Analysis
-
max time kernel
129s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 01:08
Behavioral task
behavioral1
Sample
7ba6e366baa2b94fa08942d82f75ab900964be3a90b5ab82726245da1e190b87.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
7ba6e366baa2b94fa08942d82f75ab900964be3a90b5ab82726245da1e190b87.exe
-
Size
464KB
-
MD5
652a714169341d3ca92b741068ae73b0
-
SHA1
18668e9b9bf28586ac96e0b71927033879529f10
-
SHA256
7ba6e366baa2b94fa08942d82f75ab900964be3a90b5ab82726245da1e190b87
-
SHA512
2a0bdc5e58c3022911a964719d01275247190222505edd0572971b41d9867b50ebfcfd4dd9e7cab631f13ab107de061a949af3e5a3751ce5751e828c77292ac1
-
SSDEEP
12288:J4wFHoSTeR0oQRkay+eFp3IDvSbh5nPVP+OKaf1VB:VeR0oykayRFp3lztP+OKaf1VB
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral2/memory/5096-8-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/3200-6-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/2944-13-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/1344-20-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4788-25-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/1020-31-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/1456-37-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/3888-43-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4060-54-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/3736-61-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/1624-91-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4468-97-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/3684-117-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/3208-128-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/3232-194-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4356-196-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/1596-202-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/652-221-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/436-229-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4640-256-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/3696-271-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/236-291-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/3460-338-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4952-342-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/2504-287-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/2712-276-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/3264-274-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4356-346-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/3348-267-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/1204-242-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4504-217-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/3284-210-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/432-209-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/5092-185-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4744-183-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4904-177-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/3644-171-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/1016-159-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4428-144-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/2392-123-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4652-114-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/2712-108-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4012-98-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/1136-84