Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
21-06-2024 04:48
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
e676e393876e15951962248430ea1cdc5092bc9cbe2a1d1e188fb150bde0a665.exe
Resource
win7-20240508-en
6 signatures
150 seconds
General
-
Target
e676e393876e15951962248430ea1cdc5092bc9cbe2a1d1e188fb150bde0a665.exe
-
Size
267KB
-
MD5
6af7547be49d20a40ddc0333be383ce6
-
SHA1
5a5ef6233eab0fc6238932e709bd2d3e817ff609
-
SHA256
e676e393876e15951962248430ea1cdc5092bc9cbe2a1d1e188fb150bde0a665
-
SHA512
6c135b6439be834aa636ea5a5e1a7b13dbc821e45934b91151c4fa705913a1f3843833d91d02718f1d4af81a21033cde43ae4e7fc52e4c9cad0fd1acbea3ea7a
-
SSDEEP
3072:ymb3NkkiQ3mdBjFIi/0RU6QeYQsm71vPmPzTkV2y/QTa9RBZydZbf83pnzgmmIMY:n3C9BRIG0asYFm71mPfkVB8dKwaWo
Malware Config
Signatures
-
Detect Blackmoon payload 22 IoCs
Processes:
resource yara_rule behavioral1/memory/2976-4-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2848-20-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2848-18-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/3044-25-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2724-34-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2464-44-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2712-54-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2468-72-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2996-83-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1484-98-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2524-106-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2784-116-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1580-124-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/316-134-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/276-142-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2344-160-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2812-188-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1692-214-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1844-223-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1460-241-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1520-250-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2428-277-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
UPX dump on OEP (original entry point) 21 IoCs
Processes:
resource yara_rule behavioral1/memory/2976-4-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2848-18-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/3044-25-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2724-34-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2464-44-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2712-54-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2468-72-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2996-83-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1484-98-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2524-106-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2784-116-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1580-124-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/316-134-