Analysis
-
max time kernel
120s -
max time network
19s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
09-11-2024 22:27
Static task
static1
Behavioral task
behavioral1
Sample
7f4514c892f09cd840e920b941dd00e728d5883a3f13f678b4f4ab8d6f91be3eN.exe
Resource
win7-20241010-en
General
-
Target
7f4514c892f09cd840e920b941dd00e728d5883a3f13f678b4f4ab8d6f91be3eN.exe
-
Size
455KB
-
MD5
d18c5c8b78b1edebea3c2e1fe088f120
-
SHA1
9722b5b502c1edb37c48b744d13fb3c42a6d7d18
-
SHA256
7f4514c892f09cd840e920b941dd00e728d5883a3f13f678b4f4ab8d6f91be3e
-
SHA512
695502bdf6960e0634b27a0f27f125cd6230a4e33565299505de950544dece1b53afc1442924daaf7f646d2d4561e9880774b1741ccde9f6e0492e5cfe16d468
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbeRk:q7Tc2NYHUrAwfMp3CDRk
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 45 IoCs
Processes:
resource yara_rule behavioral1/memory/2496-7-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2384-17-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2244-26-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2268-37-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2268-35-0x00000000001B0000-0x00000000001DA000-memory.dmp family_blackmoon behavioral1/memory/2956-46-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/472-56-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2960-65-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2580-74-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2964-78-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1384-94-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2096-103-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2148-126-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2964-115-0x00000000001B0000-0x00000000001DA000-memory.dmp family_blackmoon behavioral1/memory/3068-113-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2148-129-0x0000000000220000-0x000000000024A000-memory.dmp family_blackmoon behavioral1/memory/2132-142-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2560-153-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1320-172-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1184-181-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2456-190-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2484-199-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2392-208-0x0000000000220000-0x000000000024A000-memory.dmp family_blackmoon behavioral1/memory/2392-209-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1576-235-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1340-245-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/936-263-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1576-265-0x00000000003A0000-0x00000000003CA000-memory.dmp family_blackmoon behavioral1/memory/2432-270-0x0000000000220000-0x000000000024A000-memory.dmp family_blackmoon behavioral1/memory/2656-310-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2836-335-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2872-364-0x0000000000220000-0x000000000024A000-memory.dmp family_blackmoon behavioral1/memory/2780-379-0x0000000000230000-0x000000000025A000-memory.dmp family_blackmoon behavioral1/memory/2780-378-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2232-412-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1900-452-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1760-465-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2448-466-0x00000000001B0000-0x00000000001DA000-memory.dmp family_blackmoon behavioral1/memory/2672-473-0x00000000003A0000-0x00000000003CA000-memory.dmp family_blackmoon behavioral1/memory/2068-480-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2388-488-0x0000000000230000-0x000000000025A000-memory.dmp family_blackmoon behavioral1/memory/2388-487-0x0000000000230000-0x000000000025A000-memory.dmp family_blackmoon behavioral1/memory/2672-496-0x00000000003A0000-0x00000000003CA000-memory.dmp family_blackmoon behavioral1/memory/2828-611-0x0000000000220000-0x000000000024A000-memory.dmp family_blackmoon behavioral1/memory/1316-756-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
