Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
12-06-2024 06:14
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
eafd5d60ee3814d89231114c995ff23a6fbf254e9646dba612bd556842158f30.exe
Resource
win7-20240611-en
windows7-x64
6 signatures
150 seconds
General
-
Target
eafd5d60ee3814d89231114c995ff23a6fbf254e9646dba612bd556842158f30.exe
-
Size
83KB
-
MD5
28bf184021871f69603c2203842cb27f
-
SHA1
74952714a78d9dedcf5038f9e6f6def10fb41d26
-
SHA256
eafd5d60ee3814d89231114c995ff23a6fbf254e9646dba612bd556842158f30
-
SHA512
a4324340e349aea6a0c6764824b2de0d9691436cc1f483fbb93d44b0a31cb5534a16e1a1edcb7201070b295dad8f49367d320948e47ac95d9c4cb1c25d7c2fff
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDo73yqKH/KjvHo+WdNc:ymb3NkkiQ3mdBjFo73yX+vI+qW
Malware Config
Signatures
-
Detect Blackmoon payload 24 IoCs
resource yara_rule behavioral1/memory/2204-15-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2228-11-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1328-25-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2644-35-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2736-54-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2092-63-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2092-62-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2564-67-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1652-82-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1652-84-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2616-88-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2408-103-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2292-130-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1612-148-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2112-161-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/668-168-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1904-178-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1496-231-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1560-249-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/352-240-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1832-258-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1044-267-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2512-276-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1168-294-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 26 IoCs
resource yara_rule behavioral1/memory/2228-3-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2204-15-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2228-11-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1328-25-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2644-35-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2736-44-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2736-45-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2736-43-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2736-54-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2092-62-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2564-67-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1652-82-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2616-88-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2408-103-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2292-130-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1612-148-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2112-161-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/668-168-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1904-178-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1496-231-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1560-249-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/352-240-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1832-258-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1044-267-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2512-276-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1168-294-0x0000000000400000-0x0000000000429000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