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/276-142-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2344-160-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2812-188-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1692-214-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1844-223-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1460-241-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/1520-250-0x0000000000400000-0x0000000000429000-memory.dmp UPX behavioral1/memory/2428-277-0x0000000000400000-0x0000000000429000-memory.dmp UPX -
Executes dropped EXE 64 IoCs
Processes:
vvjpj.exe9nbhnh.exehhbbbt.exe5frffrr.exellxfllx.exejdvpd.exefrflxxf.exenhhntt.exe5djvd.exexrrrxxl.exefflxlrf.exe3jdjv.exe9lffffr.exe5hhntn.exepdpjp.exerfrfllx.exe1bttbt.exe5dvjp.exexlrxlfl.exebtnnnt.exevpjvj.exe7lfxffl.exe5nnbbn.exevpddd.exerfrxxxf.exe9hntbb.exedjjdp.exefllfflf.exehtnthb.exe3vppj.exexlrrrll.exe3btbnn.exejdvvd.exerxflllx.exebtnbtb.exetthtnh.exeppjdd.exejvddp.exerlxrxxf.exetnhthh.exenhhhnh.exepdpdj.exe5rffrlr.exexlfrxfl.exe1nntnb.exenhbntt.exedvdvp.exelxrrffl.exe9rlrrff.exehthntb.exebnbhhh.exe3vjdj.exeddpdp.exexrlxffl.exelfrfrrr.exenhhntb.exehbnhnt.exepjppv.exelfflrxx.exexrflfxl.exenhttbb.exehbbhhb.exevpvdj.exe3jdjv.exepid process 2848 vvjpj.exe 3044 9nbhnh.exe 2724 hhbbbt.exe 2464 5frffrr.exe 2712 llxfllx.exe 2668 jdvpd.exe 2468 frflxxf.exe 2996 nhhntt.exe 1484 5djvd.exe 2524 xrrrxxl.exe 2784 fflxlrf.exe 1580 3jdjv.exe 316 9lffffr.exe 276 5hhntn.exe 2176 pdpjp.exe 2344 rfrfllx.exe 780 1bttbt.exe 2020 5dvjp.exe 2812 xlrxlfl.exe 2060 btnnnt.exe 2200 vpjvj.exe 1692 7lfxffl.exe 1844 5nnbbn.exe 2892 vpddd.exe 1460 rfrxxxf.exe 1520 9hntbb.exe 1660 djjdp.exe 2296 fllfflf.exe 2428 htnthb.exe 564 3vppj.exe 1888 xlrrrll.exe 2368 3btbnn.exe 1848 jdvvd.exe 2848 rxflllx.exe 2564 btnbtb.exe 2936 tthtnh.exe 1920 ppjdd.exe 2304 jvddp.exe 2580 rlxrxxf.exe 2740 tnhthh.exe 2504 nhhhnh.exe 2452 pdpdj.exe 2528 5rffrlr.exe 2944 xlfrxfl.exe 1232 1nntnb.exe 2544 nhbntt.exe 2772 dvdvp.exe 1544 lxrrffl.exe 772 9rlrrff.exe 1664 hthntb.exe 1516 bnbhhh.exe 2160 3vjdj.exe 1328 ddpdp.exe 692 xrlxffl.exe 604 lfrfrrr.exe 1860 nhhntb.exe 2020 hbnhnt.exe 2836 pjppv.exe 2260 lfflrxx.exe 1928 xrflfxl.exe 2644 nhttbb.exe 2416 hbbhhb.exe 2412 vpvdj.exe 884 3jdjv.exe -
Processes:
resource yara_rule behavioral1/memory/2976-4-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2848-18-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/3044-25-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2724-34-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2464-44-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2712-54-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2468-72-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2996-83-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1484-98-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2524-106-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2784-116-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1580-124-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/316-134-