Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system -
submitted
21/07/2024, 23:54
Behavioral task
behavioral1
Sample
2dd57210a04bf4fd2a9f266b8e771310N.exe
Resource
win7-20240708-en
5 signatures
120 seconds
General
-
Target
2dd57210a04bf4fd2a9f266b8e771310N.exe
-
Size
138KB
-
MD5
2dd57210a04bf4fd2a9f266b8e771310
-
SHA1
477db9374b1f9c1ebc905907a9123a499fb578a1
-
SHA256
6572e2eac63d7b435fe6d53b4def56b15ddb3f0fe5f946b42f6798a122f687ff
-
SHA512
f2b22612e1899c8612f3e417fec17b457db8f7f6a8b23ed3f3659d2a6cdc7e983ba870ab68233d71797b1700b7764f949cb61c14d8ed757b7caf4ff948bcdb47
-
SSDEEP
3072:9hOmTsF93UYfwC6GIoutz5yLpcgDE4JBuItR8pz7sH:9cm4FmowdHoS4Bftapz7u
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral2/memory/3640-6-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4684-11-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2860-17-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1436-20-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3608-30-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3364-36-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4044-42-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3428-48-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2708-54-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/244-56-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/732-66-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5004-73-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1604-76-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1100-86-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4812-91-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/740-97-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3000-104-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2220-107-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4528-117-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3032-128-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2200-143-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4952-150-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3400-157-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3400-164-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4092-166-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3696-176-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1048-182-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4892-202-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4744-206-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1192-210-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4396-211-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2044-215-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2044-218-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2436-219-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4460-227-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1508-234-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1184-242-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1732-254-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/224-256-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3832-261-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3128-278-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/928-288-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1280-300-