Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 13:32
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
54f43078ac9a4bcd240e21576a737316_JaffaCakes118.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
54f43078ac9a4bcd240e21576a737316_JaffaCakes118.exe
-
Size
213KB
-
MD5
54f43078ac9a4bcd240e21576a737316
-
SHA1
e77c8928fd46f0b3acaedf104ac8cff26ba3b7e1
-
SHA256
d90501b1dff26447677b837d6634b3c7a5a0111e0be0364fe3eccd6c8234c274
-
SHA512
2f4dd1f3c1b84c61e8fdd7c8fb791d25bcd04149ea0a9b6b0bf459a9b40c5fa70bef6afab0564c3d12cbefd37034e279adae1c679ffa6f23e3cf312d78600d22
-
SSDEEP
1536:evQBeOGtrYSSsrc93UBIfdC67m6AJiqzgLrTKBk3IU39TeYmKq:ehOm2sI93UufdC67ciRLPvx3teYmt
Malware Config
Signatures
-
Detect Blackmoon payload 42 IoCs
resource yara_rule behavioral1/memory/1984-7-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2644-18-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2912-27-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2620-35-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2488-45-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2052-53-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1652-63-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2356-72-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2356-67-0x00000000003C0000-0x00000000003EA000-memory.dmp family_blackmoon behavioral1/memory/2824-89-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2444-101-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2084-124-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/284-133-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2108-143-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1700-155-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2232-153-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1976-167-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2020-166-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1892-191-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2332-201-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1720-222-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1832-220-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1320-245-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/3020-278-0x0000000000220000-0x000000000024A000-memory.dmp family_blackmoon behavioral1/memory/1424-290-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1524-303-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2628-328-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2812-368-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1356-427-0x00000000003C0000-0x00000000003EA000-memory.dmp family_blackmoon behavioral1/memory/2100-434-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2720-449-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1132-523-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1604-525-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1840-550-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2368-640-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1552-931-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2328-944-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1748-971-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2440-1144-0x0000000000220000-0x000000000024A000-memory.dmp family_blackmoon behavioral1/memory/1244-1234-0x0000000000220000-0x000000000024A000-memory.dmp family_blackmoon behavioral1/memory/2664-1237-0x0000000000220000-0x000000000024A000-memory.dmp family_blackmoon behavioral1/memory/2276-1298-0x0000000000220000-0x000000000024A000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 2644 hbbtnb.exe 2912 jdjpp.exe 2620 rflrrxl.exe 2488 htbttn.exe 2052 9jddj.exe 1652 xrxrxxr.exe 2356 htbnth.exe 2528 7jpjj.exe 2824 flxrrxf.exe 1280 nhtbhh.exe 2444 pjvdd.exe 2692 1djvd.exe 2084 ffxrxfr.exe 284 thtttb.exe 2108 1dvpp.exe 2232 pdjjp.exe 1700 xlxxffl.exe 2020 thbtbt.exe 1976 9jddj.exe 1636 dppjd.exe 