-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/984-79-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4284-62-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/2960-353-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/1340-366-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/3140-373-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/1480-375-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/2552-390-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4496-409-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4280-441-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4800-476-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/2404-495-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/3736-528-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4012-557-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/2164-637-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4116-680-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4304-733-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/2112-761-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/1860-805-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4016-861-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon behavioral2/memory/4800-929-0x0000000000400000-0x000000000043A000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 5096 dvvpj.exe 2944 rxfxxxx.exe 1344 hbbbtt.exe 4788 1hbbtb.exe 1020 djjjd.exe 1456 tthbnt.exe 3888 llxrffl.exe 4060 hbbbbb.exe 3736 vvjvv.exe 4284 7pvvv.exe 2552 fffxxxr.exe 984 7ttttt.exe 1136 jvddd.exe 1624 tthhbt.exe 4468 3bbttt.exe 4012 9hnnhh.exe 2712 bnbbbb.exe 4652 llfxrll.exe 3684 frxrfff.exe 2392 7nthhh.exe 3208 dvvpv.exe 1156 ddpvd.exe 4428 bhbbbb.exe 1904 vjjdv.exe 4756 nhnhhn.exe 3560 dpvpj.exe 1016 lrlfxxl.exe 3644 9lfrlrl.exe 4904 hhtttb.exe 4744 1dvvp.exe 5092 flfrlll.exe 3232 bnnnhh.exe 4356 pjjjd.exe 3704 fxxlffx.exe 1596 pvdjp.exe 432 ffrxxrf.exe 3284 btbbbh.exe 876 pdjjd.exe 4504 5rlfxxx.exe 652 9nttbh.exe 436 5bnntt.exe 4856 jvvjj.exe 2636 lrlfrfx.exe 3736 lffrrrl.exe 1512 hnhhhb.exe 1204 pddvp.exe 2424 5frlrfx.exe 2684 lxlfxxx.exe 4640 nhbhbb.exe 4612 ppvpp.exe 4668 dvvpd.exe 3348 3rllxff.exe 3264 tttnnn.exe 3696 ddjvp.exe 2712 frxlfxl.exe 4708 thbbbh.exe 2504 tttntn.exe 236 9ppjp.exe 3916 bthnnh.exe 736 vjddd.exe 1664 fxxxrrx.exe 3328 hbbhtb.exe 3352 pdpvd.exe 1904 lrrrllx.exe -
resource yara_rule behavioral2/memory/3200-0-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x0007000000023289-4.dat upx behavioral2/memory/5096-8-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/3200-6-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x000800000002342e-11.dat upx behavioral2/memory/2944-13-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/1344-20-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/4788-25-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x0007000000023434-28.dat upx behavioral2/memory/1020-31-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x0007000000023436-36.dat upx behavioral2/memory/1456-37-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x0007000000023433-24.dat upx behavioral2/memory/3888-43-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/4060-49-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/4060-54-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/3736-61-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x000700000002343c-72.dat upx