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3684-325-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1908-327-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2520-334-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1512-341-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4952-348-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2720-349-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4568-353-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/936-379-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/640-391-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/964-403-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2060-425-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2140-438-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1536-466-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4672-500-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/948-512-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3120-632-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1032-684-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4648-718-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2432-746-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2312-913-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5020-1030-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 4684 7bhhhn.exe 2860 lfxfxlx.exe 1436 hnnhbb.exe 3608 rlxfxxr.exe 3364 thbtnh.exe 4044 dddvj.exe 3428 rxllxff.exe 2708 hntnhh.exe 244 rxlllxx.exe 732 hnbnnb.exe 5004 dpddd.exe 1604 nbthhb.exe 1100 vpvvp.exe 4812 ffrrrlr.exe 740 bhbbbb.exe 3000 lxfrrxr.exe 2220 htttnt.exe 4528 dvvjp.exe 2248 jdvpp.exe 3032 ffllrrl.exe 3416 jdvdp.exe 2312 bbnbbh.exe 2200 xxlflrl.exe 4952 bbtnnh.exe 880 fxfxrlf.exe 3400 fxrflrf.exe 4092 thtttn.exe 4488 ddjjd.exe 3696 5fffxfx.exe 1048 fxxxxxx.exe 4020 1hhnnn.exe 2716 ddddv.exe 116 xrxrrrr.exe 4892 1hnnnn.exe 4744 vvjdd.exe 1192 xrlllrx.exe 4396 3rllrxr.exe 2044 5bbbnt.exe 2436 pjvdj.exe 4460 lfrrxxr.exe 4516 tbhtbb.exe 1508 jjppd.exe 4252 5rxrlll.exe 2756 btbhhh.exe 1184 jjvvv.exe 4156 vpppj.exe 1224 llxlfxr.exe 1732 bbnthn.exe 224 vvdpv.exe 3832 frrxrxx.exe 1600 tttbnn.exe 4616 jjvjd.exe 1388 xxxxfxr.exe 4860 tbthbh.exe 3128 1jddd.exe 1120 lflrxrf.exe 3148 3hnhbt.exe 928 jjvvd.exe 4292 xlxfrrl.exe 4004 bttnhh.exe 1280 dvvdj.exe 3484 lrfxfll.exe 4668 pvjjp.exe 968 xflflrf.exe -
resource yara_rule behavioral2/memory/3640-0-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000600000002325a-3.dat upx behavioral2/memory/3640-6-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002346a-9.dat upx behavioral2/memory/4684-11-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002346b-13.dat upx behavioral2/memory/2860-17-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1436-20-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002346c-23.dat upx behavioral2/memory/3364-31-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3608-30-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002346d-29.dat upx behavioral2/files/0x000700000002346e-34.dat upx behavioral2/memory/3364-36-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002346f-40.dat upx behavioral2/memory/4044-42-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023470-46.dat upx behavioral2/memory/3428-48-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023471-52.dat