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/276-142-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2344-160-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2812-188-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1692-214-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1844-223-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1460-241-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1520-250-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2428-277-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
e676e393876e15951962248430ea1cdc5092bc9cbe2a1d1e188fb150bde0a665.exevvjpj.exe9nbhnh.exehhbbbt.exe5frffrr.exellxfllx.exejdvpd.exefrflxxf.exenhhntt.exe5djvd.exexrrrxxl.exefflxlrf.exe3jdjv.exe9lffffr.exe5hhntn.exepdpjp.exedescription pid process target process PID 2976 wrote to memory of 2848 2976 e676e393876e15951962248430ea1cdc5092bc9cbe2a1d1e188fb150bde0a665.exe vvjpj.exe PID 2976 wrote to memory of 2848 2976 e676e393876e15951962248430ea1cdc5092bc9cbe2a1d1e188fb150bde0a665.exe vvjpj.exe PID 2976 wrote to memory of 2848 2976 e676e393876e15951962248430ea1cdc5092bc9cbe2a1d1e188fb150bde0a665.exe vvjpj.exe PID 2976 wrote to memory of 2848 2976 e676e393876e15951962248430ea1cdc5092bc9cbe2a1d1e188fb150bde0a665.exe vvjpj.exe PID 2848 wrote to memory of 3044 2848 vvjpj.exe 9nbhnh.exe PID 2848 wrote to memory of 3044 2848 vvjpj.exe 9nbhnh.exe PID 2848 wrote to memory of 3044 2848 vvjpj.exe 9nbhnh.exe PID 2848 wrote to memory of 3044 2848 vvjpj.exe 9nbhnh.exe PID 3044 wrote to memory of 2724 3044 9nbhnh.exe hhbbbt.exe PID 3044 wrote to memory of 2724 3044 9nbhnh.exe hhbbbt.exe PID 3044 wrote to memory of 2724 3044 9nbhnh.exe hhbbbt.exe PID 3044 wrote to memory of 2724 3044 9nbhnh.exe hhbbbt.exe PID 2724 wrote to memory of 2464 2724 hhbbbt.exe 5frffrr.exe PID 2724 wrote to memory of 2464 2724 hhbbbt.exe 5frffrr.exe PID 2724 wrote to memory of 2464 2724 hhbbbt.exe 5frffrr.exe PID 2724 wrote to memory of 2464 2724 hhbbbt.exe 5frffrr.exe PID 2464 wrote to memory of 2712 2464 5frffrr.exe llxfllx.exe PID 2464 wrote to memory of 2712 2464 5frffrr.exe llxfllx.exe PID 2464 wrote to memory of 2712 2464 5frffrr.exe llxfllx.exe PID 2464 wrote to memory of 2712 2464 5frffrr.exe llxfllx.exe PID 2712 wrote to memory of 2668 2712 llxfllx.exe jdvpd.exe PID 2712 wrote to memory of 2668 2712 llxfllx.exe jdvpd.exe PID 2712 wrote to memory of 2668 2712 llxfllx.exe jdvpd.exe PID 2712 wrote to memory of 2668 2712 llxfllx.exe jdvpd.exe PID 2668 wrote to memory of 2468 2668 jdvpd.exe frflxxf.exe PID 2668 wrote to memory of 2468 2668 jdvpd.exe frflxxf.exe PID 2668 wrote to memory of 2468 2668 jdvpd.exe frflxxf.exe PID 2668 wrote to memory of 2468 2668 jdvpd.exe frflxxf.exe PID 2468 wrote to memory of 2996 2468 frflxxf.exe nhhntt.exe PID 2468 wrote to memory of 2996 2468 frflxxf.exe nhhntt.exe PID 2468 wrote to memory of 2996 2468 frflxxf.exe nhhntt.exe PID 2468 wrote to memory of 2996 2468 frflxxf.exe nhhntt.exe PID 2996 wrote to memory of 1484 2996 nhhntt.exe 5djvd.exe PID 2996 wrote to memory of 1484 2996 nhhntt.exe 5djvd.exe PID 2996 wrote