Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 01:00
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
9a48c999223e73edafd6389e1fb42329e2d91fa6b47fd3549c31630d2ebf0cb1.exe
Resource
win7-20240221-en
6 signatures
150 seconds
General
-
Target
9a48c999223e73edafd6389e1fb42329e2d91fa6b47fd3549c31630d2ebf0cb1.exe
-
Size
128KB
-
MD5
b75064762f929b94deb0b25930dc20bf
-
SHA1
be427a3a4616c116fe1c8f5452ef7509d167b1f7
-
SHA256
9a48c999223e73edafd6389e1fb42329e2d91fa6b47fd3549c31630d2ebf0cb1
-
SHA512
89efb04f0214392ed2bbd040758c20cb4b842f57d2bc57a9e155108cab2782aaf46c6aaf4e316954f57742a10be1f13303e263b07a0f59cb7a8da5bd914334cd
-
SSDEEP
3072:ymb3NkkiQ3mdBjFWXkj7afoHvmQ+EZMYX/x6gtN:n3C9BRW0j/uVEZFJvL
Malware Config
Signatures
-
Detect Blackmoon payload 28 IoCs
resource yara_rule behavioral2/memory/2000-13-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3712-18-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2356-24-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2000-15-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/948-39-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/948-38-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4424-93-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/732-111-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4548-117-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3324-129-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4648-141-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3396-147-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3596-154-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5116-159-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1636-165-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4116-197-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3936-208-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2776-189-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1592-183-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4264-178-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3288-135-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2192-105-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4884-99-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3032-88-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2868-78-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4524-55-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3416-32-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3664-4-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 33 IoCs
resource yara_rule behavioral2/memory/2000-13-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/3712-18-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/2356-24-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/948-39-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/948-38-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4424-93-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/732-111-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4548-117-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/3324-129-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4648-141-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/3396-147-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/3596-154-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/5116-159-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/1636-165-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4116-197-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/3936-208-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/2776-189-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/1592-183-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4264-178-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/3288-135