upx behavioral2/memory/2708-54-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/244-56-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023472-59.dat upx behavioral2/files/0x0007000000023473-64.dat upx behavioral2/memory/5004-68-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/732-66-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023474-71.dat upx behavioral2/memory/5004-73-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1604-76-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023475-78.dat upx behavioral2/files/0x0007000000023476-83.dat upx behavioral2/memory/1100-86-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4812-87-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4812-91-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023477-90.dat upx behavioral2/files/0x0007000000023478-94.dat upx behavioral2/memory/3000-99-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/740-97-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3000-104-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023479-102.dat upx behavioral2/memory/2220-107-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0008000000023467-109.dat upx behavioral2/memory/4528-112-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002347a-115.dat upx behavioral2/memory/4528-117-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002347b-122.dat upx behavioral2/files/0x000700000002347c-126.dat upx behavioral2/memory/3032-128-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002347d-133.dat upx behavioral2/files/0x000700000002347e-137.dat upx behavioral2/files/0x000700000002347f-144.dat upx behavioral2/memory/2200-143-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023480-148.dat upx behavioral2/memory/4952-150-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023481-155.dat upx behavioral2/memory/3400-157-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023482-160.dat upx behavioral2/files/0x0007000000023483-168.dat upx behavioral2/memory/3400-164-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4092-166-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023484-172.dat upx behavioral2/memory/3696-176-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023485-179.dat upx behavioral2/memory/1048-182-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023486-184.dat upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3640 wrote to memory of 4684 3640 2dd57210a04bf4fd2a9f266b8e771310N.exe 83 PID 3640 wrote to memory of 4684 3640 2dd57210a04bf4fd2a9f266b8e771310N.exe 83 PID 3640 wrote to memory of 4684 3640 2dd57210a04bf4fd2a9f266b8e771310N.exe 83 PID 4684 wrote to memory of 2860 4684 7bhhhn.exe 84 PID 4684 wrote to memory of 2860 4684 7bhhhn.exe 84 PID 4684 wrote to memory of 2860 4684 7bhhhn.exe 84 PID 2860 wrote to memory of 1436 2860 lfxfxlx.exe 85 PID 2860 wrote to memory of 1436 2860 lfxfxlx.exe 85 PID 2860 wrote to memory of 1436 2860 lfxfxlx.exe 85 PID 1436 wrote to memory of 3608 1436 hnnhbb.exe 86 PID 1436 wrote to memory of 3608 1436 hnnhbb.exe 86 PID 1436 wrote to memory of 3608 1436 hnnhbb.exe 86 PID 3608 wrote to memory of 3364 3608 rlxfxxr.exe 87 PID 3608 wrote to memory of 3364 3608 rlxfxxr.exe 87 PID 3608 wrote to memory of 3364 3608 rlxfxxr.exe 87 PID 3364 wrote to memory of 4044 3364 thbtnh.exe 88 PID 3364 wrote to