1892 lxflrll.exe 2332 tbhnhh.exe 588 vpdjj.exe 1832 vjvdv.exe 1720 9lfrxxx.exe 1604 thnntt.exe 1320 vjjdd.exe 304 9lflllr.exe 2064 btbhtn.exe 2776 pddvv.exe 3020 jpvpd.exe 1916 fxflllx.exe 1424 tbttbb.exe 2208 pddvv.exe 1524 dvddv.exe 2448 7lrxxll.exe 2644 xxrrflf.exe 2628 bhtttn.exe 2740 vjjdd.exe 2516 jpvjd.exe 2488 1xlflff.exe 2052 5xlffrx.exe 2352 jjvdd.exe 2416 dvjpp.exe 2812 xlrflrf.exe 640 xrlrlrf.exe 1356 9thtnh.exe 2424 bnhbhb.exe 2696 ddjvv.exe 328 fxrxxfl.exe 1436 lfrxffl.exe 1212 nhnbhn.exe 2132 3jdjj.exe 2100 1ddpv.exe 2120 1rfflrf.exe 2232 fxrxflr.exe 2720 ttbhnh.exe 2036 jdvdp.exe 1688 fxxffll.exe 2200 ffrlxff.exe 1896 thttbh.exe 1364 jdpvj.exe 684 pjdvv.exe 648 frllrxf.exe -
resource yara_rule behavioral1/memory/1984-0-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1984-7-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2644-9-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2644-18-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2912-27-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2620-35-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2488-45-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2052-53-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1652-63-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2356-72-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2824-89-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2444-101-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2084-124-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/284-133-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/284-134-0x0000000000220000-0x000000000024A000-memory.dmp upx behavioral1/memory/2108-143-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1700-155-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2232-153-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1976-167-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2020-166-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1892-191-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2332-201-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/588-203-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1720-222-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1832-220-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1320-245-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1424-290-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1524-303-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2644-315-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2628-328-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2352-353-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2416-360-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2812-368-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/640-374-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/328-400-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1212-413-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2100-434-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2720-449-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2200-466-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1364-479-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/648-492-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1132-523-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1604-525-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2180-531-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1840-550-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/896-570-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2216-583-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2368-640-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/640-665-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2016-721-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2332-765-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/536