behavioral2/memory/984-73-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x000700000002343e-82.dat upx behavioral2/memory/1624-91-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x000700000002343f-90.dat upx behavioral2/memory/4468-97-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x0007000000023441-103.dat upx behavioral2/files/0x000d000000023388-109.dat upx behavioral2/memory/3684-117-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x0007000000023442-126.dat upx behavioral2/memory/3208-128-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x0007000000023443-133.dat upx behavioral2/files/0x000800000002342f-137.dat upx behavioral2/files/0x0007000000023444-141.dat upx behavioral2/files/0x000700000001d9e8-149.dat upx behavioral2/memory/3644-166-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x000700000002344b-188.dat upx behavioral2/memory/3232-194-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/4356-196-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/1596-202-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/652-221-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/436-229-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/4612-257-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/4640-256-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/3696-271-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/236-291-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/3352-304-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/3460-338-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/4952-342-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/2504-287-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/2712-276-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/3264-274-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/3264-268-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/4356-346-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/3348-267-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/2684-249-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/1204-242-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/436-225-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/4504-217-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/3284-210-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/432-209-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/memory/5092-185-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x000700000002344a-184.dat upx behavioral2/memory/4744-183-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x0007000000023449-178.dat upx behavioral2/memory/4904-177-0x0000000000400000-0x000000000043A000-memory.dmp upx behavioral2/files/0x0007000000023448-172.dat upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3200 wrote to memory of 5096 3200 7ba6e366baa2b94fa08942d82f75ab900964be3a90b5ab82726245da1e190b87.exe 161 PID 3200 wrote to memory of 5096 3200 7ba6e366baa2b94fa08942d82f75ab900964be3a90b5ab82726245da1e190b87.exe 161 PID 3200 wrote to memory of 5096 3200 7ba6e366baa2b94fa08942d82f75ab900964be3a90b5ab82726245da1e190b87.exe 161 PID 5096 wrote to memory of 2944 5096 dvvpj.exe 83 PID 5096 wrote to memory of 2944 5096 dvvpj.exe 83 PID 5096 wrote to memory of 2944 5096 dvvpj.exe 83 PID 2944 wrote to memory of 1344 2944 rxfxxxx.exe 164 PID 2944 wrote to memory of 1344 2944 rxfxxxx.exe 164 PID 2944 wrote to memory of 1344 2944 rxfxxxx.exe 164 PID 1344 wrote to memory of 4788 1344 hbbbtt.exe 85 PID 1344 wrote to memory