memory of 4044 3364 thbtnh.exe 88 PID 3364 wrote to memory of 4044 3364 thbtnh.exe 88 PID 4044 wrote to memory of 3428 4044 dddvj.exe 89 PID 4044 wrote to memory of 3428 4044 dddvj.exe 89 PID 4044 wrote to memory of 3428 4044 dddvj.exe 89 PID 3428 wrote to memory of 2708 3428 rxllxff.exe 90 PID 3428 wrote to memory of 2708 3428 rxllxff.exe 90 PID 3428 wrote to memory of 2708 3428 rxllxff.exe 90 PID 2708 wrote to memory of 244 2708 hntnhh.exe 91 PID 2708 wrote to memory of 244 2708 hntnhh.exe 91 PID 2708 wrote to memory of 244 2708 hntnhh.exe 91 PID 244 wrote to memory of 732 244 rxlllxx.exe 92 PID 244 wrote to memory of 732 244 rxlllxx.exe 92 PID 244 wrote to memory of 732 244 rxlllxx.exe 92 PID 732 wrote to memory of 5004 732 hnbnnb.exe 93 PID 732 wrote to memory of 5004 732 hnbnnb.exe 93 PID 732 wrote to memory of 5004 732 hnbnnb.exe 93 PID 5004 wrote to memory of 1604 5004 dpddd.exe 95 PID 5004 wrote to memory of 1604 5004 dpddd.exe 95 PID 5004 wrote to memory of 1604 5004 dpddd.exe 95 PID 1604 wrote to memory of 1100 1604 nbthhb.exe 96 PID 1604 wrote to memory of 1100 1604 nbthhb.exe 96 PID 1604 wrote to memory of 1100 1604 nbthhb.exe 96 PID 1100 wrote to memory of 4812 1100 vpvvp.exe 97 PID 1100 wrote to memory of 4812 1100 vpvvp.exe 97 PID 1100 wrote to memory of 4812 1100 vpvvp.exe 97 PID 4812 wrote to memory of 740 4812 ffrrrlr.exe 98 PID 4812 wrote to memory of 740 4812 ffrrrlr.exe 98 PID 4812 wrote to memory of 740 4812 ffrrrlr.exe 98 PID 740 wrote to memory of 3000 740 bhbbbb.exe 99 PID 740 wrote to memory of 3000 740 bhbbbb.exe 99 PID 740 wrote to memory of 3000 740 bhbbbb.exe 99 PID 3000 wrote to memory of 2220 3000 lxfrrxr.exe 101 PID 3000 wrote to memory of 2220 3000 lxfrrxr.exe 101 PID 3000 wrote to memory of 2220 3000 lxfrrxr.exe 101 PID 2220 wrote to memory of 4528 2220 htttnt.exe 102 PID 2220 wrote to memory of 4528 2220 htttnt.exe 102 PID 2220 wrote to memory of 4528 2220 htttnt.exe 102 PID 4528 wrote to memory of 2248 4528 dvvjp.exe 103 PID 4528 wrote to memory of 2248 4528 dvvjp.exe 103 PID 4528 wrote to memory of 2248 4528 dvvjp.exe 103 PID 2248 wrote to memory of 3032 2248 jdvpp.exe 104 PID 2248 wrote to memory of 3032 2248 jdvpp.exe 104 PID 2248 wrote to memory of 3032 2248 jdvpp.exe 104 PID 3032 wrote to memory of 3416 3032 ffllrrl.exe 105 PID 3032 wrote to memory of 3416 3032 ffllrrl.exe 105 PID 3032 wrote to memory of 3416 3032 ffllrrl.exe 105 PID 3416 wrote to memory of 2312 3416 jdvdp.exe 106
Processes
-
C:\Users\Admin\AppData\Local\Temp\2dd57210a04bf4fd2a9f266b8e771310N.exe"C:\Users\Admin\AppData\Local\Temp\2dd57210a04bf4fd2a9f266b8e771310N.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3640 -
\??\c:\7bhhhn.exec:\7bhhhn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4684 -
\??\c:\lfxfxlx.exec:\lfxfxlx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2860 -
\??\c:\hnnhbb.exec:\hnnhbb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1436 -
\??\c:\rlxfxxr.exec:\rlxfxxr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3608 -
\??\c:\thbtnh.exec:\thbtnh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3364 -
\??\c:\dddvj.exec:\dddvj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4044 -
\??\c:\rxllxff.exec:\rxllxff.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3428 -
\??\c:\hntnhh.exec:\hntnhh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2708 -
