Analysis
-
max time kernel
150s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 01:40
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
a89d8e2a1996e5ba30d25815e86716fd5d71970975946d84fa0e4fb565c9df02.exe
Resource
win7-20240221-en
6 signatures
150 seconds
General
-
Target
a89d8e2a1996e5ba30d25815e86716fd5d71970975946d84fa0e4fb565c9df02.exe
-
Size
65KB
-
MD5
8214cb432b0f8f87043cf183b9cc1907
-
SHA1
30bc370261e92e21d4bbee094f7abc925263243b
-
SHA256
a89d8e2a1996e5ba30d25815e86716fd5d71970975946d84fa0e4fb565c9df02
-
SHA512
716d6ceb074fb80792febf33d674574e7e325ef105d55e8fdd3c60f2e88dfd1a37454819f01f7fe773a5703e872583b552c10b0f4449f82d3f3ba1f892967132
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIb0z6Mu/ePS3AyXmPh:ymb3NkkiQ3mdBjFI46TQyXmPh
Malware Config
Signatures
-
Detect Blackmoon payload 25 IoCs
resource yara_rule behavioral1/memory/1808-3-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2904-16-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2904-22-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2984-35-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2572-38-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2488-48-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2488-50-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2644-60-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2364-82-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2400-81-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2160-106-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2540-123-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1896-132-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2284-141-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/940-150-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1948-159-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2152-168-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1388-177-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1332-187-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2720-204-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/896-222-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1960-241-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/332-249-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2252-268-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/908-276-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 31 IoCs
resource yara_rule behavioral1/memory/1808-3-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2904-16-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2904-13-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2904-22-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2984-24-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2984-25-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2984-26-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2984-35-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2572-38-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2488-48-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2488-50-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2644-60-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2400-69-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2400-68-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2364-82-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2400-81-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2160-106-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2540-123-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1896-132-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2284-141-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