of 4788 1344 hbbbtt.exe 85 PID 1344 wrote to memory of 4788 1344 hbbbtt.exe 85 PID 4788 wrote to memory of 1020 4788 1hbbtb.exe 86 PID 4788 wrote to memory of 1020 4788 1hbbtb.exe 86 PID 4788 wrote to memory of 1020 4788 1hbbtb.exe 86 PID 1020 wrote to memory of 1456 1020 djjjd.exe 87 PID 1020 wrote to memory of 1456 1020 djjjd.exe 87 PID 1020 wrote to memory of 1456 1020 djjjd.exe 87 PID 1456 wrote to memory of 3888 1456 tthbnt.exe 89 PID 1456 wrote to memory of 3888 1456 tthbnt.exe 89 PID 1456 wrote to memory of 3888 1456 tthbnt.exe 89 PID 3888 wrote to memory of 4060 3888 llxrffl.exe 90 PID 3888 wrote to memory of 4060 3888 llxrffl.exe 90 PID 3888 wrote to memory of 4060 3888 llxrffl.exe 90 PID 4060 wrote to memory of 3736 4060 hbbbbb.exe 129 PID 4060 wrote to memory of 3736 4060 hbbbbb.exe 129 PID 4060 wrote to memory of 3736 4060 hbbbbb.exe 129 PID 3736 wrote to memory of 4284 3736 vvjvv.exe 93 PID 3736 wrote to memory of 4284 3736 vvjvv.exe 93 PID 3736 wrote to memory of 4284 3736 vvjvv.exe 93 PID 4284 wrote to memory of 2552 4284 7pvvv.exe 94 PID 4284 wrote to memory of 2552 4284 7pvvv.exe 94 PID 4284 wrote to memory of 2552 4284 7pvvv.exe 94 PID 2552 wrote to memory of 984 2552 fffxxxr.exe 96 PID 2552 wrote to memory of 984 2552 fffxxxr.exe 96 PID 2552 wrote to memory of 984 2552 fffxxxr.exe 96 PID 984 wrote to memory of 1136 984 7ttttt.exe 97 PID 984 wrote to memory of 1136 984 7ttttt.exe 97 PID 984 wrote to memory of 1136 984 7ttttt.exe 97 PID 1136 wrote to memory of 1624 1136 jvddd.exe 98 PID 1136 wrote to memory of 1624 1136 jvddd.exe 98 PID 1136 wrote to memory of 1624 1136 jvddd.exe 98 PID 1624 wrote to memory of 4468 1624 tthhbt.exe 99 PID 1624 wrote to memory of 4468 1624 tthhbt.exe 99 PID 1624 wrote to memory of 4468 1624 tthhbt.exe 99 PID 4468 wrote to memory of 4012 4468 3bbttt.exe 100 PID 4468 wrote to memory of 4012 4468 3bbttt.exe 100 PID 4468 wrote to memory of 4012 4468 3bbttt.exe 100 PID 4012 wrote to memory of 2712 4012 9hnnhh.exe 101 PID 4012 wrote to memory of 2712 4012 9hnnhh.exe 101 PID 4012 wrote to memory of 2712 4012 9hnnhh.exe 101 PID 2712 wrote to memory of 4652 2712 bnbbbb.exe 103 PID 2712 wrote to memory of 4652 2712 bnbbbb.exe 103 PID 2712 wrote to memory of 4652 2712 bnbbbb.exe 103 PID 4652 wrote to memory of 3684 4652 llfxrll.exe 104 PID 4652 wrote to memory of 3684 4652 llfxrll.exe 104 PID 4652 wrote to memory of 3684 4652 llfxrll.exe 104 PID 3684 wrote to memory of 2392 3684 frxrfff.exe 105 PID 3684 wrote to memory of 2392 3684 frxrfff.exe 105 PID 3684 wrote to memory of 2392 3684 frxrfff.exe 105 PID 2392 wrote to memory of 3208 2392 7nthhh.exe 106 PID 2392 wrote to memory of 3208 2392 7nthhh.exe 106 PID 2392 wrote to memory of 3208 2392 7nthhh.exe 106 PID 3208 wrote to memory of 1156 3208 dvvpv.exe 107
Processes
-
C:\Users\Admin\AppData\Local\Temp\7ba6e366baa2b94fa08942d82f75ab900964be3a90b5ab82726245da1e190b87.exe"C:\Users\Admin\AppData\Local\Temp\7ba6e366baa2b94fa08942d82f75ab900964be3a90b5ab82726245da1e190b87.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3200 -
\??\c:\dvvpj.exec:\dvvpj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5096 -
\??\c:\rxfxxxx.exec:\rxfxxxx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2944 -
\??\c:\hbbbtt.exec:\hbbbtt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1344 -
\??\c:\1hbbtb.exec:\1hbbtb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4788 -
\??\c:\djjjd.exec:\djjjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1020 -
