 -
\??\c:\vdtjfxd.exec:\vdtjfxd.exe45⤵
- Executes dropped EXE
PID:2496 -
\??\c:\fhrfx.exec:\fhrfx.exe46⤵
- Executes dropped EXE
PID:2936 -
\??\c:\tvfjft.exec:\tvfjft.exe47⤵
- Executes dropped EXE
PID:532 -
\??\c:\fpfvlr.exec:\fpfvlr.exe48⤵
- Executes dropped EXE
PID:240 -
\??\c:\lhjdhbf.exec:\lhjdhbf.exe49⤵
- Executes dropped EXE
PID:2816 -
\??\c:\lthbf.exec:\lthbf.exe50⤵
- Executes dropped EXE
PID:2940 -
\??\c:\bhxdtvr.exec:\bhxdtvr.exe51⤵
- Executes dropped EXE
PID:2828 -
\??\c:\bfpdf.exec:\bfpdf.exe52⤵
- Executes dropped EXE
PID:2012 -
\??\c:\tbrhdrh.exec:\tbrhdrh.exe53⤵
- Executes dropped EXE
PID:812 -
\??\c:\lhvlvp.exec:\lhvlvp.exe54⤵
- Executes dropped EXE
PID:952 -
\??\c:\pxvfblh.exec:\pxvfblh.exe55⤵
- Executes dropped EXE
PID:276 -
\??\c:\nxlptd.exec:\nxlptd.exe56⤵
- Executes dropped EXE
PID:2512 -
\??\c:\nfjhdv.exec:\nfjhdv.exe57⤵
- Executes dropped EXE
PID:2700 -
\??\c:\fjjjnp.exec:\fjjjnp.exe58⤵
- Executes dropped EXE
PID:1036 -
\??\c:\ddhprhj.exec:\ddhprhj.exe59⤵
- Executes dropped EXE
PID:1660 -
\??\c:\txrtjn.exec:\txrtjn.exe60⤵
- Executes dropped EXE
PID:468 -
\??\c:\htnnljh.exec:\htnnljh.exe61⤵
- Executes dropped EXE
PID:2860 -
\??\c:\ptbtblh.exec:\ptbtblh.exe62⤵
- Executes dropped EXE
PID:3032 -
\??\c:\jnbxxph.exec:\jnbxxph.exe63⤵
- Executes dropped EXE
PID:2076 -
\??\c:\vtnfr.exec:\vtnfr.exe64⤵
- Executes dropped EXE
PID:652 -
\??\c:\btjbbd.exec:\btjbbd.exe65⤵
- Executes dropped EXE
PID:400 -
\??\c:\rdpxp.exec:\rdpxp.exe66⤵
- Executes dropped EXE
PID:1852 -
\??\c:\jrjflh.exec:\jrjflh.exe67⤵PID:980
-
\??\c:\vdxbxx.exec:\vdxbxx.exe68⤵PID:856
-
\??\c:\xntdn.exec:\xntdn.exe69⤵PID:1140
-
\??\c:\vdhbrbx.exec:\vdhbrbx.exe70⤵PID:1820
-
\??\c:\jjpfvpl.exec:\jjpfvpl.exe71⤵PID:2168
-
\??\c:\brdxl.exec:\brdxl.exe72⤵PID:1204
-
\??\c:\pbrvrdb.exec:\pbrvrdb.exe73⤵PID:2140
-
\??\c:\xntfl.exec:\xntfl.exe74⤵PID:616
-
\??\c:\jfbltjr.exec:\jfbltjr.exe75⤵PID:1724
-
\??\c:\tpxhp.exec:\tpxhp.exe76⤵PID:2216
-
\??\c:\tlhffr.exec:\tlhffr.exe77⤵PID:1752
-
\??\c:\fxxbjvj.exec:\fxxbjvj.exe78⤵PID:2756