\??\c:\rxlllxx.exec:\rxlllxx.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:244 -
\??\c:\hnbnnb.exec:\hnbnnb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:732 -
\??\c:\dpddd.exec:\dpddd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5004 -
\??\c:\nbthhb.exec:\nbthhb.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1604 -
\??\c:\vpvvp.exec:\vpvvp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1100 -
\??\c:\ffrrrlr.exec:\ffrrrlr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4812 -
\??\c:\bhbbbb.exec:\bhbbbb.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:740 -
\??\c:\lxfrrxr.exec:\lxfrrxr.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3000 -
\??\c:\htttnt.exec:\htttnt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2220 -
\??\c:\dvvjp.exec:\dvvjp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4528 -
\??\c:\jdvpp.exec:\jdvpp.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2248 -
\??\c:\ffllrrl.exec:\ffllrrl.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3032 -
\??\c:\jdvdp.exec:\jdvdp.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3416 -
\??\c:\bbnbbh.exec:\bbnbbh.exe23⤵
- Executes dropped EXE
PID:2312 -
\??\c:\xxlflrl.exec:\xxlflrl.exe24⤵
- Executes dropped EXE
PID:2200 -
\??\c:\bbtnnh.exec:\bbtnnh.exe25⤵
- Executes dropped EXE
PID:4952 -
\??\c:\fxfxrlf.exec:\fxfxrlf.exe26⤵
- Executes dropped EXE
PID:880 -
\??\c:\fxrflrf.exec:\fxrflrf.exe27⤵
- Executes dropped EXE
PID:3400 -
\??\c:\thtttn.exec:\thtttn.exe28⤵
- Executes dropped EXE
PID:4092 -
\??\c:\ddjjd.exec:\ddjjd.exe29⤵
- Executes dropped EXE
PID:4488 -
\??\c:\5fffxfx.exec:\5fffxfx.exe30⤵
- Executes dropped EXE
PID:3696 -
\??\c:\fxxxxxx.exec:\fxxxxxx.exe31⤵
- Executes dropped EXE
PID:1048 -
\??\c:\1hhnnn.exec:\1hhnnn.exe32⤵
- Executes dropped EXE
PID:4020 -
\??\c:\ddddv.exec:\ddddv.exe33⤵
- Executes dropped EXE
PID:2716 -
\??\c:\xrxrrrr.exec:\xrxrrrr.exe34⤵
- Executes dropped EXE
PID:116 -
\??\c:\1hnnnn.exec:\1hnnnn.exe35⤵
- Executes dropped EXE
PID:4892 -
\??\c:\vvjdd.exec:\vvjdd.exe36⤵
- Executes dropped EXE
PID:4744 -
\??\c:\xrlllrx.exec:\xrlllrx.exe37⤵
- Executes dropped EXE
PID:1192 -
\??\c:\3rllrxr.exec:\3rllrxr.exe38⤵
- Executes dropped EXE
PID:4396 -
\??\c:\5bbbnt.exec:\5bbbnt.exe39⤵
- Executes dropped EXE
PID:2044 -
\??\c:\pjvdj.exec:\pjvdj.exe40⤵
- Executes dropped EXE
PID:2436 -
\??\c:\lfrrxxr.exec:\lfrrxxr.exe41⤵
- Executes dropped EXE
PID:4460 -
\??\c:\tbhtbb.exec:\tbhtbb.exe42⤵
- Executes dropped EXE
PID:4516 -
\??\c:\jjppd.exec:\jjppd.exe43⤵
- Executes dropped EXE
PID:1508 -
\??\c:\5rxrlll.exec:\5rxrlll.exe44⤵
- Executes dropped EXE
PID:4252 -
\??\c:\btbhhh.exec:\btbhhh.exe45⤵
- Executes dropped EXE
PID:2756 -
\??\c:\jjvvv.exec:\jjvvv.exe46⤵
- Executes dropped EXE
PID:1184 -
\??\c:\vpppj.exec:\vpppj.exe47⤵
- Executes dropped EXE
PID:4156 -
\??\c:\llxlfxr.exec:\llxlfxr.exe48⤵
- Executes dropped EXE
PID:1224 -
\??\c:\bbnthn.exec:\bbnthn.exe49⤵
- Executes dropped EXE
PID:1732 -
\??\c:\vvdpv.exec:\vvdpv.exe50⤵
- Executes dropped EXE
PID:224 -
\??\c:\frrxrxx.exec:\frrxrxx.exe51⤵
- Executes dropped EXE
PID:3832 -
\??\c:\tttbnn.exec:\tttbnn.exe52⤵
- Executes dropped EXE
PID:1600 -
\??\c:\jjvjd.exec:\jjvjd.exe53⤵
- Executes dropped EXE
PID:4616 -
\??\c:\xxxxfxr.exec:\xxxxfxr.exe54⤵
- Executes dropped EXE