-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/2192-105-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4884-99-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/3032-88-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/2868-78-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/2992-64-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/2992-63-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/2992-62-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/4524-55-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/2052-48-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/2052-47-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/2052-46-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/3416-32-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral2/memory/3664-4-0x0000000000400000-0x0000000000429000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 2000 9nnhbt.exe 3712 1ddvp.exe 2356 fxfrlxf.exe 3416 tbttbn.exe 948 vddpv.exe 2052 flxxxll.exe 4524 nbhnhb.exe 2992 ddjjd.exe 2088 lffxllr.exe 2868 nbnhnh.exe 3032 pvvjd.exe 4424 dppdd.exe 4884 1xxlfxr.exe 2192 1thhnn.exe 732 hnbtbb.exe 4548 pvpdd.exe 4464 rlfflfx.exe 3324 hhntnt.exe 3288 jdpdd.exe 4648 vdvjd.exe 3396 xxfxxll.exe 3596 3vdjd.exe 5116 jvvdv.exe 1636 ntbttt.exe 456 pvdpj.exe 4264 jdpdv.exe 1592 frxlfxr.exe 2776 hhhbbb.exe 4116 pjdvv.exe 2704 jvvdd.exe 3936 lrlxrlf.exe 4020 xxxrfxr.exe 4432 nnhtnh.exe 4572 1dvpj.exe 3696 xxfxllf.exe 3208 lfxfxxl.exe 396 7httbt.exe 4984 htbnbt.exe 3628 dpjdj.exe 244 flrrfff.exe 2604 xxrrrrx.exe 1652 hhbtnn.exe 4904 7vvdv.exe 5028 pdvvd.exe 1540 3xflrrr.exe 2588 vjpjv.exe 2608 ppjdp.exe 3896 xxfllrf.exe 2264 ffllrlx.exe 4424 tnnbbb.exe 4728 3pjdj.exe 4568 1djdp.exe 2224 lfxlffx.exe 1972 fxlxfxx.exe 5092 bthbtt.exe 716 9dvjd.exe 856 jdpjd.exe 1980 rrxrlrl.exe 4924 xrlfffr.exe 3468 7thtnh.exe 2892 httnbb.exe 2284 vpjvj.exe 3592 pjvdv.exe 1832 rlrfrrr.exe -
resource yara_rule behavioral2/memory/2000-13-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3712-18-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2356-24-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/948-39-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/948-38-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4424-93-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/732-111-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4548-117-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3324-129-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4648-141-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3396-147-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3596-154-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5116-159-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1636-165-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4116-197-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3936-208-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2776-189-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1592-183-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4264-178-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3288-135-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2192-105-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4884-99-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3032-88-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2868-78-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2992-64-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2992-63-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2992-62-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4524-55-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2052-48-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2052-47-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2052-46-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3416-32-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3664-4-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3664 