-772-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1460-797-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/880-816-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2736-892-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2072-899-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2520-906-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1552-931-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2328-944-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2656-951-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2696-964-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1748-971-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1548-984-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2024-1021-0x0000000000400000-0x000000000042A000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1984 wrote to memory of 2644 1984 54f43078ac9a4bcd240e21576a737316_JaffaCakes118.exe 28 PID 1984 wrote to memory of 2644 1984 54f43078ac9a4bcd240e21576a737316_JaffaCakes118.exe 28 PID 1984 wrote to memory of 2644 1984 54f43078ac9a4bcd240e21576a737316_JaffaCakes118.exe 28 PID 1984 wrote to memory of 2644 1984 54f43078ac9a4bcd240e21576a737316_JaffaCakes118.exe 28 PID 2644 wrote to memory of 2912 2644 hbbtnb.exe 29 PID 2644 wrote to memory of 2912 2644 hbbtnb.exe 29 PID 2644 wrote to memory of 2912 2644 hbbtnb.exe 29 PID 2644 wrote to memory of 2912 2644 hbbtnb.exe 29 PID 2912 wrote to memory of 2620 2912 jdjpp.exe 30 PID 2912 wrote to memory of 2620 2912 jdjpp.exe 30 PID 2912 wrote to memory of 2620 2912 jdjpp.exe 30 PID 2912 wrote to memory of 2620 2912 jdjpp.exe 30 PID 2620 wrote to memory of 2488 2620 rflrrxl.exe 31 PID 2620 wrote to memory of 2488 2620 rflrrxl.exe 31 PID 2620 wrote to memory of 2488 2620 rflrrxl.exe 31 PID 2620 wrote to memory of 2488 2620 rflrrxl.exe 31 PID 2488 wrote to memory of 2052 2488 htbttn.exe 32 PID 2488 wrote to memory of 2052 2488 htbttn.exe 32 PID 2488 wrote to memory of 2052 2488 htbttn.exe 32 PID 2488 wrote to memory of 2052 2488 htbttn.exe 32 PID 2052 wrote to memory of 1652 2052 9jddj.exe 33 PID 2052 wrote to memory of 1652 2052 9jddj.exe 33 PID 2052 wrote to memory of 1652 2052 9jddj.exe 33 PID 2052 wrote to memory of 1652 2052 9jddj.exe 33 PID 1652 wrote to memory of 2356 1652 xrxrxxr.exe 34 PID 1652 wrote to memory of 2356 1652 xrxrxxr.exe 34 PID 1652 wrote to memory of 2356 1652 xrxrxxr.exe 34 PID 1652 wrote to memory of 2356 1652 xrxrxxr.exe 34 PID 2356 wrote to memory of 2528 2356 htbnth.exe 35 PID 2356 wrote to memory of 2528 2356 htbnth.exe 35 PID 2356 wrote to memory of 2528 2356 htbnth.exe 35 PID 2356 wrote to memory of 2528 2356 htbnth.exe 35 PID 2528 wrote to memory of 2824 2528 7jpjj.exe 36 PID 2528 wrote to memory of 2824 2528 7jpjj.exe 36 PID 2528 wrote to memory of 2824 2528 7jpjj.exe 36 PID 2528 wrote to memory of 2824 2528 7jpjj.exe 36 PID 2824 wrote to memory of 1280 2824 flxrrxf.exe 37 PID 2824 wrote to memory of 1280 2824 flxrrxf.exe 37 PID 2824 wrote to memory of 1280 2824 flxrrxf.exe 37 PID 2824 wrote to memory of 1280 2824 flxrrxf.exe 37 PID 1280 wrote to memory of 2444 1280 nhtbhh.exe 38 PID 1280 wrote to memory of 2444 1280 nhtbhh.exe 38 PID 1280 wrote to memory of 2444 1280 nhtbhh.exe 38 PID 1280 wrote to memory of 2444 1280 nhtbhh.exe 38 PID 2444 wrote to memory of 2692 2444 pjvdd.exe 39 PID 2444 wrote to memory of 2692 2444 pjvdd.exe 39 PID 2444 wrote to memory of 2692 2444 pjvdd.exe 39 PID 2444 wrote to memory of 2692 2444 pjvdd.exe 39 PID 2692 wrote to memory of 2084 2692 1djvd.exe 40 PID 2692 wrote to memory of 2084 2692 1djvd.exe 40 PID 2692 wrote to memory of 2084 2692 1djvd.exe 40 PID 2692 wrote to memory of 2084 2692 1djvd.exe 40 PID 2084 wrote to memory of 284 2084 ffxrxfr.exe 41 PID 2084 wrote to memory of 284 2084 ffxrxfr.exe 41 PID 2084 wrote to memory of 284 2084 ffxrxfr.exe 41 PID 2084 wrote to memory of 284 2084 ffxrxfr.exe 41 PID 284 wrote to memory of 2108 284 thtttb.exe 42 PID 284 wrote to memory of 2108 284 thtttb.exe 42 PID 284 wrote to memory of 2108 284 thtttb.exe 42 PID 284 wrote to memory of 2108 284 thtttb.exe 42 PID 2108 wrote to memory of 2232 2108 1dvpp.exe 43 PID 2108 wrote to memory of 2232 2108 1dvpp.exe 43 PID 2108 wrote to memory of 2232 2108 1dvpp.exe 43 PID 2108 wrote to memory of 2232 2108 1dvpp.