Processes:
lrlrtd.exebjbfd.exerdvtrj.exepvbbt.exeppvnbpt.exeptfbx.exehjpxrdb.exelrxhvf.exebpnbhp.exeffdbfrl.exexnjhf.exeprvjrjt.exervrhnhb.exehhbdhv.exephxxnl.exetnfbxdv.exepjrjh.exejhfhnhf.exeprpln.exelfjbx.exepphvbt.exebxprf.exevxffvlt.exebhbhn.exefdxtn.exerrxtf.exeblfdtxh.exedxtfvnb.exefrtpl.exetvdnlx.exehhjhj.exejjlbdd.exenjfhptv.exefvxtj.exeppttn.exetptnlvd.exerbvdpp.exenfhdr.exenhphvbv.exerrpjxf.exeplnxvv.exenrtxpd.exeppvhvjv.exehtvfjj.exedhpvvh.exepvxvfhn.exeftbdtfb.exexflxxj.exebxfxd.exehhljt.exejdnvtb.exepbbdll.exedltlx.exenphhjpx.exethlpfxn.exexpnvh.exexxrtv.exexfflf.exetxbnpxn.exenpbhpx.exefxfhtlr.exelldnfx.exerhthpx.exeppnpptb.exepid process 2384 lrlrtd.exe 2244 bjbfd.exe 2268 rdvtrj.exe 2956 pvbbt.exe 472 ppvnbpt.exe 2960 ptfbx.exe 2580 hjpxrdb.exe 2964 lrxhvf.exe 1384 bpnbhp.exe 2096 ffdbfrl.exe 3068 xnjhf.exe 2924 prvjrjt.exe 2148 rvrhnhb.exe 2132 hhbdhv.exe 2560 phxxnl.exe 2044 tnfbxdv.exe 1320 pjrjh.exe 1184 jhfhnhf.exe 2456 prpln.exe 2484 lfjbx.exe 2392 pphvbt.exe 1544 bxprf.exe 1104 vxffvlt.exe 1576 bhbhn.exe 1340 fdxtn.exe 1408 rrxtf.exe 936 blfdtxh.exe 2432 dxtfvnb.exe 1724 frtpl.exe 2240 tvdnlx.exe 2260 hhjhj.exe 2656 jjlbdd.exe 2496 njfhptv.exe 1720 fvxtj.exe 2932 ppttn.exe 2836 tptnlvd.exe 2872 rbvdpp.exe 2204 nfhdr.exe 2896 nhphvbv.exe 2848 rrpjxf.exe 3024 plnxvv.exe 2780 nrtxpd.exe 2580 ppvhvjv.exe 112 htvfjj.exe 2644 dhpvvh.exe 1020 pvxvfhn.exe 3044 ftbdtfb.exe 2232 xflxxj.exe 3064 bxfxd.exe 1924 hhljt.exe 2596 jdnvtb.exe 2448 pbbdll.exe 2036 dltlx.exe 1900 nphhjpx.exe 1760 thlpfxn.exe 2672 xpnvh.exe 2068 xxrtv.exe 2388 xfflf.exe 2456 txbnpxn.exe 964 npbhpx.exe 712 fxfhtlr.exe 2708 lldnfx.exe 1008 rhthpx.exe 1104 ppnpptb.exe -
Processes:
resource yara_rule behavioral1/memory/2496-7-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2384-17-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2244-26-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2956-38-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2268-37-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2956-46-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2960-57-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/472-56-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2960-65-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2580-74-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2964-78-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1384-94-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2096-103-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2148-126-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2924-117-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/3068-113-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2132-142-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2044-154-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2560-153-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1320-172-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1184-181-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2456-190-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2484-199-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2392-209-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1576-227-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1576-235-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1340-245-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/936-263-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2432-266-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2240-286-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2656-310-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2836-335-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2896-349-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/3024-365-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2780-379-0x0000000000230000-0x000000000025A000-memory.dmp upx