-
\??\c:\ddbppl.exec:\ddbppl.exe79⤵PID:2640
-
\??\c:\pfflrn.exec:\pfflrn.exe80⤵PID:2904
-
\??\c:\xjbpdd.exec:\xjbpdd.exe81⤵PID:1512
-
\??\c:\nhlbd.exec:\nhlbd.exe82⤵PID:2548
-
\??\c:\xhfndhl.exec:\xhfndhl.exe83⤵PID:2864
-
\??\c:\hdtfxrp.exec:\hdtfxrp.exe84⤵PID:2680
-
\??\c:\vpnxvpl.exec:\vpnxvpl.exe85⤵PID:2596
-
\??\c:\dbthv.exec:\dbthv.exe86⤵PID:2448
-
\??\c:\jrfhp.exec:\jrfhp.exe87⤵PID:3008
-
\??\c:\hxvnxpl.exec:\hxvnxpl.exe88⤵PID:2472
-
\??\c:\pvlhlvj.exec:\pvlhlvj.exe89⤵PID:2932
-
\??\c:\ntfvrnb.exec:\ntfvrnb.exe90⤵PID:436
-
\??\c:\xjxdh.exec:\xjxdh.exe91⤵PID:1960
-
\??\c:\dpfpp.exec:\dpfpp.exe92⤵PID:2780
-
\??\c:\vddtp.exec:\vddtp.exe93⤵PID:2824
-
\??\c:\tlrfvht.exec:\tlrfvht.exe94⤵PID:2816
-
\??\c:\frnhdx.exec:\frnhdx.exe95⤵PID:2252
-
\??\c:\nrpljfj.exec:\nrpljfj.exe96⤵PID:956
-
\??\c:\drfhl.exec:\drfhl.exe97⤵PID:1536
-
\??\c:\jrdplpd.exec:\jrdplpd.exe98⤵PID:1640
-
\??\c:\pxfjbhf.exec:\pxfjbhf.exe99⤵PID:804
-
\??\c:\lhxhb.exec:\lhxhb.exe100⤵PID:2716
-
\??\c:\bntjplp.exec:\bntjplp.exe101⤵PID:2744
-
\??\c:\flnlfnl.exec:\flnlfnl.exe102⤵PID:1620
-
\??\c:\ndbhvv.exec:\ndbhvv.exe103⤵PID:2392
-
\??\c:\vjnrht.exec:\vjnrht.exe104⤵PID:596
-
\??\c:\xlnflrb.exec:\xlnflrb.exe105⤵PID:2316
-
\??\c:\pjndjfp.exec:\pjndjfp.exe106⤵PID:780
-
\??\c:\hrtnnh.exec:\hrtnnh.exe107⤵PID:2040
-
\??\c:\fvtpld.exec:\fvtpld.exe108⤵PID:2044
-
\??\c:\lpndf.exec:\lpndf.exe109⤵PID:1148
-
\??\c:\dhhtl.exec:\dhhtl.exe110⤵PID:2052
-
\??\c:\prlfp.exec:\prlfp.exe111⤵PID:2368
-
\??\c:\trxhh.exec:\trxhh.exe112⤵PID:2036
-
\??\c:\xjjlhr.exec:\xjjlhr.exe113⤵PID:1060
-
\??\c:\vbrxf.exec:\vbrxf.exe114⤵PID:1972
-
\??\c:\dvpntb.exec:\dvpntb.exe115⤵PID:2156
-
\??\c:\jnnvrt.exec:\jnnvrt.exe116⤵PID:2168
-
\??\c:\jdbxt.exec:\jdbxt.exe117⤵PID:2892
-
\??\c:\lvptb.exec:\lvptb.exe118⤵PID:1932
-
\??\c:\jrrjt.exec:\jrrjt.exe119⤵PID:2340
-
\??\c:\dnjhfnv.exec:\dnjhfnv.exe120⤵PID:900
-
\??\c:\vrhrjxv.exec:\vrhrjxv.exe121⤵PID:2356
-
\??\c:\lffhph.exec:\lffhph.exe122⤵PID:1752
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-