wrote to memory of 2000 3664 9a48c999223e73edafd6389e1fb42329e2d91fa6b47fd3549c31630d2ebf0cb1.exe 82 PID 3664 wrote to memory of 2000 3664 9a48c999223e73edafd6389e1fb42329e2d91fa6b47fd3549c31630d2ebf0cb1.exe 82 PID 3664 wrote to memory of 2000 3664 9a48c999223e73edafd6389e1fb42329e2d91fa6b47fd3549c31630d2ebf0cb1.exe 82 PID 2000 wrote to memory of 3712 2000 9nnhbt.exe 83 PID 2000 wrote to memory of 3712 2000 9nnhbt.exe 83 PID 2000 wrote to memory of 3712 2000 9nnhbt.exe 83 PID 3712 wrote to memory of 2356 3712 1ddvp.exe 84 PID 3712 wrote to memory of 2356 3712 1ddvp.exe 84 PID 3712 wrote to memory of 2356 3712 1ddvp.exe 84 PID 2356 wrote to memory of 3416 2356 fxfrlxf.exe 85 PID 2356 wrote to memory of 3416 2356 fxfrlxf.exe 85 PID 2356 wrote to memory of 3416 2356 fxfrlxf.exe 85 PID 3416 wrote to memory of 948 3416 tbttbn.exe 86 PID 3416 wrote to memory of 948 3416 tbttbn.exe 86 PID 3416 wrote to memory of 948 3416 tbttbn.exe 86 PID 948 wrote to memory of 2052 948 vddpv.exe 87 PID 948 wrote to memory of 2052 948 vddpv.exe 87 PID 948 wrote to memory of 2052 948 vddpv.exe 87 PID 2052 wrote to memory of 4524 2052 flxxxll.exe 88 PID 2052 wrote to memory of 4524 2052 flxxxll.exe 88 PID 2052 wrote to memory of 4524 2052 flxxxll.exe 88 PID 4524 wrote to memory of 2992 4524 nbhnhb.exe 89 PID 4524 wrote to memory of 2992 4524 nbhnhb.exe 89 PID 4524 wrote to memory of 2992 4524 nbhnhb.exe 89 PID 2992 wrote to memory of 2088 2992 ddjjd.exe 90 PID 2992 wrote to memory of 2088 2992 ddjjd.exe 90 PID 2992 wrote to memory of 2088 2992 ddjjd.exe 90 PID 2088 wrote to memory of 2868 2088 lffxllr.exe 175 PID 2088 wrote to memory of 2868 2088 lffxllr.exe 175 PID 2088 wrote to memory of 2868 2088 lffxllr.exe 175 PID 2868 wrote to memory of 3032 2868 nbnhnh.exe 92 PID 2868 wrote to memory of 3032 2868 nbnhnh.exe 92 PID 2868 wrote to memory of 3032 2868 nbnhnh.exe 92 PID 3032 wrote to memory of 4424 3032 pvvjd.exe 93 PID 3032 wrote to memory of 4424 3032 pvvjd.exe 93 PID 3032 wrote to memory of 4424 3032 pvvjd.exe 93 PID 4424 wrote to memory of 4884 4424 dppdd.exe 94 PID 4424 wrote to memory of 4884 4424 dppdd.exe 94 PID 4424 wrote to memory of 4884 4424 dppdd.exe 94 PID 4884 wrote to memory of 2192 4884 1xxlfxr.exe 96 PID 4884 wrote to memory of 2192 4884 1xxlfxr.exe 96 PID 4884 wrote to memory of 2192 4884 1xxlfxr.exe 96 PID 2192 wrote to memory of 732 2192 1thhnn.exe 181 PID 2192 wrote to memory of 732 2192 1thhnn.exe 181 PID 2192 wrote to memory of 732 2192 1thhnn.exe 181 PID 732 wrote to memory of 4548 732 hnbtbb.exe 98 PID 732 wrote to memory of 4548 732 hnbtbb.exe 98 PID 732 wrote to memory of 4548 732 hnbtbb.exe 98 PID 4548 wrote to memory of 4464 4548 pvpdd.exe 99 PID 4548 wrote to memory of 4464 4548 pvpdd.exe 99 PID 4548 wrote to memory of 4464 4548 pvpdd.exe 99 PID 4464 wrote to memory of 3324 4464 rlfflfx.exe 101 PID 4464 wrote to memory of 3324 4464 rlfflfx.exe 101 PID 4464 wrote to memory of 3324 4464 rlfflfx.exe 101 PID 3324 wrote to memory of 3288 3324 hhntnt.exe 102 PID 3324 wrote to memory of 3288 3324 hhntnt.exe 102 PID 3324 wrote to memory of 3288 3324 hhntnt.exe 102 PID 3288 wrote to memory of 4648 3288 jdpdd.exe 103 PID 3288 wrote to memory of 4648 3288 jdpdd.exe 103 PID 3288 wrote to memory of 4648 3288 jdpdd.exe 103 PID 4648 wrote to memory of 3396 4648 vdvjd.exe 104 PID 4648 wrote to memory of 3396 4648 vdvjd.exe 104 PID 4648 wrote to memory of 3396 4648 vdvjd.exe 104 PID 3396 wrote to memory of 3596 3396 xxfxxll.exe 105
Processes
-