behavioral1/memory/2780-378-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2232-412-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1900-452-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1760-465-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2068-480-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2456-489-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1288-586-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2928-650-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/892-730-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1316-756-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/320-783-0x0000000000400000-0x000000000042A000-memory.dmp upx -
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
hnbjjdj.exenhphflr.exenbfrdhr.exejxxvbn.exevrxtxn.exehfvbx.exepdtjlrb.exenrvlp.exetpdphdx.exextxlppp.exetblddtv.exexhvvdtb.exefnnnj.exelhvhp.exerbblhdv.exexdpjr.exerppxdd.exebrjlxbb.exejthbl.exehlhvlv.exedpvtnt.exexjlnrr.exevpvrbx.exefnlbr.exexlrnh.exevrrdd.exenrldj.exevhdbt.exefxdfp.exextlphv.exepnntx.exevfnvnhd.exeblhxxnh.exelfpjp.exexpnvh.exedfdtlf.exenxbdttn.exexlndp.exenlnljnp.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language hnbjjdj.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language nhphflr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language nbfrdhr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jxxvbn.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language vrxtxn.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language hfvbx.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language pdtjlrb.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language nrvlp.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language tpdphdx.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language xtxlppp.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language tblddtv.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language xhvvdtb.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language fnnnj.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language lhvhp.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rbblhdv.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language xdpjr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rppxdd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language brjlxbb.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jthbl.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language hlhvlv.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language dpvtnt.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language xjlnrr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language vpvrbx.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language fnlbr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language xlrnh.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language vrrdd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language nrldj.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language vhdbt.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language fxdfp.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language xtlphv.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language pnntx.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language vfnvnhd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language blhxxnh.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language lfpjp.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language xpnvh.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language dfdtlf.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language nxbdttn.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language xlndp.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language nlnljnp.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