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\54f43078ac9a4bcd240e21576a737316_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\54f43078ac9a4bcd240e21576a737316_JaffaCakes118.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1984 -
\??\c:\hbbtnb.exec:\hbbtnb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2644 -
\??\c:\jdjpp.exec:\jdjpp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2912 -
\??\c:\rflrrxl.exec:\rflrrxl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2620 -
\??\c:\htbttn.exec:\htbttn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2488 -
\??\c:\9jddj.exec:\9jddj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2052 -
\??\c:\xrxrxxr.exec:\xrxrxxr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1652 -
\??\c:\htbnth.exec:\htbnth.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2356 -
\??\c:\7jpjj.exec:\7jpjj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2528 -
\??\c:\flxrrxf.exec:\flxrrxf.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2824 -
\??\c:\nhtbhh.exec:\nhtbhh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1280 -
\??\c:\pjvdd.exec:\pjvdd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2444 -
\??\c:\1djvd.exec:\1djvd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2692 -
\??\c:\ffxrxfr.exec:\ffxrxfr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2084 -
\??\c:\thtttb.exec:\thtttb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:284 -
\??\c:\1dvpp.exec:\1dvpp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2108 -
\??\c:\pdjjp.exec:\pdjjp.exe17⤵
- Executes dropped EXE
PID:2232 -
\??\c:\xlxxffl.exec:\xlxxffl.exe18⤵
- Executes dropped EXE
PID:1700 -
\??\c:\thbtbt.exec:\thbtbt.exe19⤵
- Executes dropped EXE
PID:2020 -
\??\c:\9jddj.exec:\9jddj.exe20⤵
- Executes dropped EXE
PID:1976 -
\??\c:\dppjd.exec:\dppjd.exe21⤵
- Executes dropped EXE
PID:1636 -
\??\c:\lxflrll.exec:\lxflrll.exe22⤵
- Executes dropped EXE
PID:1892 -
\??\c:\tbhnhh.exec:\tbhnhh.exe23⤵
- Executes dropped EXE
PID:2332 -
\??\c:\vpdjj.exec:\vpdjj.exe24⤵
- Executes dropped EXE
PID:588 -
\??\c:\vjvdv.exec:\vjvdv.exe25⤵
- Executes dropped EXE
PID:1832 -
\??\c:\9lfrxxx.exec:\9lfrxxx.exe26⤵
- Executes dropped EXE
PID:1720 -
\??\c:\thnntt.exec:\thnntt.exe27⤵
- Executes dropped EXE
PID:1604 -
\??\c:\vjjdd.exec:\vjjdd.exe28⤵
- Executes dropped EXE
PID:1320 -
\??\c:\9lflllr.exec:\9lflllr.exe29⤵
- Executes dropped EXE
PID:304 -
\??\c:\btbhtn.exec:\btbhtn.exe30⤵
- Executes dropped EXE
PID:2064 -
\??\c:\pddvv.exec:\pddvv.exe31⤵
- Executes dropped EXE
PID:2776 -
\??\c:\jpvpd.exec:\jpvpd.exe32⤵
- Executes dropped EXE
PID:3020 -
\??\c:\fxflllx.exec:\fxflllx.exe33⤵
- Executes dropped EXE
PID:1916 -
\??\c:\tbttbb.exec:\tbttbb.exe34⤵
- Executes dropped EXE
PID:1424 -
\??\c:\pddvv.exec:\pddvv.exe35⤵
- Executes dropped EXE
PID:2208 -
\??\c:\dvddv.exec:\dvddv.exe36⤵
- Executes dropped EXE
PID:1524 -
\??\c:\7lrxxll.exec:\7lrxxll.exe37⤵
- Executes dropped EXE
PID:2448 -
\??\c:\xxrrflf.exec:\xxrrflf.exe38⤵
- Executes dropped EXE
PID:2644 -
\??\c:\bhtttn.exec:\bhtttn.exe39⤵
- Executes dropped EXE
PID:2628 -
\??\c:\vjjdd.exec:\vjjdd.exe40⤵
- Executes dropped EXE
PID:2740 -
\??\c:\jpvjd.exec:\jpvjd.exe41⤵
- Executes dropped EXE
PID:2516 -
\??\c:\1xlflff.exec:\1xlflff.exe42⤵
- Executes dropped EXE
PID:2488 -
\??\c:\5xlffrx.exec:\5xlffrx.exe43⤵
- Executes dropped EXE
PID:2052 -
\??\c:\jjvdd.exec:\jjvdd.exe44⤵
- Executes dropped EXE
PID:2352 -
\??\c:\dvjpp.exec:\dvjpp.exe45⤵
- Executes dropped EXE
PID:2416 -
\??\c:\xlrflrf.exec:\xlrflrf.exe46⤵