to memory of 1484 2996 nhhntt.exe 5djvd.exe PID 2996 wrote to memory of 1484 2996 nhhntt.exe 5djvd.exe PID 1484 wrote to memory of 2524 1484 5djvd.exe xrrrxxl.exe PID 1484 wrote to memory of 2524 1484 5djvd.exe xrrrxxl.exe PID 1484 wrote to memory of 2524 1484 5djvd.exe xrrrxxl.exe PID 1484 wrote to memory of 2524 1484 5djvd.exe xrrrxxl.exe PID 2524 wrote to memory of 2784 2524 xrrrxxl.exe fflxlrf.exe PID 2524 wrote to memory of 2784 2524 xrrrxxl.exe fflxlrf.exe PID 2524 wrote to memory of 2784 2524 xrrrxxl.exe fflxlrf.exe PID 2524 wrote to memory of 2784 2524 xrrrxxl.exe fflxlrf.exe PID 2784 wrote to memory of 1580 2784 fflxlrf.exe 3jdjv.exe PID 2784 wrote to memory of 1580 2784 fflxlrf.exe 3jdjv.exe PID 2784 wrote to memory of 1580 2784 fflxlrf.exe 3jdjv.exe PID 2784 wrote to memory of 1580 2784 fflxlrf.exe 3jdjv.exe PID 1580 wrote to memory of 316 1580 3jdjv.exe 9lffffr.exe PID 1580 wrote to memory of 316 1580 3jdjv.exe 9lffffr.exe PID 1580 wrote to memory of 316 1580 3jdjv.exe 9lffffr.exe PID 1580 wrote to memory of 316 1580 3jdjv.exe 9lffffr.exe PID 316 wrote to memory of 276 316 9lffffr.exe 5hhntn.exe PID 316 wrote to memory of 276 316 9lffffr.exe 5hhntn.exe PID 316 wrote to memory of 276 316 9lffffr.exe 5hhntn.exe PID 316 wrote to memory of 276 316 9lffffr.exe 5hhntn.exe PID 276 wrote to memory of 2176 276 5hhntn.exe pdpjp.exe PID 276 wrote to memory of 2176 276 5hhntn.exe pdpjp.exe PID 276 wrote to memory of 2176 276 5hhntn.exe pdpjp.exe PID 276 wrote to memory of 2176 276 5hhntn.exe pdpjp.exe PID 2176 wrote to memory of 2344 2176 pdpjp.exe rfrfllx.exe PID 2176 wrote to memory of 2344 2176 pdpjp.exe rfrfllx.exe PID 2176 wrote to memory of 2344 2176 pdpjp.exe rfrfllx.exe PID 2176 wrote to memory of 2344 2176 pdpjp.exe rfrfllx.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\e676e393876e15951962248430ea1cdc5092bc9cbe2a1d1e188fb150bde0a665.exe"C:\Users\Admin\AppData\Local\Temp\e676e393876e15951962248430ea1cdc5092bc9cbe2a1d1e188fb150bde0a665.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2976 -
\??\c:\vvjpj.exec:\vvjpj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2848 -
\??\c:\9nbhnh.exec:\9nbhnh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3044 -
\??\c:\hhbbbt.exec:\hhbbbt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2724 -
\??\c:\5frffrr.exec:\5frffrr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2464 -
\??\c:\llxfllx.exec:\llxfllx.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2712 -
\??\c:\jdvpd.exec:\jdvpd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2668 -
\??\c:\frflxxf.exec:\frflxxf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2468 -
\??\c:\nhhntt.exec:\nhhntt.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2996 -
\??\c:\5djvd.exec:\5djvd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1484 -
\??\c:\xrrrxxl.exec:\xrrrxxl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2524 -
\??\c:\fflxlrf.exec:\fflxlrf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2784 -
\??\c:\3jdjv.exec:\3jdjv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1580 -