7f4514c892f09cd840e920b941dd00e728d5883a3f13f678b4f4ab8d6f91be3eN.exelrlrtd.exebjbfd.exerdvtrj.exepvbbt.exeppvnbpt.exeptfbx.exehjpxrdb.exelrxhvf.exebpnbhp.exeffdbfrl.exexnjhf.exeprvjrjt.exervrhnhb.exehhbdhv.exephxxnl.exedescription pid process target process PID 2496 wrote to memory of 2384 2496 7f4514c892f09cd840e920b941dd00e728d5883a3f13f678b4f4ab8d6f91be3eN.exe lrlrtd.exe PID 2496 wrote to memory of 2384 2496 7f4514c892f09cd840e920b941dd00e728d5883a3f13f678b4f4ab8d6f91be3eN.exe lrlrtd.exe PID 2496 wrote to memory of 2384 2496 7f4514c892f09cd840e920b941dd00e728d5883a3f13f678b4f4ab8d6f91be3eN.exe lrlrtd.exe PID 2496 wrote to memory of 2384 2496 7f4514c892f09cd840e920b941dd00e728d5883a3f13f678b4f4ab8d6f91be3eN.exe lrlrtd.exe PID 2384 wrote to memory of 2244 2384 lrlrtd.exe bjbfd.exe PID 2384 wrote to memory of 2244 2384 lrlrtd.exe bjbfd.exe PID 2384 wrote to memory of 2244 2384 lrlrtd.exe bjbfd.exe PID 2384 wrote to memory of 2244 2384 lrlrtd.exe bjbfd.exe PID 2244 wrote to memory of 2268 2244 bjbfd.exe rdvtrj.exe PID 2244 wrote to memory of 2268 2244 bjbfd.exe rdvtrj.exe PID 2244 wrote to memory of 2268 2244 bjbfd.exe rdvtrj.exe PID 2244 wrote to memory of 2268 2244 bjbfd.exe rdvtrj.exe PID 2268 wrote to memory of 2956 2268 rdvtrj.exe pvbbt.exe PID 2268 wrote to memory of 2956 2268 rdvtrj.exe pvbbt.exe PID 2268 wrote to memory of 2956 2268 rdvtrj.exe pvbbt.exe PID 2268 wrote to memory of 2956 2268 rdvtrj.exe pvbbt.exe PID 2956 wrote to memory of 472 2956 pvbbt.exe ppvnbpt.exe PID 2956 wrote to memory of 472 2956 pvbbt.exe ppvnbpt.exe PID 2956 wrote to memory of 472 2956 pvbbt.exe ppvnbpt.exe PID 2956 wrote to memory of 472 2956 pvbbt.exe ppvnbpt.exe PID 472 wrote to memory of 2960 472 ppvnbpt.exe ptfbx.exe PID 472 wrote to memory of 2960 472 ppvnbpt.exe ptfbx.exe PID 472 wrote to memory of 2960 472 ppvnbpt.exe ptfbx.exe PID 472 wrote to memory of 2960 472 ppvnbpt.exe ptfbx.exe PID 2960 wrote to memory of 2580 2960 ptfbx.exe hjpxrdb.exe PID 2960 wrote to memory of 2580 2960 ptfbx.exe hjpxrdb.exe PID 2960 wrote to memory of 2580 2960 ptfbx.exe hjpxrdb.exe PID 2960 wrote to memory of 2580 2960 ptfbx.exe hjpxrdb.exe PID 2580 wrote to memory of 2964 2580 hjpxrdb.exe lrxhvf.exe PID 2580 wrote to memory of 2964 2580 hjpxrdb.exe lrxhvf.exe PID 2580 wrote to memory of 2964 2580 hjpxrdb.exe lrxhvf.exe PID 2580 wrote to memory of 2964 2580 hjpxrdb.exe lrxhvf.exe PID 2964 wrote to memory of 1384 2964 lrxhvf.exe bpnbhp.exe PID 2964 wrote to memory of 1384 2964 lrxhvf.exe bpnbhp.exe PID 2964 wrote to memory of 1384 2964 lrxhvf.exe bpnbhp.exe PID 2964 wrote to memory of 1384 2964 lrxhvf.exe bpnbhp.exe PID 1384 wrote to memory of 2096 1384 bpnbhp.exe ffdbfrl.exe PID 1384 wrote to memory of 2096 1384 bpnbhp.exe ffdbfrl.exe PID 1384 wrote to memory of 2096 1384 bpnbhp.exe ffdbfrl.exe PID 1384 wrote to memory of 2096 1384 bpnbhp.exe ffdbfrl.exe PID 2096 wrote to memory of 3068 2096 ffdbfrl.exe xnjhf.exe PID 2096 wrote to memory of 3068 2096 ffdbfrl.exe xnjhf.exe PID 2096 wrote to memory of 3068 2096 ffdbfrl.exe xnjhf.exe PID 2096 wrote to memory of 3068 2096 ffdbfrl.exe xnjhf.exe PID 3068 wrote to memory of 2924 3068 xnjhf.exe prvjrjt.exe PID 3068 wrote to memory of 2924 3068 xnjhf.exe prvjrjt.exe PID 3068 wrote to memory of 2924 3068 xnjhf.exe prvjrjt.exe PID 3068 wrote to memory of 2924 3068 xnjhf.exe prvjrjt.exe PID 2924 wrote to memory of 2148 2924 prvjrjt.exe rvrhnhb.exe PID 2924 wrote to memory of 2148 2924 prvjrjt.exe rvrhnhb.exe PID 2924 wrote to memory of 2148 2924 prvjrjt.exe rvrhnhb.exe PID 2924 wrote to memory of 2148 2924 prvjrjt.exe rvrhnhb.exe PID 2148 wrote to memory of 2132 2148 rvrhnhb.exe hhbdhv.exe PID 2148 wrote to memory of 2132 2148 rvrhnhb.exe hhbdhv.exe PID 2148 wrote to memory of 2132 2148 rvrhnhb.exe hhbdhv.exe PID 2148 wrote to memory of 2132 2148 rvrhnhb.exe hhbdhv.exe PID 2132 wrote to memory of 2560 2132 hhbdhv.exe phxxnl.exe PID 2132 wrote to memory of 2560 2132 hhbdhv.exe phxxnl.exe PID 2132 wrote to memory of 2560 2132 hhbdhv.exe phxxnl.exe PID 2132 wrote to memory of 2560 2132 hhbdhv.exe phxxnl.exe PID 2560 wrote to memory of 2044 2560 phxxnl.exe tnfbxdv.exe PID 2560 wrote to memory of 2044 2560 phxxnl.exe tnfbxdv.exe PID 2560 wrote to memory of 2044 2560 phxxnl.exe tnfbxdv.exe PID 2560 wrote to memory of 2044 2560 phxxnl.exe tnfbxdv.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\7f4514c892f09cd840e920b941dd00e728d5883a3f13f678b4f4ab8d6f91be3eN.exe"C:\Users\Admin\AppData\Local\Temp\7f4514c892f09cd840e920b941dd00e728d5883a3f13f678b4f4ab8d6f91be3eN.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2496 -