\??\c:\tthbnt.exec:\tthbnt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1456 -
\??\c:\llxrffl.exec:\llxrffl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3888 -
\??\c:\hbbbbb.exec:\hbbbbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4060 -
\??\c:\vvjvv.exec:\vvjvv.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3736 -
\??\c:\7pvvv.exec:\7pvvv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4284 -
\??\c:\fffxxxr.exec:\fffxxxr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2552 -
\??\c:\7ttttt.exec:\7ttttt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:984 -
\??\c:\jvddd.exec:\jvddd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1136 -
\??\c:\tthhbt.exec:\tthhbt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1624 -
\??\c:\3bbttt.exec:\3bbttt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4468 -
\??\c:\9hnnhh.exec:\9hnnhh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4012 -
\??\c:\bnbbbb.exec:\bnbbbb.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2712 -
\??\c:\llfxrll.exec:\llfxrll.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4652 -
\??\c:\frxrfff.exec:\frxrfff.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3684 -
\??\c:\7nthhh.exec:\7nthhh.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2392 -
\??\c:\dvvpv.exec:\dvvpv.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3208 -
\??\c:\ddpvd.exec:\ddpvd.exe23⤵
- Executes dropped EXE
PID:1156 -
\??\c:\bhbbbb.exec:\bhbbbb.exe24⤵
- Executes dropped EXE
PID:4428 -
\??\c:\vjjdv.exec:\vjjdv.exe25⤵
- Executes dropped EXE
PID:1904 -
\??\c:\nhnhhn.exec:\nhnhhn.exe26⤵
- Executes dropped EXE
PID:4756 -
\??\c:\dpvpj.exec:\dpvpj.exe27⤵
- Executes dropped EXE
PID:3560 -
\??\c:\lrlfxxl.exec:\lrlfxxl.exe28⤵
- Executes dropped EXE
PID:1016 -
\??\c:\9lfrlrl.exec:\9lfrlrl.exe29⤵
- Executes dropped EXE
PID:3644 -
\??\c:\hhtttb.exec:\hhtttb.exe30⤵
- Executes dropped EXE
PID:4904 -
\??\c:\1dvvp.exec:\1dvvp.exe31⤵
- Executes dropped EXE
PID:4744 -
\??\c:\flfrlll.exec:\flfrlll.exe32⤵
- Executes dropped EXE
PID:5092 -
\??\c:\bnnnhh.exec:\bnnnhh.exe33⤵
- Executes dropped EXE
PID:3232 -
\??\c:\pjjjd.exec:\pjjjd.exe34⤵
- Executes dropped EXE
PID:4356 -
\??\c:\fxxlffx.exec:\fxxlffx.exe35⤵
- Executes dropped EXE
PID:3704 -
\??\c:\pvdjp.exec:\pvdjp.exe36⤵
- Executes dropped EXE
PID:1596 -
\??\c:\ffrxxrf.exec:\ffrxxrf.exe37⤵
- Executes dropped EXE
PID:432 -
\??\c:\btbbbh.exec:\btbbbh.exe38⤵
- Executes dropped EXE
PID:3284 -
\??\c:\pdjjd.exec:\pdjjd.exe39⤵
- Executes dropped EXE
PID:876 -
\??\c:\5rlfxxx.exec:\5rlfxxx.exe40⤵
- Executes dropped EXE
PID:4504 -
\??\c:\9nttbh.exec:\9nttbh.exe41⤵
- Executes dropped EXE
PID:652 -
\??\c:\5bnntt.exec:\5bnntt.exe42⤵
- Executes dropped EXE
PID:436 -
\??\c:\jvvjj.exec:\jvvjj.exe43⤵
- Executes dropped EXE
PID:4856 -
\??\c:\lrlfrfx.exec:\lrlfrfx.exe44⤵
- Executes dropped EXE
PID:2636 -
\??\c:\lffrrrl.exec:\lffrrrl.exe45⤵
- Executes dropped EXE
PID:3736 -
\??\c:\hnhhhb.exec:\hnhhhb.exe46⤵
- Executes dropped EXE
PID:1512 -
\??\c:\pddvp.exec:\pddvp.exe47⤵
- Executes dropped EXE
PID:1204 -
\??\c:\5frlrfx.exec:\5frlrfx.exe48⤵
- Executes dropped EXE
PID:2424 -
\??\c:\lxlfxxx.exec:\lxlfxxx.exe49⤵
- Executes dropped EXE
PID:2684 -
\??\c:\nhbhbb.exec:\nhbhbb.exe50⤵
- Executes dropped EXE
PID:4640 -
\??\c:\ppvpp.exec:\ppvpp.exe51⤵
- Executes dropped EXE
PID:4612 -
\??\c:\dvvpd.exec:\dvvpd.exe52⤵
- Executes dropped EXE
PID:4668 -