C:\Users\Admin\AppData\Local\Temp\9a48c999223e73edafd6389e1fb42329e2d91fa6b47fd3549c31630d2ebf0cb1.exe"C:\Users\Admin\AppData\Local\Temp\9a48c999223e73edafd6389e1fb42329e2d91fa6b47fd3549c31630d2ebf0cb1.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3664 -
\??\c:\9nnhbt.exec:\9nnhbt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2000 -
\??\c:\1ddvp.exec:\1ddvp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3712 -
\??\c:\fxfrlxf.exec:\fxfrlxf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2356 -
\??\c:\tbttbn.exec:\tbttbn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3416 -
\??\c:\vddpv.exec:\vddpv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:948 -
\??\c:\flxxxll.exec:\flxxxll.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2052 -
\??\c:\nbhnhb.exec:\nbhnhb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4524 -
\??\c:\ddjjd.exec:\ddjjd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2992 -
\??\c:\lffxllr.exec:\lffxllr.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2088 -
\??\c:\nbnhnh.exec:\nbnhnh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2868 -
\??\c:\pvvjd.exec:\pvvjd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3032 -
\??\c:\dppdd.exec:\dppdd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4424 -
\??\c:\1xxlfxr.exec:\1xxlfxr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4884 -
\??\c:\1thhnn.exec:\1thhnn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2192 -
\??\c:\hnbtbb.exec:\hnbtbb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:732 -
\??\c:\pvpdd.exec:\pvpdd.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4548 -
\??\c:\rlfflfx.exec:\rlfflfx.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4464 -
\??\c:\hhntnt.exec:\hhntnt.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3324 -
\??\c:\jdpdd.exec:\jdpdd.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3288 -
\??\c:\vdvjd.exec:\vdvjd.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4648 -
\??\c:\xxfxxll.exec:\xxfxxll.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3396 -
\??\c:\3vdjd.exec:\3vdjd.exe23⤵
- Executes dropped EXE
PID:3596 -
\??\c:\jvvdv.exec:\jvvdv.exe24⤵
- Executes dropped EXE
PID:5116 -
\??\c:\ntbttt.exec:\ntbttt.exe25⤵
- Executes dropped EXE
PID:1636 -
\??\c:\pvdpj.exec:\pvdpj.exe26⤵
- Executes dropped EXE
PID:456 -
\??\c:\jdpdv.exec:\jdpdv.exe27⤵
- Executes dropped EXE
PID:4264 -
\??\c:\frxlfxr.exec:\frxlfxr.exe28⤵
- Executes dropped EXE
PID:1592 -
\??\c:\hhhbbb.exec:\hhhbbb.exe29⤵
- Executes dropped EXE
PID:2776 -
\??\c:\pjdvv.exec:\pjdvv.exe30⤵
- Executes dropped EXE
PID:4116 -
\??\c:\jvvdd.exec:\jvvdd.exe31⤵
- Executes dropped EXE
PID:2704 -
\??\c:\lrlxrlf.exec:\lrlxrlf.exe32⤵
- Executes dropped EXE
PID:3936 -
\??\c:\xxxrfxr.exec:\xxxrfxr.exe33⤵
- Executes dropped EXE
PID:4020 -
\??\c:\nnhtnh.exec:\nnhtnh.exe34⤵
- Executes dropped EXE
PID:4432 -
\??\c:\1dvpj.exec:\1dvpj.exe35⤵
- Executes dropped EXE
PID:4572 -
\??\c:\xxfxllf.exec:\xxfxllf.exe36⤵
- Executes dropped EXE
PID:3696 -
\??\c:\lfxfxxl.exec:\lfxfxxl.exe37⤵
- Executes dropped EXE
PID:3208 -
\??\c:\7httbt.exec:\7httbt.exe38⤵
- Executes dropped EXE
PID:396 -
\??\c:\htbnbt.exec:\htbnbt.exe39⤵
- Executes dropped EXE
PID:4984 -
\??\c:\dpjdj.exec:\dpjdj.exe40⤵
- Executes dropped EXE
PID:3628 -
\??\c:\flrrfff.exec:\flrrfff.exe41⤵
- Executes dropped EXE
PID:244 -
\??\c:\xxrrrrx.exec:\xxrrrrx.exe42⤵
- Executes dropped EXE
PID:2604 -
\??\c:\hhbtnn.exec:\hhbtnn.exe43⤵
- Executes dropped EXE
PID:1652 -
\??\c:\7vvdv.exec:\7vvdv.exe44⤵
- Executes dropped EXE
PID:4904 -
\??\c:\pdvvd.exec:\pdvvd.exe45⤵
- Executes dropped EXE
PID:5028 -
\??\c:\3xflrrr.exec:\3xflrrr.exe46⤵
- Executes dropped EXE
PID:1540 -
\??\c:\vjpjv.exec:\vjpjv.exe47⤵
- Executes dropped EXE
PID:2588 -
\??\c:\ppjdp.exec:\ppjdp.exe48⤵