/940-150-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1948-159-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2152-168-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1388-177-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1332-187-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2720-204-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/896-222-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1960-241-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/332-249-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2252-268-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/908-276-0x0000000000400000-0x0000000000429000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 2904 rxbld.exe 2984 npjjhtl.exe 2572 lbpvhr.exe 2488 rptvln.exe 2644 xfdbnrl.exe 2400 bjdvjh.exe 2364 jtrxf.exe 2784 hjllx.exe 2160 vxvtld.exe 956 nfvpftl.exe 2540 jbfvpt.exe 1896 hfhxb.exe 2284 ltntft.exe 940 jbpptbf.exe 1948 ddvxtrj.exe 2152 bffhbff.exe 1388 prvbp.exe 1332 bppttf.exe 2012 tnxbtvf.exe 2720 tlfrhpb.exe 2172 pjvtrvr.exe 896 prdljlf.exe 2948 pbfpvbp.exe 1960 ffrvd.exe 332 ndtrhf.exe 700 fxnvjpr.exe 2252 rtvtrlr.exe 908 vtpxjdj.exe 1744 xxtbd.exe 2188 dtphrh.exe 2280 xpfxt.exe 2744 xjfnt.exe 2884 phhptl.exe 1724 rfhpbbj.exe 2100 vnxpdjl.exe 2848 vhfxjv.exe 2556 brrfjf.exe 2516 fdjlttl.exe 2624 jtthht.exe 2488 fpnpxtl.exe 2660 frddb.exe 2408 rtbhrfd.exe 2380 xxvllx.exe 2356 dpnrnh.exe 2788 jxndn.exe 1200 jhvpp.exe 572 ddrbx.exe 2656 ndbrn.exe 2760 fldbth.exe 2900 fnnnbb.exe 2336 nxllfjf.exe 2284 fptntnb.exe 1476 htddp.exe 1616 bbfjxj.exe 2332 tpjjdn.exe 876 drlnnlv.exe 2456 xhdpxp.exe 1368 bnrlxfj.exe 2012 bvjxv.exe 2156 vlvbjvj.exe 2728 hbllbx.exe 1060 rvlxl.exe 2928 ftntnf.exe 1456 dvjnbl.exe -
resource yara_rule behavioral1/memory/1808-3-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2904-16-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2904-22-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2984-24-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2984-25-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2984-26-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2984-35-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2572-38-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2488-48-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2488-50-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2644-60-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2400-69-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2400-68-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2364-82-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2400-81-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2160-106-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2540-123-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1896-132-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2284-141-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/940-150-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1948-159-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2152-168-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1388-177-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1332-187-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2720-204-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/896-222-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1960-241-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/332-249-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2252-268-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/908-276-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1808 wrote to memory of 2904 