pid Process 2204 hbhhnh.exe 1328 1djdd.exe 2644 jvvjd.exe 2736 xlrlxlr.exe 2092 nbnnnt.exe 2564 jvvpp.exe 1652 ddpjj.exe 2616 9lxlllf.exe 2408 bntthb.exe 2900 hthbhh.exe 2944 vjpdj.exe 2292 rlrxffl.exe 2176 frxrrrr.exe 1612 bnbhhh.exe 2820 3thbhh.exe 2112 vjvvv.exe 668 vjvvv.exe 1904 fffllll.exe 2120 xxfxrrx.exe 2068 tthtbh.exe 2060 djppd.exe 2184 vpvvd.exe 2260 3rllrfr.exe 1496 fxrlrrl.exe 352 ttnnbh.exe 1560 1dvjp.exe 1832 vpjdj.exe 1044 9xxrxxf.exe 2512 9btbnn.exe 1908 jvddj.exe 1168 jddvp.exe 1700 3frlrlx.exe 1768 bttnhb.exe 1816 7nbbbh.exe 2376 dvdpp.exe 2680 jvdpv.exe 1732 rflxfrx.exe 2768 tnbnhn.exe 2772 1hntbh.exe 2792 vpvdj.exe 2760 jdjpp.exe 2584 rrfrrlr.exe 2564 rrxlrfl.exe 1652 tnbtbt.exe 3060 1dvvd.exe 1532 ddddv.exe 2408 rfxrrlr.exe 2880 7llxrxx.exe 2276 thnntn.exe 1684 nhtttt.exe 1836 9jpvd.exe 1076 9jvvp.exe 1612 5lrrlfr.exe 2868 fllxfxl.exe 536 nbhnhb.exe 484 hntbbh.exe 1680 7hnntt.exe 2124 7lxlrxf.exe 1736 7frrxrf.exe 2520 btbnbh.exe 2300 nnnbnt.exe 1108 jpjpj.exe 1164 pjvvv.exe 2372 3vjjv.exe -
resource yara_rule behavioral1/memory/2228-3-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2204-15-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2228-11-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1328-25-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2644-35-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2736-44-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2736-45-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2736-43-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2736-54-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2092-62-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2564-67-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1652-82-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2616-88-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2408-103-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2292-130-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1612-148-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2112-161-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/668-168-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1904-178-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1496-231-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1560-249-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/352-240-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1832-258-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1044-267-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2512-276-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1168-294-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2228 wrote to memory of 2204 2228 eafd5d60ee3814d89231114c995ff23a6fbf254e9646dba612bd556842158f30.exe 28 PID 2228 wrote to memory of 2204 2228 eafd5d60ee3814d89231114c995ff23a6fbf254e9646dba612bd556842158f30.exe 28 PID 2228 wrote to memory of 2204 2228 eafd5d60ee3814d89231114c995ff23a6fbf254e9646dba612bd556842158f30.exe 28 PID 2228 wrote to memory of 2204 2228 