\??\c:\9lffffr.exec:\9lffffr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:316 -
\??\c:\5hhntn.exec:\5hhntn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:276 -
\??\c:\pdpjp.exec:\pdpjp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2176 -
\??\c:\rfrfllx.exec:\rfrfllx.exe17⤵
- Executes dropped EXE
PID:2344 -
\??\c:\1bttbt.exec:\1bttbt.exe18⤵
- Executes dropped EXE
PID:780 -
\??\c:\5dvjp.exec:\5dvjp.exe19⤵
- Executes dropped EXE
PID:2020 -
\??\c:\xlrxlfl.exec:\xlrxlfl.exe20⤵
- Executes dropped EXE
PID:2812 -
\??\c:\btnnnt.exec:\btnnnt.exe21⤵
- Executes dropped EXE
PID:2060 -
\??\c:\vpjvj.exec:\vpjvj.exe22⤵
- Executes dropped EXE
PID:2200 -
\??\c:\7lfxffl.exec:\7lfxffl.exe23⤵
- Executes dropped EXE
PID:1692 -
\??\c:\5nnbbn.exec:\5nnbbn.exe24⤵
- Executes dropped EXE
PID:1844 -
\??\c:\vpddd.exec:\vpddd.exe25⤵
- Executes dropped EXE
PID:2892 -
\??\c:\rfrxxxf.exec:\rfrxxxf.exe26⤵
- Executes dropped EXE
PID:1460 -
\??\c:\9hntbb.exec:\9hntbb.exe27⤵
- Executes dropped EXE
PID:1520 -
\??\c:\djjdp.exec:\djjdp.exe28⤵
- Executes dropped EXE
PID:1660 -
\??\c:\fllfflf.exec:\fllfflf.exe29⤵
- Executes dropped EXE
PID:2296 -
\??\c:\htnthb.exec:\htnthb.exe30⤵
- Executes dropped EXE
PID:2428 -
\??\c:\3vppj.exec:\3vppj.exe31⤵
- Executes dropped EXE
PID:564 -
\??\c:\xlrrrll.exec:\xlrrrll.exe32⤵
- Executes dropped EXE
PID:1888 -
\??\c:\3btbnn.exec:\3btbnn.exe33⤵
- Executes dropped EXE
PID:2368 -
\??\c:\jdvvd.exec:\jdvvd.exe34⤵
- Executes dropped EXE
PID:1848 -
\??\c:\rxflllx.exec:\rxflllx.exe35⤵
- Executes dropped EXE
PID:2848 -
\??\c:\btnbtb.exec:\btnbtb.exe36⤵
- Executes dropped EXE
PID:2564 -
\??\c:\tthtnh.exec:\tthtnh.exe37⤵
- Executes dropped EXE
PID:2936 -
\??\c:\ppjdd.exec:\ppjdd.exe38⤵
- Executes dropped EXE
PID:1920 -
\??\c:\jvddp.exec:\jvddp.exe39⤵
- Executes dropped EXE
PID:2304 -
\??\c:\rlxrxxf.exec:\rlxrxxf.exe40⤵
- Executes dropped EXE
PID:2580 -
\??\c:\tnhthh.exec:\tnhthh.exe41⤵
- Executes dropped EXE
PID:2740 -
\??\c:\nhhhnh.exec:\nhhhnh.exe42⤵
- Executes dropped EXE
PID:2504 -
\??\c:\pdpdj.exec:\pdpdj.exe43⤵
- Executes dropped EXE
PID:2452 -
\??\c:\5rffrlr.exec:\5rffrlr.exe44⤵
- Executes dropped EXE
PID:2528 -
\??\c:\xlfrxfl.exec:\xlfrxfl.exe45⤵
- Executes dropped EXE
PID:2944 -
\??\c:\1nntnb.exec:\1nntnb.exe46⤵
- Executes dropped EXE
PID:1232 -
\??\c:\nhbntt.exec:\nhbntt.exe47⤵
- Executes dropped EXE
PID:2544 -
\??\c:\dvdvp.exec:\dvdvp.exe48⤵
- Executes dropped EXE
PID:2772 -
\??\c:\lxrrffl.exec:\lxrrffl.exe49⤵
- Executes dropped EXE
PID:1544 -
\??\c:\9rlrrff.exec:\9rlrrff.exe50⤵
- Executes dropped EXE
PID:772 -
\??\c:\hthntb.exec:\hthntb.exe51⤵
- Executes dropped EXE
PID:1664 -
\??\c:\bnbhhh.exec:\bnbhhh.exe52⤵
- Executes dropped EXE
PID:1516 -
\??\c:\3vjdj.exec:\3vjdj.exe53⤵
- Executes dropped EXE
PID:2160 -
\??\c:\ddpdp.exec:\ddpdp.exe54⤵
- Executes dropped EXE
PID:1328 -
\??\c:\xrlxffl.exec:\xrlxffl.exe55⤵
- Executes dropped EXE
PID:692 -
\??\c:\lfrfrrr.exec:\lfrfrrr.exe56⤵
- Executes dropped EXE
PID:604 -
\??\c:\nhhntb.exec:\nhhntb.exe57⤵
- Executes dropped EXE
PID:1860 -
\??\c:\hbnhnt.exec:\hbnhnt.exe58⤵