PID:1388 -
\??\c:\tbthbh.exec:\tbthbh.exe55⤵
- Executes dropped EXE
PID:4860 -
\??\c:\1jddd.exec:\1jddd.exe56⤵
- Executes dropped EXE
PID:3128 -
\??\c:\lflrxrf.exec:\lflrxrf.exe57⤵
- Executes dropped EXE
PID:1120 -
\??\c:\3hnhbt.exec:\3hnhbt.exe58⤵
- Executes dropped EXE
PID:3148 -
\??\c:\jjvvd.exec:\jjvvd.exe59⤵
- Executes dropped EXE
PID:928 -
\??\c:\xlxfrrl.exec:\xlxfrrl.exe60⤵
- Executes dropped EXE
PID:4292 -
\??\c:\bttnhh.exec:\bttnhh.exe61⤵
- Executes dropped EXE
PID:4004 -
\??\c:\dvvdj.exec:\dvvdj.exe62⤵
- Executes dropped EXE
PID:1280 -
\??\c:\lrfxfll.exec:\lrfxfll.exe63⤵
- Executes dropped EXE
PID:3484 -
\??\c:\pvjjp.exec:\pvjjp.exe64⤵
- Executes dropped EXE
PID:4668 -
\??\c:\xflflrf.exec:\xflflrf.exe65⤵
- Executes dropped EXE
PID:968 -
\??\c:\bhnthh.exec:\bhnthh.exe66⤵PID:2220
-
\??\c:\fffllll.exec:\fffllll.exe67⤵PID:3960
-
\??\c:\pjppd.exec:\pjppd.exe68⤵PID:2136
-
\??\c:\xlllfxr.exec:\xlllfxr.exe69⤵PID:5084
-
\??\c:\bhtbbb.exec:\bhtbbb.exe70⤵PID:3684
-
\??\c:\ppppv.exec:\ppppv.exe71⤵PID:1908
-
\??\c:\vjvjv.exec:\vjvjv.exe72⤵PID:2520
-
\??\c:\bbhbht.exec:\bbhbht.exe73⤵PID:2128
-
\??\c:\bnthhh.exec:\bnthhh.exe74⤵PID:1512
-
\??\c:\lflflrf.exec:\lflflrf.exe75⤵PID:1852
-
\??\c:\nhhhht.exec:\nhhhht.exe76⤵PID:4952
-
\??\c:\dpddj.exec:\dpddj.exe77⤵PID:2720
-
\??\c:\pjjpd.exec:\pjjpd.exe78⤵PID:4568
-
\??\c:\xxflllx.exec:\xxflllx.exe79⤵PID:2160
-
\??\c:\tnhtnh.exec:\tnhtnh.exe80⤵PID:3492
-
\??\c:\dvvpj.exec:\dvvpj.exe81⤵PID:4984
-
\??\c:\fflllll.exec:\fflllll.exe82⤵PID:432
-
\??\c:\lfflllr.exec:\lfflllr.exe83⤵PID:1048
-
\??\c:\thnnnt.exec:\thnnnt.exe84⤵PID:4908
-
\??\c:\7bhnht.exec:\7bhnht.exe85⤵PID:2464
-
\??\c:\vddvj.exec:\vddvj.exe86⤵PID:936
-
\??\c:\lflffff.exec:\lflffff.exe87⤵PID:4900
-
\??\c:\7nbhnh.exec:\7nbhnh.exe88⤵PID:4840
-
\??\c:\jvvpp.exec:\jvvpp.exe89⤵PID:640
-
\??\c:\xrxxfrr.exec:\xrxxfrr.exe90⤵PID:4956
-
\??\c:\hbtbtb.exec:\hbtbtb.exe91⤵PID:4068
-
\??\c:\jvdvp.exec:\jvdvp.exe92⤵PID:964
-
\??\c:\vppjj.exec:\vppjj.exe93⤵PID:3928
-
\??\c:\frxxlrf.exec:\frxxlrf.exe94⤵PID:3932
-
\??\c:\nthnth.exec:\nthnth.exe95⤵PID:4204
-
\??\c:\xrffrxf.exec:\xrffrxf.exe96⤵PID:4252
-
\??\c:\nnbbbb.exec:\nnbbbb.exe97⤵PID:2756
-
\??\c:\djdpv.exec:\djdpv.exe98⤵PID:1576
-
\??\c:\llfxxll.exec:\llfxxll.exe99⤵PID:2060
-
\??\c:\fflfxlr.exec:\fflfxlr.exe100⤵PID:3036
-
\??\c:\3nnbnh.exec:\3nnbnh.exe101⤵PID:1732
-
\??\c:\1dvvd.exec:\1dvvd.exe102⤵PID:1932
-
\??\c:\fxfxfrx.exec:\fxfxfrx.exe103⤵PID:2140
-
\??\c:\bttnht.exec:\bttnht.exe104⤵PID:4352
-
\??\c:\jdjdd.exec:\jdjdd.exe105⤵PID:4504
-
\??\c:\xrrlllx.exec:\xrrlllx.exe106⤵PID:1388
-
\??\c:\tnthtn.exec:\tnthtn.exe107⤵PID:2204
-
\??\c:\jdjjv.exec:\jdjjv.exe108⤵PID:2360
-
\??\c:\rlllflx.exec:\rlllflx.exe109⤵PID:1120
-
\??\c:\hhhbtt.exec:\hhhbtt.exe110⤵PID:4796
-
\??\c:\jpdpv.exec:\jpdpv.exe111⤵PID:4520
-
\??\c:\rxxrflf.exec:\rxxrflf.exe112⤵PID:1536
-
\??\c:\5hhhhh.exec:\5hhhhh.exe113⤵PID:4812
-
\??\c:\vpdpj.exec:\vpdpj.exe114⤵PID:916
-
\??\c:\flrlxfx.exec:\flrlxfx.exe115⤵PID:3000
-
\??\c:\nhttnt.exec:\nhttnt.exe116⤵PID:1944
-
\??\c:\pvddp.exec:\pvddp.exe117⤵PID:2220
-
\??\c:\xxfxrfr.exec:\xxfxrfr.exe118⤵PID:3960
-
\??\c:\9bbbnn.exec:\9bbbnn.exe119⤵PID:3120
-
\??\c:\nntnbh.exec:\nntnbh.exe120⤵PID:4084
-
\??\c:\dvpjv.exec:\dvpjv.exe121⤵PID:5016
-
\??\c:\1rffrlr.exec:\1rffrlr.exe122⤵PID:4780
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-