eafd5d60ee3814d89231114c995ff23a6fbf254e9646dba612bd556842158f30.exe 28 PID 2204 wrote to memory of 1328 2204 hbhhnh.exe 29 PID 2204 wrote to memory of 1328 2204 hbhhnh.exe 29 PID 2204 wrote to memory of 1328 2204 hbhhnh.exe 29 PID 2204 wrote to memory of 1328 2204 hbhhnh.exe 29 PID 1328 wrote to memory of 2644 1328 1djdd.exe 30 PID 1328 wrote to memory of 2644 1328 1djdd.exe 30 PID 1328 wrote to memory of 2644 1328 1djdd.exe 30 PID 1328 wrote to memory of 2644 1328 1djdd.exe 30 PID 2644 wrote to memory of 2736 2644 jvvjd.exe 31 PID 2644 wrote to memory of 2736 2644 jvvjd.exe 31 PID 2644 wrote to memory of 2736 2644 jvvjd.exe 31 PID 2644 wrote to memory of 2736 2644 jvvjd.exe 31 PID 2736 wrote to memory of 2092 2736 xlrlxlr.exe 32 PID 2736 wrote to memory of 2092 2736 xlrlxlr.exe 32 PID 2736 wrote to memory of 2092 2736 xlrlxlr.exe 32 PID 2736 wrote to memory of 2092 2736 xlrlxlr.exe 32 PID 2092 wrote to memory of 2564 2092 nbnnnt.exe 33 PID 2092 wrote to memory of 2564 2092 nbnnnt.exe 33 PID 2092 wrote to memory of 2564 2092 nbnnnt.exe 33 PID 2092 wrote to memory of 2564 2092 nbnnnt.exe 33 PID 2564 wrote to memory of 1652 2564 jvvpp.exe 34 PID 2564 wrote to memory of 1652 2564 jvvpp.exe 34 PID 2564 wrote to memory of 1652 2564 jvvpp.exe 34 PID 2564 wrote to memory of 1652 2564 jvvpp.exe 34 PID 1652 wrote to memory of 2616 1652 ddpjj.exe 35 PID 1652 wrote to memory of 2616 1652 ddpjj.exe 35 PID 1652 wrote to memory of 2616 1652 ddpjj.exe 35 PID 1652 wrote to memory of 2616 1652 ddpjj.exe 35 PID 2616 wrote to memory of 2408 2616 9lxlllf.exe 36 PID 2616 wrote to memory of 2408 2616 9lxlllf.exe 36 PID 2616 wrote to memory of 2408 2616 9lxlllf.exe 36 PID 2616 wrote to memory of 2408 2616 9lxlllf.exe 36 PID 2408 wrote to memory of 2900 2408 bntthb.exe 37 PID 2408 wrote to memory of 2900 2408 bntthb.exe 37 PID 2408 wrote to memory of 2900 2408 bntthb.exe 37 PID 2408 wrote to memory of 2900 2408 bntthb.exe 37 PID 2900 wrote to memory of 2944 2900 hthbhh.exe 38 PID 2900 wrote to memory of 2944 2900 hthbhh.exe 38 PID 2900 wrote to memory of 2944 2900 hthbhh.exe 38 PID 2900 wrote to memory of 2944 2900 hthbhh.exe 38 PID 2944 wrote to memory of 2292 2944 vjpdj.exe 39 PID 2944 wrote to memory of 2292 2944 vjpdj.exe 39 PID 2944 wrote to memory of 2292 2944 vjpdj.exe 39 PID 2944 wrote to memory of 2292 2944 vjpdj.exe 39 PID 2292 wrote to memory of 2176 2292 rlrxffl.exe 40 PID 2292 wrote to memory of 2176 2292 rlrxffl.exe 40 PID 2292 wrote to memory of 2176 2292 rlrxffl.exe 40 PID 2292 wrote to memory of 2176 2292 rlrxffl.exe 40 PID 2176 wrote to memory of 1612 2176 frxrrrr.exe 41 PID 2176 wrote to memory of 1612 2176 frxrrrr.exe 41 PID 2176 wrote to memory of 1612 2176 frxrrrr.exe 41 PID 2176 wrote to memory of 1612 2176 frxrrrr.exe 41 PID 1612 wrote to memory of 2820 1612 bnbhhh.exe 42 PID 1612 wrote to memory of 2820 1612 bnbhhh.exe 42 PID 1612 wrote to memory of 2820 1612 bnbhhh.exe 42 PID 1612 wrote to memory of 2820 1612 bnbhhh.exe 42 PID 2820 wrote to memory of 2112 2820 3thbhh.exe 43 PID 2820 wrote to memory of 2112 2820 3thbhh.exe 43 PID 2820 wrote to memory of 2112 2820 3thbhh.exe 43 PID 2820 wrote to memory of 2112 2820 3thbhh.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\eafd5d60ee3814d89231114c995ff23a6fbf254e9646dba612bd556842158f30.exe"C:\Users\Admin\AppData\Local\Temp\eafd5d60ee3814d89231114c995ff23a6fbf254e9646dba612bd556842158f30.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2228 -
\??\c:\hbhhnh.exec:\hbhhnh.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2204 -