- Executes dropped EXE
PID:2020 -
\??\c:\pjppv.exec:\pjppv.exe59⤵
- Executes dropped EXE
PID:2836 -
\??\c:\lfflrxx.exec:\lfflrxx.exe60⤵
- Executes dropped EXE
PID:2260 -
\??\c:\xrflfxl.exec:\xrflfxl.exe61⤵
- Executes dropped EXE
PID:1928 -
\??\c:\nhttbb.exec:\nhttbb.exe62⤵
- Executes dropped EXE
PID:2644 -
\??\c:\hbbhhb.exec:\hbbhhb.exe63⤵
- Executes dropped EXE
PID:2416 -
\??\c:\vpvdj.exec:\vpvdj.exe64⤵
- Executes dropped EXE
PID:2412 -
\??\c:\3jdjv.exec:\3jdjv.exe65⤵
- Executes dropped EXE
PID:884 -
\??\c:\1lxxxrf.exec:\1lxxxrf.exe66⤵PID:1228
-
\??\c:\frxxrlx.exec:\frxxrlx.exe67⤵PID:1268
-
\??\c:\7bnttn.exec:\7bnttn.exe68⤵PID:1620
-
\??\c:\7dpjp.exec:\7dpjp.exe69⤵PID:908
-
\??\c:\vpvdv.exec:\vpvdv.exe70⤵PID:1984
-
\??\c:\llxfrrf.exec:\llxfrrf.exe71⤵PID:1576
-
\??\c:\lfflfxr.exec:\lfflfxr.exe72⤵PID:616
-
\??\c:\bbbhbh.exec:\bbbhbh.exe73⤵PID:2084
-
\??\c:\hhbnth.exec:\hhbnth.exe74⤵PID:1712
-
\??\c:\ddjjp.exec:\ddjjp.exe75⤵PID:2976
-
\??\c:\3dddp.exec:\3dddp.exe76⤵PID:2984
-
\??\c:\xxlrlxx.exec:\xxlrlxx.exe77⤵PID:2560
-
\??\c:\fxrrxxl.exec:\fxrrxxl.exe78⤵PID:1200
-
\??\c:\hhhtnb.exec:\hhhtnb.exe79⤵PID:1616
-
\??\c:\3pjpd.exec:\3pjpd.exe80⤵PID:2584
-
\??\c:\vpdjp.exec:\vpdjp.exe81⤵PID:2744
-
\??\c:\flfrxfl.exec:\flfrxfl.exe82⤵PID:2484
-
\??\c:\7nnnbh.exec:\7nnnbh.exe83⤵PID:2592
-
\??\c:\nhtbht.exec:\nhtbht.exe84⤵PID:2620
-
\??\c:\dvdjd.exec:\dvdjd.exe85⤵PID:2520
-
\??\c:\ddpdp.exec:\ddpdp.exe86⤵PID:2340
-
\??\c:\lxffxrx.exec:\lxffxrx.exe87⤵PID:112
-
\??\c:\tthhhh.exec:\tthhhh.exe88⤵PID:376
-
\??\c:\btnthh.exec:\btnthh.exe89⤵PID:2696
-
\??\c:\9jdjv.exec:\9jdjv.exe90⤵PID:2764
-
\??\c:\xrfxflx.exec:\xrfxflx.exe91⤵PID:2796
-
\??\c:\7rlrxxx.exec:\7rlrxxx.exe92⤵PID:1640
-
\??\c:\1bnntb.exec:\1bnntb.exe93⤵PID:920
-
\??\c:\tnbntt.exec:\tnbntt.exe94⤵PID:996
-
\??\c:\7vjpv.exec:\7vjpv.exe95⤵PID:2188
-
\??\c:\pjvvd.exec:\pjvvd.exe96⤵PID:2164
-
\??\c:\7rrlrrx.exec:\7rrlrrx.exe97⤵PID:668
-
\??\c:\9thhnn.exec:\9thhnn.exe98⤵PID:2044
-
\??\c:\btbhtn.exec:\btbhtn.exe99⤵PID:2012
-
\??\c:\jvdjv.exec:\jvdjv.exe100⤵PID:2008
-
\??\c:\vpddj.exec:\vpddj.exe101⤵PID:2940
-
\??\c:\xrfflll.exec:\xrfflll.exe102⤵PID:2844
-
\??\c:\3thnbb.exec:\3thnbb.exe103⤵PID:2432
-
\??\c:\7bttbb.exec:\7bttbb.exe104⤵PID:2284
-
\??\c:\vvjpd.exec:\vvjpd.exe105⤵PID:1532
-
\??\c:\3lxxfxf.exec:\3lxxfxf.exe106⤵PID:2092
-
\??\c:\rlxxrrx.exec:\rlxxrrx.exe107⤵PID:1680
-
\??\c:\nbhhbh.exec:\nbhhbh.exe108⤵PID:952
-
\??\c:\tthntn.exec:\tthntn.exe109⤵PID:764
-
\??\c:\pvjvj.exec:\pvjvj.exe110⤵PID:864
-
\??\c:\7xffllx.exec:\7xffllx.exe111⤵PID:2320
-
\??\c:\xlxxffr.exec:\xlxxffr.exe112⤵PID:1852
-
\??\c:\bbttbh.exec:\bbttbh.exe113⤵PID:1140
-
\??\c:\5bbhnn.exec:\5bbhnn.exe114⤵PID:2016
-
\??\c:\9vvvp.exec:\9vvvp.exe115⤵PID:2244
-
\??\c:\1jjjp.exec:\1jjjp.exe116⤵PID:2132
-
\??\c:\3frffll.exec:\3frffll.exe117⤵PID:2752
-
\??\c:\lrfflxr.exec:\lrfflxr.exe118⤵PID:1976
-
\??\c:\bthttb.exec:\bthttb.exe119⤵PID:2608
-
\??\c:\tnbntt.exec:\tnbntt.exe120⤵PID:2548
-
\??\c:\dvppp.exec:\dvppp.exe121⤵PID:2604
-
\??\c:\jdvvd.exec:\jdvvd.exe122⤵PID:1920
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-