- Executes dropped EXE
PID:2608 -
\??\c:\xxfllrf.exec:\xxfllrf.exe49⤵
- Executes dropped EXE
PID:3896 -
\??\c:\ffllrlx.exec:\ffllrlx.exe50⤵
- Executes dropped EXE
PID:2264 -
\??\c:\tnnbbb.exec:\tnnbbb.exe51⤵
- Executes dropped EXE
PID:4424 -
\??\c:\3pjdj.exec:\3pjdj.exe52⤵
- Executes dropped EXE
PID:4728 -
\??\c:\1djdp.exec:\1djdp.exe53⤵
- Executes dropped EXE
PID:4568 -
\??\c:\lfxlffx.exec:\lfxlffx.exe54⤵
- Executes dropped EXE
PID:2224 -
\??\c:\fxlxfxx.exec:\fxlxfxx.exe55⤵
- Executes dropped EXE
PID:1972 -
\??\c:\bthbtt.exec:\bthbtt.exe56⤵
- Executes dropped EXE
PID:5092 -
\??\c:\9dvjd.exec:\9dvjd.exe57⤵
- Executes dropped EXE
PID:716 -
\??\c:\jdpjd.exec:\jdpjd.exe58⤵
- Executes dropped EXE
PID:856 -
\??\c:\rrxrlrl.exec:\rrxrlrl.exe59⤵
- Executes dropped EXE
PID:1980 -
\??\c:\xrlfffr.exec:\xrlfffr.exe60⤵
- Executes dropped EXE
PID:4924 -
\??\c:\7thtnh.exec:\7thtnh.exe61⤵
- Executes dropped EXE
PID:3468 -
\??\c:\httnbb.exec:\httnbb.exe62⤵
- Executes dropped EXE
PID:2892 -
\??\c:\vpjvj.exec:\vpjvj.exe63⤵
- Executes dropped EXE
PID:2284 -
\??\c:\pjvdv.exec:\pjvdv.exe64⤵
- Executes dropped EXE
PID:3592 -
\??\c:\rlrfrrr.exec:\rlrfrrr.exe65⤵
- Executes dropped EXE
PID:1832 -
\??\c:\lfllxxr.exec:\lfllxxr.exe66⤵PID:636
-
\??\c:\thbtnh.exec:\thbtnh.exe67⤵PID:4560
-
\??\c:\dddvj.exec:\dddvj.exe68⤵PID:3984
-
\??\c:\jpdvj.exec:\jpdvj.exe69⤵PID:4264
-
\??\c:\rlxllff.exec:\rlxllff.exe70⤵PID:3316
-
\??\c:\frlfxxr.exec:\frlfxxr.exe71⤵PID:2776
-
\??\c:\tbhbht.exec:\tbhbht.exe72⤵PID:2292
-
\??\c:\jpdjj.exec:\jpdjj.exe73⤵PID:2704
-
\??\c:\frlrfxr.exec:\frlrfxr.exe74⤵PID:4740
-
\??\c:\bbtnnh.exec:\bbtnnh.exe75⤵PID:1336
-
\??\c:\nbbtnh.exec:\nbbtnh.exe76⤵PID:4496
-
\??\c:\dpvpj.exec:\dpvpj.exe77⤵PID:4432
-
\??\c:\ddvjj.exec:\ddvjj.exe78⤵PID:3580
-
\??\c:\llxllff.exec:\llxllff.exe79⤵PID:3056
-
\??\c:\hbbtth.exec:\hbbtth.exe80⤵PID:2700
-
\??\c:\tthbbh.exec:\tthbbh.exe81⤵PID:5052
-
\??\c:\vvvjd.exec:\vvvjd.exe82⤵PID:396
-
\??\c:\ppjvj.exec:\ppjvj.exe83⤵PID:2636
-
\??\c:\rfxxrfl.exec:\rfxxrfl.exe84⤵PID:5004
-
\??\c:\flllllr.exec:\flllllr.exe85⤵PID:1228
-
\??\c:\bntnnn.exec:\bntnnn.exe86⤵PID:376
-
\??\c:\nnbtbt.exec:\nnbtbt.exe87⤵PID:3424
-
\??\c:\dppdv.exec:\dppdv.exe88⤵PID:3760
-
\??\c:\ppppj.exec:\ppppj.exe89⤵PID:3120
-
\??\c:\xxlfxxr.exec:\xxlfxxr.exe90⤵PID:2204
-
\??\c:\tnbnhh.exec:\tnbnhh.exe91⤵PID:2032
-
\??\c:\9bnbtn.exec:\9bnbtn.exe92⤵PID:2868
-
\??\c:\pvvvd.exec:\pvvvd.exe93⤵PID:4836
-
\??\c:\lrrfxxl.exec:\lrrfxxl.exe94⤵PID:2264
-
\??\c:\flffffr.exec:\flffffr.exe95⤵PID:3196
-
\??\c:\9bnhhh.exec:\9bnhhh.exe96⤵PID:1424
-
\??\c:\ppjvv.exec:\ppjvv.exe97⤵PID:2228
-
\??\c:\xlffxlf.exec:\xlffxlf.exe98⤵PID:732
-
\??\c:\bhhhtn.exec:\bhhhtn.exe99⤵PID:1972
-
\??\c:\vvvvv.exec:\vvvvv.exe100⤵PID:3168
-
\??\c:\9vdjj.exec:\9vdjj.exe101⤵PID:4128
-
\??\c:\fxfxffl.exec:\fxfxffl.exe102⤵PID:4312
-
\??\c:\tnhbnt.exec:\tnhbnt.exe103⤵PID:2028
-
\??\c:\jdjjd.exec:\jdjjd.exe104⤵PID:3856
-
\??\c:\7rxxlrr.exec:\7rxxlrr.exe105⤵PID:3468
-
\??\c:\hhhbtn.exec:\hhhbtn.exe106⤵PID:2984
-
\??\c:\vdjpp.exec:\vdjpp.exe107⤵PID:3900
-
\??\c:\lxfxrll.exec:\lxfxrll.exe108⤵PID:3668
-
\??\c:\hhhbnt.exec:\hhhbnt.exe109⤵PID:684
-
\??\c:\bbnttb.exec:\bbnttb.exe110⤵PID:4276
-
\??\c:\dpvdd.exec:\dpvdd.exe111⤵PID:4912
-
\??\c:\frxxrrl.exec:\frxxrrl.exe112⤵PID:3264
-
\??\c:\rfrfrrr.exec:\rfrfrrr.exe113⤵PID:1448
-
\??\c:\9nttbb.exec:\9nttbb.exe114⤵PID:5068
-
\??\c:\ddvdv.exec:\ddvdv.exe115⤵PID:3876
-
\??\c:\jvvpp.exec:\jvvpp.exe116⤵PID:4848
-
\??\c:\dvppp.exec:\dvppp.exe117⤵PID:3992
-
\??\c:\flxrrlr.exec:\flxrrlr.exe118⤵PID:4896
-
\??\c:\nththh.exec:\nththh.exe119⤵PID:4804
-
\??\c:\nnbhbn.exec:\nnbhbn.exe120⤵PID:3780
-
\??\c:\ddvvv.exec:\ddvvv.exe121⤵PID:2652
-
\??\c:\rfxffff.exec:\rfxffff.exe122⤵PID:760
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-