1808 a89d8e2a1996e5ba30d25815e86716fd5d71970975946d84fa0e4fb565c9df02.exe 28 PID 1808 wrote to memory of 2904 1808 a89d8e2a1996e5ba30d25815e86716fd5d71970975946d84fa0e4fb565c9df02.exe 28 PID 1808 wrote to memory of 2904 1808 a89d8e2a1996e5ba30d25815e86716fd5d71970975946d84fa0e4fb565c9df02.exe 28 PID 1808 wrote to memory of 2904 1808 a89d8e2a1996e5ba30d25815e86716fd5d71970975946d84fa0e4fb565c9df02.exe 28 PID 2904 wrote to memory of 2984 2904 rxbld.exe 29 PID 2904 wrote to memory of 2984 2904 rxbld.exe 29 PID 2904 wrote to memory of 2984 2904 rxbld.exe 29 PID 2904 wrote to memory of 2984 2904 rxbld.exe 29 PID 2984 wrote to memory of 2572 2984 npjjhtl.exe 30 PID 2984 wrote to memory of 2572 2984 npjjhtl.exe 30 PID 2984 wrote to memory of 2572 2984 npjjhtl.exe 30 PID 2984 wrote to memory of 2572 2984 npjjhtl.exe 30 PID 2572 wrote to memory of 2488 2572 lbpvhr.exe 31 PID 2572 wrote to memory of 2488 2572 lbpvhr.exe 31 PID 2572 wrote to memory of 2488 2572 lbpvhr.exe 31 PID 2572 wrote to memory of 2488 2572 lbpvhr.exe 31 PID 2488 wrote to memory of 2644 2488 rptvln.exe 32 PID 2488 wrote to memory of 2644 2488 rptvln.exe 32 PID 2488 wrote to memory of 2644 2488 rptvln.exe 32 PID 2488 wrote to memory of 2644 2488 rptvln.exe 32 PID 2644 wrote to memory of 2400 2644 xfdbnrl.exe 33 PID 2644 wrote to memory of 2400 2644 xfdbnrl.exe 33 PID 2644 wrote to memory of 2400 2644 xfdbnrl.exe 33 PID 2644 wrote to memory of 2400 2644 xfdbnrl.exe 33 PID 2400 wrote to memory of 2364 2400 bjdvjh.exe 34 PID 2400 wrote to memory of 2364 2400 bjdvjh.exe 34 PID 2400 wrote to memory of 2364 2400 bjdvjh.exe 34 PID 2400 wrote to memory of 2364 2400 bjdvjh.exe 34 PID 2364 wrote to memory of 2784 2364 jtrxf.exe 35 PID 2364 wrote to memory of 2784 2364 jtrxf.exe 35 PID 2364 wrote to memory of 2784 2364 jtrxf.exe 35 PID 2364 wrote to memory of 2784 2364 jtrxf.exe 35 PID 2784 wrote to memory of 2160 2784 hjllx.exe 36 PID 2784 wrote to memory of 2160 2784 hjllx.exe 36 PID 2784 wrote to memory of 2160 2784 hjllx.exe 36 PID 2784 wrote to memory of 2160 2784 hjllx.exe 36 PID 2160 wrote to memory of 956 2160 vxvtld.exe 37 PID 2160 wrote to memory of 956 2160 vxvtld.exe 37 PID 2160 wrote to memory of 956 2160 vxvtld.exe 37 PID 2160 wrote to memory of 956 2160 vxvtld.exe 37 PID 956 wrote to memory of 2540 956 nfvpftl.exe 38 PID 956 wrote to memory of 2540 956 nfvpftl.exe 38 PID 956 wrote to memory of 2540 956 nfvpftl.exe 38 PID 956 wrote to memory of 2540 956 nfvpftl.exe 38 PID 2540 wrote to memory of 1896 2540 jbfvpt.exe 39 PID 2540 wrote to memory of 1896 2540 jbfvpt.exe 39 PID 2540 wrote to memory of 1896 2540 jbfvpt.exe 39 PID 2540 wrote to memory of 1896 2540 jbfvpt.exe 39 PID 1896 wrote to memory of 2284 1896 hfhxb.exe 40 PID 1896 wrote to memory of 2284 1896 hfhxb.exe 40 PID 1896 wrote to memory of 2284 1896 hfhxb.exe 40 PID 1896 wrote to memory of 2284 1896 hfhxb.exe 40 PID 2284 wrote to memory of 940 2284 ltntft.exe 41 PID 2284 wrote to memory of 940 2284 ltntft.exe 41 PID 2284 wrote to memory of 940 2284 ltntft.exe 41 PID 2284 wrote to memory of 940 2284 ltntft.exe 41 PID 940 wrote to memory of 1948 940 jbpptbf.exe 42 PID 940 wrote to memory of 1948 940 jbpptbf.exe 42 PID 940 wrote to memory of 1948 940 jbpptbf.exe 42 PID 940 wrote to memory of 1948 940 jbpptbf.exe 42 PID 1948 wrote to memory of 2152 1948 ddvxtrj.exe 43 PID 1948 wrote to memory of 2152 1948 ddvxtrj.exe 43 PID 1948 wrote to memory of 2152 1948 ddvxtrj.exe 43 PID 1948 wrote to memory of 2152 1948 ddvxtrj.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\a89d8e2a1996e5ba30d25815e86716fd5d71970975946d84fa0e4fb565c9df02.exe"C:\Users\Admin\AppData\Local\Temp\a89d8e2a1996e5ba30d25815e86716fd5d71970975946d84fa0e4fb565c9df02.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1808 -