\??\c:\3rllxff.exec:\3rllxff.exe53⤵
- Executes dropped EXE
PID:3348 -
\??\c:\tttnnn.exec:\tttnnn.exe54⤵
- Executes dropped EXE
PID:3264 -
\??\c:\ddjvp.exec:\ddjvp.exe55⤵
- Executes dropped EXE
PID:3696 -
\??\c:\frxlfxl.exec:\frxlfxl.exe56⤵
- Executes dropped EXE
PID:2712 -
\??\c:\thbbbh.exec:\thbbbh.exe57⤵
- Executes dropped EXE
PID:4708 -
\??\c:\tttntn.exec:\tttntn.exe58⤵
- Executes dropped EXE
PID:2504 -
\??\c:\9ppjp.exec:\9ppjp.exe59⤵
- Executes dropped EXE
PID:236 -
\??\c:\bthnnh.exec:\bthnnh.exe60⤵
- Executes dropped EXE
PID:3916 -
\??\c:\vjddd.exec:\vjddd.exe61⤵
- Executes dropped EXE
PID:736 -
\??\c:\fxxxrrx.exec:\fxxxrrx.exe62⤵
- Executes dropped EXE
PID:1664 -
\??\c:\hbbhtb.exec:\hbbhtb.exe63⤵
- Executes dropped EXE
PID:3328 -
\??\c:\pdpvd.exec:\pdpvd.exe64⤵
- Executes dropped EXE
PID:3352 -
\??\c:\lrrrllx.exec:\lrrrllx.exe65⤵
- Executes dropped EXE
PID:1904 -
\??\c:\ttbtbn.exec:\ttbtbn.exe66⤵PID:1540
-
\??\c:\vpvvv.exec:\vpvvv.exe67⤵PID:4872
-
\??\c:\flrfxxx.exec:\flrfxxx.exe68⤵PID:3672
-
\??\c:\9hhhhh.exec:\9hhhhh.exe69⤵PID:1896
-
\??\c:\ppvvv.exec:\ppvvv.exe70⤵PID:4800
-
\??\c:\ppdjd.exec:\ppdjd.exe71⤵PID:3400
-
\??\c:\ffxrffx.exec:\ffxrffx.exe72⤵PID:4796
-
\??\c:\nbthhh.exec:\nbthhh.exe73⤵PID:1668
-
\??\c:\vdjdv.exec:\vdjdv.exe74⤵PID:3460
-
\??\c:\pvdvp.exec:\pvdvp.exe75⤵PID:4952
-
\??\c:\xflrlll.exec:\xflrlll.exe76⤵PID:4356
-
\??\c:\ppjdp.exec:\ppjdp.exe77⤵PID:5096
-
\??\c:\7pvpv.exec:\7pvpv.exe78⤵PID:2960
-
\??\c:\rxrlfrr.exec:\rxrlfrr.exe79⤵PID:3620
-
\??\c:\thtnbh.exec:\thtnbh.exe80⤵PID:1344
-
\??\c:\ppvvj.exec:\ppvvj.exe81⤵PID:1376
-
\??\c:\rfxxflx.exec:\rfxxflx.exe82⤵PID:4648
-
\??\c:\btnhtt.exec:\btnhtt.exe83⤵PID:1340
-
\??\c:\ddvpv.exec:\ddvpv.exe84⤵PID:3140
-
\??\c:\xxflxlr.exec:\xxflxlr.exe85⤵PID:1480
-
\??\c:\tnnnnn.exec:\tnnnnn.exe86⤵PID:3588
-
\??\c:\pjdvv.exec:\pjdvv.exe87⤵PID:4492
-
\??\c:\dvjjv.exec:\dvjjv.exe88⤵PID:1392
-
\??\c:\dvdvp.exec:\dvdvp.exe89⤵PID:1852
-
\??\c:\lxfxxxx.exec:\lxfxxxx.exe90⤵PID:2552
-
\??\c:\5ntbbt.exec:\5ntbbt.exe91⤵PID:3692
-
\??\c:\jvjdv.exec:\jvjdv.exe92⤵PID:4180
-
\??\c:\3fllflr.exec:\3fllflr.exe93⤵PID:4032
-
\??\c:\bbhbbn.exec:\bbhbbn.exe94⤵PID:2388
-
\??\c:\1bbtbb.exec:\1bbtbb.exe95⤵PID:4496
-
\??\c:\llrlfxx.exec:\llrlfxx.exe96⤵PID:4508
-
\??\c:\tbbbnn.exec:\tbbbnn.exe97⤵PID:3852
-
\??\c:\vpvvv.exec:\vpvvv.exe98⤵PID:3464
-
\??\c:\djjjd.exec:\djjjd.exe99⤵PID:4892
-
\??\c:\xrrxrxx.exec:\xrrxrxx.exe100⤵PID:3964
-
\??\c:\bhbbhh.exec:\bhbbhh.exe101⤵PID:1832
-
\??\c:\vpjjj.exec:\vpjjj.exe102⤵PID:3832
-
\??\c:\vjvvv.exec:\vjvvv.exe103⤵PID:1244
-
\??\c:\lxxxxxx.exec:\lxxxxxx.exe104⤵PID:2312
-
\??\c:\ttnbbh.exec:\ttnbbh.exe105⤵PID:4280
-
\??\c:\7xllfll.exec:\7xllfll.exe106⤵PID:4608
-
\??\c:\9llfffx.exec:\9llfffx.exe107⤵PID:4944
-
\??\c:\hhhhnn.exec:\hhhhnn.exe108⤵PID:1664
-
\??\c:\jdppp.exec:\jdppp.exe109⤵PID:3328
-
\??\c:\fxllfrl.exec:\fxllfrl.exe110⤵PID:624
-
\??\c:\7rffxxx.exec:\7rffxxx.exe111⤵PID:1904
-
\??\c:\btnnhh.exec:\btnnhh.exe112⤵PID:1540
-
\??\c:\jpddv.exec:\jpddv.exe113⤵PID:3044
-
\??\c:\9rfxrll.exec:\9rfxrll.exe114⤵PID:1956
-
\??\c:\7bhbtb.exec:\7bhbtb.exe115⤵PID:3148
-
\??\c:\nnnntt.exec:\nnnntt.exe116⤵PID:4800
-
\??\c:\3jvvv.exec:\3jvvv.exe117⤵PID:3948
-
\??\c:\lrrlflf.exec:\lrrlflf.exe118⤵PID:2032
-
\??\c:\lxrfrll.exec:\lxrfrll.exe119⤵PID:4808
-
\??\c:\hhbnht.exec:\hhbnht.exe120⤵PID:3688
-
\??\c:\ppdvd.exec:\ppdvd.exe121⤵PID:3944
-
\??\c:\lxxlxxf.exec:\lxxlxxf.exe122⤵PID:3580
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-