\??\c:\1djdd.exec:\1djdd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1328 -
\??\c:\jvvjd.exec:\jvvjd.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2644 -
\??\c:\xlrlxlr.exec:\xlrlxlr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2736 -
\??\c:\nbnnnt.exec:\nbnnnt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2092 -
\??\c:\jvvpp.exec:\jvvpp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2564 -
\??\c:\ddpjj.exec:\ddpjj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1652 -
\??\c:\9lxlllf.exec:\9lxlllf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2616 -
\??\c:\bntthb.exec:\bntthb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2408 -
\??\c:\hthbhh.exec:\hthbhh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2900 -
\??\c:\vjpdj.exec:\vjpdj.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2944 -
\??\c:\rlrxffl.exec:\rlrxffl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2292 -
\??\c:\frxrrrr.exec:\frxrrrr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2176 -
\??\c:\bnbhhh.exec:\bnbhhh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1612 -
\??\c:\3thbhh.exec:\3thbhh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2820 -
\??\c:\vjvvv.exec:\vjvvv.exe17⤵
- Executes dropped EXE
PID:2112 -
\??\c:\vjvvv.exec:\vjvvv.exe18⤵
- Executes dropped EXE
PID:668 -
\??\c:\fffllll.exec:\fffllll.exe19⤵
- Executes dropped EXE
PID:1904 -
\??\c:\xxfxrrx.exec:\xxfxrrx.exe20⤵
- Executes dropped EXE
PID:2120 -
\??\c:\tthtbh.exec:\tthtbh.exe21⤵
- Executes dropped EXE
PID:2068 -
\??\c:\djppd.exec:\djppd.exe22⤵
- Executes dropped EXE
PID:2060 -
\??\c:\vpvvd.exec:\vpvvd.exe23⤵
- Executes dropped EXE
PID:2184 -
\??\c:\3rllrfr.exec:\3rllrfr.exe24⤵
- Executes dropped EXE
PID:2260 -
\??\c:\fxrlrrl.exec:\fxrlrrl.exe25⤵
- Executes dropped EXE
PID:1496 -
\??\c:\ttnnbh.exec:\ttnnbh.exe26⤵
- Executes dropped EXE
PID:352 -
\??\c:\1dvjp.exec:\1dvjp.exe27⤵
- Executes dropped EXE
PID:1560 -
\??\c:\vpjdj.exec:\vpjdj.exe28⤵
- Executes dropped EXE
PID:1832 -
\??\c:\9xxrxxf.exec:\9xxrxxf.exe29⤵
- Executes dropped EXE
PID:1044 -
\??\c:\9btbnn.exec:\9btbnn.exe30⤵
- Executes dropped EXE
PID:2512 -
\??\c:\jvddj.exec:\jvddj.exe31⤵
- Executes dropped EXE
PID:1908 -
\??\c:\jddvp.exec:\jddvp.exe32⤵
- Executes dropped EXE
PID:1168 -
\??\c:\3frlrlx.exec:\3frlrlx.exe33⤵
- Executes dropped EXE
PID:1700 -
\??\c:\bttnhb.exec:\bttnhb.exe34⤵
- Executes dropped EXE
PID:1768 -
\??\c:\7nbbbh.exec:\7nbbbh.exe35⤵
- Executes dropped EXE
PID:1816 -
\??\c:\dvdpp.exec:\dvdpp.exe36⤵
- Executes dropped EXE
PID:2376 -
\??\c:\jvdpv.exec:\jvdpv.exe37⤵
- Executes dropped EXE
PID:2680 -
\??\c:\rflxfrx.exec:\rflxfrx.exe38⤵
- Executes dropped EXE
PID:1732 -
\??\c:\tnbnhn.exec:\tnbnhn.exe39⤵
- Executes dropped EXE
PID:2768 -
\??\c:\1hntbh.exec:\1hntbh.exe40⤵
- Executes dropped EXE
PID:2772 -
\??\c:\vpvdj.exec:\vpvdj.exe41⤵
- Executes dropped EXE
PID:2792 -
\??\c:\jdjpp.exec:\jdjpp.exe42⤵
- Executes dropped EXE
PID:2760 -
\??\c:\rrfrrlr.exec:\rrfrrlr.exe43⤵
- Executes dropped EXE
PID:2584 -
\??\c:\rrxlrfl.exec:\rrxlrfl.exe44⤵
- Executes dropped EXE
PID:2564 -
\??\c:\tnbtbt.exec:\tnbtbt.exe45⤵
- Executes dropped EXE
PID:1652 -
\??\c:\1dvvd.exec:\1dvvd.exe46⤵
- Executes dropped EXE
PID:3060 -
\??\c:\ddddv.exec:\ddddv.exe47⤵
- Executes dropped EXE
PID:1532 -
\??\c:\rfxrrlr.exec:\rfxrrlr.exe48⤵
- Executes dropped EXE
PID:2408 -
\??\c:\7llxrxx.exec:\7llxrxx.exe49⤵
- Executes dropped EXE
PID:2880 -
\??\c:\thnntn.exec:\thnntn.exe50⤵
- Executes dropped EXE
PID:2276 -
\??\c:\nhtttt.exec:\nhtttt.exe51⤵