\??\c:\rxbld.exec:\rxbld.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2904 -
\??\c:\npjjhtl.exec:\npjjhtl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2984 -
\??\c:\lbpvhr.exec:\lbpvhr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2572 -
\??\c:\rptvln.exec:\rptvln.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2488 -
\??\c:\xfdbnrl.exec:\xfdbnrl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2644 -
\??\c:\bjdvjh.exec:\bjdvjh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2400 -
\??\c:\jtrxf.exec:\jtrxf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2364 -
\??\c:\hjllx.exec:\hjllx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2784 -
\??\c:\vxvtld.exec:\vxvtld.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2160 -
\??\c:\nfvpftl.exec:\nfvpftl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:956 -
\??\c:\jbfvpt.exec:\jbfvpt.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2540 -
\??\c:\hfhxb.exec:\hfhxb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1896 -
\??\c:\ltntft.exec:\ltntft.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2284 -
\??\c:\jbpptbf.exec:\jbpptbf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:940 -
\??\c:\ddvxtrj.exec:\ddvxtrj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1948 -
\??\c:\bffhbff.exec:\bffhbff.exe17⤵
- Executes dropped EXE
PID:2152 -
\??\c:\prvbp.exec:\prvbp.exe18⤵
- Executes dropped EXE
PID:1388 -
\??\c:\bppttf.exec:\bppttf.exe19⤵
- Executes dropped EXE
PID:1332 -
\??\c:\tnxbtvf.exec:\tnxbtvf.exe20⤵
- Executes dropped EXE
PID:2012 -
\??\c:\tlfrhpb.exec:\tlfrhpb.exe21⤵
- Executes dropped EXE
PID:2720 -
\??\c:\pjvtrvr.exec:\pjvtrvr.exe22⤵
- Executes dropped EXE
PID:2172 -
\??\c:\prdljlf.exec:\prdljlf.exe23⤵
- Executes dropped EXE
PID:896 -
\??\c:\pbfpvbp.exec:\pbfpvbp.exe24⤵
- Executes dropped EXE
PID:2948 -
\??\c:\ffrvd.exec:\ffrvd.exe25⤵
- Executes dropped EXE
PID:1960 -
\??\c:\ndtrhf.exec:\ndtrhf.exe26⤵
- Executes dropped EXE
PID:332 -
\??\c:\fxnvjpr.exec:\fxnvjpr.exe27⤵
- Executes dropped EXE
PID:700 -
\??\c:\rtvtrlr.exec:\rtvtrlr.exe28⤵
- Executes dropped EXE
PID:2252 -
\??\c:\vtpxjdj.exec:\vtpxjdj.exe29⤵
- Executes dropped EXE
PID:908 -
\??\c:\xxtbd.exec:\xxtbd.exe30⤵
- Executes dropped EXE
PID:1744 -
\??\c:\dtphrh.exec:\dtphrh.exe31⤵
- Executes dropped EXE
PID:2188 -
\??\c:\xpfxt.exec:\xpfxt.exe32⤵
- Executes dropped EXE
PID:2280 -
\??\c:\xjfnt.exec:\xjfnt.exe33⤵
- Executes dropped EXE
PID:2744 -
\??\c:\phhptl.exec:\phhptl.exe34⤵
- Executes dropped EXE
PID:2884 -
\??\c:\rfhpbbj.exec:\rfhpbbj.exe35⤵
- Executes dropped EXE
PID:1724 -
\??\c:\vnxpdjl.exec:\vnxpdjl.exe36⤵
- Executes dropped EXE
PID:2100 -
\??\c:\vhfxjv.exec:\vhfxjv.exe37⤵
- Executes dropped EXE
PID:2848 -
\??\c:\brrfjf.exec:\brrfjf.exe38⤵
- Executes dropped EXE
PID:2556 -
\??\c:\fdjlttl.exec:\fdjlttl.exe39⤵
- Executes dropped EXE
PID:2516 -
\??\c:\jtthht.exec:\jtthht.exe40⤵
- Executes dropped EXE
PID:2624 -
\??\c:\fpnpxtl.exec:\fpnpxtl.exe41⤵
- Executes dropped EXE
PID:2488 -
\??\c:\frddb.exec:\frddb.exe42⤵
- Executes dropped EXE
PID:2660 -
\??\c:\rtbhrfd.exec:\rtbhrfd.exe43⤵
- Executes dropped EXE
PID:2408 -
\??\c:\xxvllx.exec:\xxvllx.exe44⤵
- Executes dropped EXE
PID:2380 -
\??\c:\dpnrnh.exec:\dpnrnh.exe45⤵
- Executes dropped EXE
PID:2356 -
\??\c:\jxndn.exec:\jxndn.exe46⤵
- Executes dropped EXE
PID:2788 -
\??\c:\jhvpp.exec:\jhvpp.exe47⤵
- Executes dropped EXE
PID:1200 -
\??\c:\ddrbx.exec:\ddrbx.exe48⤵
- Executes dropped EXE
PID:572 -
\??\c:\ndbrn.exec:\ndbrn.exe49⤵
- Executes dropped EXE
PID:2656 -