- Executes dropped EXE
PID:2812 -
\??\c:\xrlrlrf.exec:\xrlrlrf.exe47⤵
- Executes dropped EXE
PID:640 -
\??\c:\9thtnh.exec:\9thtnh.exe48⤵
- Executes dropped EXE
PID:1356 -
\??\c:\bnhbhb.exec:\bnhbhb.exe49⤵
- Executes dropped EXE
PID:2424 -
\??\c:\ddjvv.exec:\ddjvv.exe50⤵
- Executes dropped EXE
PID:2696 -
\??\c:\fxrxxfl.exec:\fxrxxfl.exe51⤵
- Executes dropped EXE
PID:328 -
\??\c:\lfrxffl.exec:\lfrxffl.exe52⤵
- Executes dropped EXE
PID:1436 -
\??\c:\nhnbhn.exec:\nhnbhn.exe53⤵
- Executes dropped EXE
PID:1212 -
\??\c:\3jdjj.exec:\3jdjj.exe54⤵
- Executes dropped EXE
PID:2132 -
\??\c:\1ddpv.exec:\1ddpv.exe55⤵
- Executes dropped EXE
PID:2100 -
\??\c:\1rfflrf.exec:\1rfflrf.exe56⤵
- Executes dropped EXE
PID:2120 -
\??\c:\fxrxflr.exec:\fxrxflr.exe57⤵
- Executes dropped EXE
PID:2232 -
\??\c:\ttbhnh.exec:\ttbhnh.exe58⤵
- Executes dropped EXE
PID:2720 -
\??\c:\jdvdp.exec:\jdvdp.exe59⤵
- Executes dropped EXE
PID:2036 -
\??\c:\fxxffll.exec:\fxxffll.exe60⤵
- Executes dropped EXE
PID:1688 -
\??\c:\ffrlxff.exec:\ffrlxff.exe61⤵
- Executes dropped EXE
PID:2200 -
\??\c:\thttbh.exec:\thttbh.exe62⤵
- Executes dropped EXE
PID:1896 -
\??\c:\jdpvj.exec:\jdpvj.exe63⤵
- Executes dropped EXE
PID:1364 -
\??\c:\pjdvv.exec:\pjdvv.exe64⤵
- Executes dropped EXE
PID:684 -
\??\c:\frllrxf.exec:\frllrxf.exe65⤵
- Executes dropped EXE
PID:648 -
\??\c:\rlrrrxx.exec:\rlrrrxx.exe66⤵PID:1180
-
\??\c:\bththh.exec:\bththh.exe67⤵PID:1780
-
\??\c:\nhnnhn.exec:\nhnnhn.exe68⤵PID:1248
-
\??\c:\pdpjp.exec:\pdpjp.exe69⤵PID:1132
-
\??\c:\9llrrrx.exec:\9llrrrx.exe70⤵PID:1604
-
\??\c:\rfrxllr.exec:\rfrxllr.exe71⤵PID:2180
-
\??\c:\bthhnn.exec:\bthhnn.exe72⤵PID:956
-
\??\c:\tnbbnn.exec:\tnbbnn.exe73⤵PID:1840
-
\??\c:\pjvjv.exec:\pjvjv.exe74⤵PID:2852
-
\??\c:\1xrrxxf.exec:\1xrrxxf.exe75⤵PID:2156
-
\??\c:\flfxffr.exec:\flfxffr.exe76⤵PID:2872
-
\??\c:\btbbnn.exec:\btbbnn.exe77⤵PID:896
-
\??\c:\bthhnt.exec:\bthhnt.exe78⤵PID:1428
-
\??\c:\pjdvd.exec:\pjdvd.exe79⤵PID:2216
-
\??\c:\xrxxlfl.exec:\xrxxlfl.exe80⤵PID:2836
-
\??\c:\1rxxflx.exec:\1rxxflx.exe81⤵PID:2552
-
\??\c:\bbhthh.exec:\bbhthh.exe82⤵PID:2604
-
\??\c:\3hbhhn.exec:\3hbhhn.exe83⤵PID:2616
-
\??\c:\pjpvv.exec:\pjpvv.exe84⤵PID:2484
-
\??\c:\9vjdj.exec:\9vjdj.exe85⤵PID:2560
-
\??\c:\lflfrlr.exec:\lflfrlr.exe86⤵PID:2524
-
\??\c:\bbnbhh.exec:\bbnbhh.exe87⤵PID:2408
-
\??\c:\bthbnn.exec:\bthbnn.exe88⤵PID:2368
-
\??\c:\5dpdd.exec:\5dpdd.exe89⤵PID:2372
-
\??\c:\rrxxxlx.exec:\rrxxxlx.exe90⤵PID:2416
-
\??\c:\xrflxxf.exec:\xrflxxf.exe91⤵PID:3036
-
\??\c:\bthhnt.exec:\bthhnt.exe92⤵PID:640
-
\??\c:\hnthtb.exec:\hnthtb.exe93⤵PID:2672
-
\??\c:\5vdvj.exec:\5vdvj.exe94⤵PID:800
-
\??\c:\frllrrx.exec:\frllrrx.exe95⤵PID:1124
-
\??\c:\lxlrrrx.exec:\lxlrrrx.exe96⤵PID:280
-
\??\c:\hhnbnt.exec:\hhnbnt.exe97⤵PID:1484
-
\??\c:\tnnnbh.exec:\tnnnbh.exe98⤵PID:1004
-
\??\c:\pjvjv.exec:\pjvjv.exe99⤵PID:2132
-
\??\c:\3vvdd.exec:\3vvdd.exe100⤵PID:2152
-
\??\c:\rxlxffl.exec:\rxlxffl.exe101⤵PID:2016
-
\??\c:\1bbbhb.exec:\1bbbhb.exe102⤵PID:2008
-
\??\c:\hbtthh.exec:\hbtthh.exe103⤵PID:868
-
\??\c:\3dppp.exec:\3dppp.exe104⤵PID:1976
-
\??\c:\jdvdd.exec:\jdvdd.exe105⤵PID:2000
-
\??\c:\rrrllrl.exec:\rrrllrl.exe106⤵PID:1944
-
\??\c:\5ffxlxx.exec:\5ffxlxx.exe107⤵PID:2336
-
\??\c:\9bnntn.exec:\9bnntn.exe108⤵PID:2332
-
\??\c:\1thntt.exec:\1thntt.exe109⤵PID:536
-
\??\c:\3jdjp.exec:\3jdjp.exe110⤵PID:592
-
\??\c:\pjpdd.exec:\pjpdd.exe111⤵PID:1832
-
\??\c:\9frrrrf.exec:\9frrrrf.exe112⤵PID:1128
-
\??\c:\nhntbb.exec:\nhntbb.exe113⤵PID:1460
-
\??\c:\tntbnt.exec:\tntbnt.exe114⤵PID:816
-
\??\c:\pjpvd.exec:\pjpvd.exe115⤵PID:1604
-
\??\c:\9vjjv.exec:\9vjjv.exe116⤵PID:880
-
\??\c:\3xlrrlr.exec:\3xlrrlr.exe117⤵PID:3068
-
\??\c:\tnbhhh.exec:\tnbhhh.exe118⤵PID:1948
-
\??\c:\nhttbt.exec:\nhttbt.exe119⤵PID:1664
-
\??\c:\dvpjj.exec:\dvpjj.exe120⤵PID:2308
-
\??\c:\rrllfxr.exec:\rrllfxr.exe121⤵PID:1468
-
\??\c:\lrfxxfl.exec:\lrfxxfl.exe122⤵PID:1904
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-