- Executes dropped EXE
PID:1684 -
\??\c:\9jpvd.exec:\9jpvd.exe52⤵
- Executes dropped EXE
PID:1836 -
\??\c:\9jvvp.exec:\9jvvp.exe53⤵
- Executes dropped EXE
PID:1076 -
\??\c:\5lrrlfr.exec:\5lrrlfr.exe54⤵
- Executes dropped EXE
PID:1612 -
\??\c:\fllxfxl.exec:\fllxfxl.exe55⤵
- Executes dropped EXE
PID:2868 -
\??\c:\nbhnhb.exec:\nbhnhb.exe56⤵
- Executes dropped EXE
PID:536 -
\??\c:\hntbbh.exec:\hntbbh.exe57⤵
- Executes dropped EXE
PID:484 -
\??\c:\7hnntt.exec:\7hnntt.exe58⤵
- Executes dropped EXE
PID:1680 -
\??\c:\7lxlrxf.exec:\7lxlrxf.exe59⤵
- Executes dropped EXE
PID:2124 -
\??\c:\7frrxrf.exec:\7frrxrf.exe60⤵
- Executes dropped EXE
PID:1736 -
\??\c:\btbnbh.exec:\btbnbh.exe61⤵
- Executes dropped EXE
PID:2520 -
\??\c:\nnnbnt.exec:\nnnbnt.exe62⤵
- Executes dropped EXE
PID:2300 -
\??\c:\jpjpj.exec:\jpjpj.exe63⤵
- Executes dropped EXE
PID:1108 -
\??\c:\pjvvv.exec:\pjvvv.exe64⤵
- Executes dropped EXE
PID:1164 -
\??\c:\3vjjv.exec:\3vjjv.exe65⤵
- Executes dropped EXE
PID:2372 -
\??\c:\flxfxlr.exec:\flxfxlr.exe66⤵PID:844
-
\??\c:\llrflxl.exec:\llrflxl.exe67⤵PID:2928
-
\??\c:\hbtbbb.exec:\hbtbbb.exe68⤵PID:964
-
\??\c:\tnnttn.exec:\tnnttn.exe69⤵PID:1832
-
\??\c:\pvpvj.exec:\pvpvj.exe70⤵PID:2328
-
\??\c:\dvpjv.exec:\dvpjv.exe71⤵PID:3028
-
\??\c:\pvjdj.exec:\pvjdj.exe72⤵PID:772
-
\??\c:\7lffrxl.exec:\7lffrxl.exe73⤵PID:1908
-
\??\c:\rfxlllx.exec:\rfxlllx.exe74⤵PID:2368
-
\??\c:\nnhbnt.exec:\nnhbnt.exe75⤵PID:1720
-
\??\c:\tttthh.exec:\tttthh.exe76⤵PID:1176
-
\??\c:\vpdvp.exec:\vpdvp.exe77⤵PID:1404
-
\??\c:\ppvdj.exec:\ppvdj.exe78⤵PID:2648
-
\??\c:\ddpdp.exec:\ddpdp.exe79⤵PID:1604
-
\??\c:\xrxfllf.exec:\xrxfllf.exe80⤵PID:2688
-
\??\c:\5ffrflr.exec:\5ffrflr.exe81⤵PID:2684
-
\??\c:\htnhbb.exec:\htnhbb.exe82⤵PID:2808
-
\??\c:\9bnnnn.exec:\9bnnnn.exe83⤵PID:2940
-
\??\c:\jjvdp.exec:\jjvdp.exe84⤵PID:2568
-
\??\c:\1jpvd.exec:\1jpvd.exe85⤵PID:2544
-
\??\c:\frlxfxx.exec:\frlxfxx.exe86⤵PID:2604
-
\??\c:\ffrxxxf.exec:\ffrxxxf.exe87⤵PID:2592
-
\??\c:\bthtnb.exec:\bthtnb.exe88⤵PID:2100
-
\??\c:\3nhhht.exec:\3nhhht.exe89⤵PID:2892
-
\??\c:\dddvd.exec:\dddvd.exe90⤵PID:2728
-
\??\c:\pdvpv.exec:\pdvpv.exe91⤵PID:3048
-
\??\c:\ppjpp.exec:\ppjpp.exe92⤵PID:2900
-
\??\c:\9xrrflx.exec:\9xrrflx.exe93⤵PID:2840
-
\??\c:\nbnbbn.exec:\nbnbbn.exe94⤵PID:560
-
\??\c:\hhbnnn.exec:\hhbnnn.exe95⤵PID:1772
-
\??\c:\vpjvv.exec:\vpjvv.exe96⤵PID:1132
-
\??\c:\pjdpd.exec:\pjdpd.exe97⤵PID:2856
-
\??\c:\dvdjd.exec:\dvdjd.exe98⤵PID:572
-
\??\c:\xrfxxxl.exec:\xrfxxxl.exe99⤵PID:940
-
\??\c:\xrrrllx.exec:\xrrrllx.exe100⤵PID:1576
-
\??\c:\1ntbnt.exec:\1ntbnt.exe101⤵PID:2004
-
\??\c:\nhbhnn.exec:\nhbhnn.exe102⤵PID:2072
-
\??\c:\1pdvj.exec:\1pdvj.exe103⤵PID:2064
-
\??\c:\vpvdp.exec:\vpvdp.exe104⤵PID:1384
-
\??\c:\9lxxflx.exec:\9lxxflx.exe105⤵PID:112
-
\??\c:\9rfxxfr.exec:\9rfxxfr.exe106⤵PID:1624
-
\??\c:\ttbhtt.exec:\ttbhtt.exe107⤵PID:1496
-
\??\c:\5bhthh.exec:\5bhthh.exe108⤵PID:1708
-
\??\c:\bthhtt.exec:\bthhtt.exe109⤵PID:1552
-
\??\c:\jpjdv.exec:\jpjdv.exe110⤵PID:2232
-
\??\c:\pjpjv.exec:\pjpjv.exe111⤵PID:960
-
\??\c:\xrlxlxl.exec:\xrlxlxl.exe112⤵PID:1712
-
\??\c:\xxrxxxf.exec:\xxrxxxf.exe113⤵PID:2512
-
\??\c:\hthttn.exec:\hthttn.exe114⤵PID:400
-
\??\c:\1thntb.exec:\1thntb.exe115⤵PID:860
-
\??\c:\pjppv.exec:\pjppv.exe116⤵PID:2436
-
\??\c:\jdppv.exec:\jdppv.exe117⤵PID:2008
-
\??\c:\flfllrl.exec:\flfllrl.exe118⤵PID:1364
-
\??\c:\llfrxlr.exec:\llfrxlr.exe119⤵PID:2440
-
\??\c:\hbbntt.exec:\hbbntt.exe120⤵PID:2356
-
\??\c:\bnbhnn.exec:\bnbhnn.exe121⤵PID:1900
-
\??\c:\5pjvv.exec:\5pjvv.exe122⤵PID:1732
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-