\??\c:\fldbth.exec:\fldbth.exe50⤵
- Executes dropped EXE
PID:2760 -
\??\c:\fnnnbb.exec:\fnnnbb.exe51⤵
- Executes dropped EXE
PID:2900 -
\??\c:\nxllfjf.exec:\nxllfjf.exe52⤵
- Executes dropped EXE
PID:2336 -
\??\c:\fptntnb.exec:\fptntnb.exe53⤵
- Executes dropped EXE
PID:2284 -
\??\c:\htddp.exec:\htddp.exe54⤵
- Executes dropped EXE
PID:1476 -
\??\c:\bbfjxj.exec:\bbfjxj.exe55⤵
- Executes dropped EXE
PID:1616 -
\??\c:\tpjjdn.exec:\tpjjdn.exe56⤵
- Executes dropped EXE
PID:2332 -
\??\c:\drlnnlv.exec:\drlnnlv.exe57⤵
- Executes dropped EXE
PID:876 -
\??\c:\xhdpxp.exec:\xhdpxp.exe58⤵
- Executes dropped EXE
PID:2456 -
\??\c:\bnrlxfj.exec:\bnrlxfj.exe59⤵
- Executes dropped EXE
PID:1368 -
\??\c:\bvjxv.exec:\bvjxv.exe60⤵
- Executes dropped EXE
PID:2012 -
\??\c:\vlvbjvj.exec:\vlvbjvj.exe61⤵
- Executes dropped EXE
PID:2156 -
\??\c:\hbllbx.exec:\hbllbx.exe62⤵
- Executes dropped EXE
PID:2728 -
\??\c:\rvlxl.exec:\rvlxl.exe63⤵
- Executes dropped EXE
PID:1060 -
\??\c:\ftntnf.exec:\ftntnf.exe64⤵
- Executes dropped EXE
PID:2928 -
\??\c:\dvjnbl.exec:\dvjnbl.exe65⤵
- Executes dropped EXE
PID:1456 -
\??\c:\jrhdxt.exec:\jrhdxt.exe66⤵PID:484
-
\??\c:\npdltdb.exec:\npdltdb.exe67⤵PID:976
-
\??\c:\ddtdxl.exec:\ddtdxl.exe68⤵PID:1528
-
\??\c:\dnlxff.exec:\dnlxff.exe69⤵PID:1160
-
\??\c:\rtpbfj.exec:\rtpbfj.exe70⤵PID:2252
-
\??\c:\xvbhlrh.exec:\xvbhlrh.exe71⤵PID:1552
-
\??\c:\vvjlr.exec:\vvjlr.exe72⤵PID:1688
-
\??\c:\jrhdjvd.exec:\jrhdjvd.exe73⤵PID:1436
-
\??\c:\lxbvf.exec:\lxbvf.exe74⤵PID:1760
-
\??\c:\tlpjrb.exec:\tlpjrb.exe75⤵PID:2920
-
\??\c:\rbbdtf.exec:\rbbdtf.exe76⤵PID:2744
-
\??\c:\nrvrjt.exec:\nrvrjt.exe77⤵PID:2884
-
\??\c:\bxpxdjh.exec:\bxpxdjh.exe78⤵PID:1724
-
\??\c:\lrdxt.exec:\lrdxt.exe79⤵PID:1884
-
\??\c:\dblxrd.exec:\dblxrd.exe80⤵PID:2848
-
\??\c:\xhrhj.exec:\xhrhj.exe81⤵PID:2556
-
\??\c:\fvlvdf.exec:\fvlvdf.exe82⤵PID:2516
-
\??\c:\ftrdbd.exec:\ftrdbd.exe83⤵PID:2624
-
\??\c:\xlhnl.exec:\xlhnl.exe84⤵PID:2488
-
\??\c:\xpxlrj.exec:\xpxlrj.exe85⤵PID:2660
-
\??\c:\rftrjjb.exec:\rftrjjb.exe86⤵PID:2400
-
\??\c:\htdrv.exec:\htdrv.exe87⤵PID:2364
-
\??\c:\ddfvbtb.exec:\ddfvbtb.exe88⤵PID:2844
-
\??\c:\rtdhf.exec:\rtdhf.exe89⤵PID:1016
-
\??\c:\fvxxxf.exec:\fvxxxf.exe90⤵PID:2312
-
\??\c:\bddrp.exec:\bddrp.exe91⤵PID:776
-
\??\c:\bhtvv.exec:\bhtvv.exe92⤵PID:2664
-
\??\c:\ljjjjf.exec:\ljjjjf.exe93⤵PID:2760
-
\??\c:\nflttb.exec:\nflttb.exe94⤵PID:1708
-
\??\c:\jtbrn.exec:\jtbrn.exe95⤵PID:1940
-
\??\c:\hvdllf.exec:\hvdllf.exe96⤵PID:1080
-
\??\c:\ntflxhn.exec:\ntflxhn.exe97⤵PID:2272
-
\??\c:\rrxxfvv.exec:\rrxxfvv.exe98⤵PID:2152
-
\??\c:\jjfrpd.exec:\jjfrpd.exe99⤵PID:1488
-
\??\c:\hfxrr.exec:\hfxrr.exe100⤵PID:2300
-
\??\c:\vvrdxf.exec:\vvrdxf.exe101⤵PID:936
-
\??\c:\lxnnfr.exec:\lxnnfr.exe102⤵PID:1208
-
\??\c:\dnxfnr.exec:\dnxfnr.exe103⤵PID:568
-
\??\c:\rdlfplb.exec:\rdlfplb.exe104⤵PID:2712
-
\??\c:\ddbjnlr.exec:\ddbjnlr.exe105⤵PID:2552
-
\??\c:\bntnv.exec:\bntnv.exe106⤵PID:2936
-
\??\c:\vxvhddl.exec:\vxvhddl.exe107⤵PID:1964
-
\??\c:\tphvhhb.exec:\tphvhhb.exe108⤵PID:2948
-
\??\c:\tbftbp.exec:\tbftbp.exe109⤵PID:1252
-
\??\c:\xrhtx.exec:\xrhtx.exe110⤵PID:1540
-
\??\c:\lflbd.exec:\lflbd.exe111⤵PID:1212
-
\??\c:\bdtlnh.exec:\bdtlnh.exe112⤵PID:288
-
\??\c:\lfrxhd.exec:\lfrxhd.exe113⤵PID:2024
-
\??\c:\tprlprl.exec:\tprlprl.exe114⤵PID:1484
-
\??\c:\tpvjh.exec:\tpvjh.exe115⤵PID:1744
-
\??\c:\dpdlrn.exec:\dpdlrn.exe116⤵PID:1692
-
\??\c:\flpnt.exec:\flpnt.exe117⤵PID:2872
-
\??\c:\ptbdpdt.exec:\ptbdpdt.exe118⤵PID:2772
-
\??\c:\ldxlrp.exec:\ldxlrp.exe119⤵PID:1592
-
\??\c:\tfvbxrh.exec:\tfvbxrh.exe120⤵PID:2828
-
\??\c:\hxhtx.exec:\hxhtx.exe121⤵PID:2908
-
\??\c:\nfvtxh.exec:\nfvtxh.exe122⤵PID:2564
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-