\??\c:\lrlrtd.exec:\lrlrtd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2384 -
\??\c:\bjbfd.exec:\bjbfd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2244 -
\??\c:\rdvtrj.exec:\rdvtrj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2268 -
\??\c:\pvbbt.exec:\pvbbt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2956 -
\??\c:\ppvnbpt.exec:\ppvnbpt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:472 -
\??\c:\ptfbx.exec:\ptfbx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2960 -
\??\c:\hjpxrdb.exec:\hjpxrdb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2580 -
\??\c:\lrxhvf.exec:\lrxhvf.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2964 -
\??\c:\bpnbhp.exec:\bpnbhp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1384 -
\??\c:\ffdbfrl.exec:\ffdbfrl.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2096 -
\??\c:\xnjhf.exec:\xnjhf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3068 -
\??\c:\prvjrjt.exec:\prvjrjt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2924 -
\??\c:\rvrhnhb.exec:\rvrhnhb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2148 -
\??\c:\hhbdhv.exec:\hhbdhv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2132 -
\??\c:\phxxnl.exec:\phxxnl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2560 -
\??\c:\tnfbxdv.exec:\tnfbxdv.exe17⤵
- Executes dropped EXE
PID:2044 -
\??\c:\pjrjh.exec:\pjrjh.exe18⤵
- Executes dropped EXE
PID:1320 -
\??\c:\jhfhnhf.exec:\jhfhnhf.exe19⤵
- Executes dropped EXE
PID:1184 -
\??\c:\prpln.exec:\prpln.exe20⤵
- Executes dropped EXE
PID:2456 -
\??\c:\lfjbx.exec:\lfjbx.exe21⤵
- Executes dropped EXE
PID:2484 -
\??\c:\pphvbt.exec:\pphvbt.exe22⤵
- Executes dropped EXE
PID:2392 -
\??\c:\bxprf.exec:\bxprf.exe23⤵
- Executes dropped EXE
PID:1544 -
\??\c:\vxffvlt.exec:\vxffvlt.exe24⤵
- Executes dropped EXE
PID:1104 -
\??\c:\bhbhn.exec:\bhbhn.exe25⤵
- Executes dropped EXE
PID:1576 -
\??\c:\fdxtn.exec:\fdxtn.exe26⤵
- Executes dropped EXE
PID:1340 -
\??\c:\rrxtf.exec:\rrxtf.exe27⤵
- Executes dropped EXE
PID:1408 -
\??\c:\blfdtxh.exec:\blfdtxh.exe28⤵
- Executes dropped EXE
PID:936 -
\??\c:\dxtfvnb.exec:\dxtfvnb.exe29⤵
- Executes dropped EXE
PID:2432 -
\??\c:\frtpl.exec:\frtpl.exe30⤵
- Executes dropped EXE
PID:1724 -
\??\c:\tvdnlx.exec:\tvdnlx.exe31⤵
- Executes dropped EXE
PID:2240 -
\??\c:\hhjhj.exec:\hhjhj.exe32⤵
- Executes dropped EXE
PID:2260 -
\??\c:\jjlbdd.exec:\jjlbdd.exe33⤵
- Executes dropped EXE
PID:2656 -
\??\c:\njfhptv.exec:\njfhptv.exe34⤵
- Executes dropped EXE
PID:2496 -
\??\c:\fvxtj.exec:\fvxtj.exe35⤵
- Executes dropped EXE
PID:1720 -
\??\c:\ppttn.exec:\ppttn.exe36⤵
- Executes dropped EXE
PID:2932 -
\??\c:\tptnlvd.exec:\tptnlvd.exe37⤵
- Executes dropped EXE
PID:2836 -
\??\c:\rbvdpp.exec:\rbvdpp.exe38⤵
- Executes dropped EXE
PID:2872 -
\??\c:\nfhdr.exec:\nfhdr.exe39⤵
- Executes dropped EXE
PID:2204 -
\??\c:\nhphvbv.exec:\nhphvbv.exe40⤵
- Executes dropped EXE
PID:2896 -
\??\c:\rrpjxf.exec:\rrpjxf.exe41⤵
- Executes dropped EXE
PID:2848 -
\??\c:\plnxvv.exec:\plnxvv.exe42⤵
- Executes dropped EXE
PID:3024 -
\??\c:\nrtxpd.exec:\nrtxpd.exe43⤵
- Executes dropped EXE
PID:2780 -
\??\c:\ppvhvjv.exec:\ppvhvjv.exe44⤵
- Executes dropped EXE
PID:2580 -
\??\c:\htvfjj.exec:\htvfjj.exe45⤵
- Executes dropped EXE
PID:112 -
\??\c:\dhpvvh.exec:\dhpvvh.exe46⤵
- Executes dropped EXE
PID:2644 -
\??\c:\pvxvfhn.exec:\pvxvfhn.exe47⤵
- Executes dropped EXE
PID:1020 -
\??\c:\ftbdtfb.exec:\ftbdtfb.exe48⤵
- Executes dropped EXE
PID:3044 -
\??\c:\xflxxj.exec:\xflxxj.exe49⤵
- Executes dropped EXE
PID:2232 -
\??\c:\bxfxd.exec:\bxfxd.exe50⤵
- Executes dropped EXE
PID:3064 -
\??\c:\hhljt.exec:\hhljt.exe51⤵
- Executes dropped EXE
PID:1924 -
\??\c:\jdnvtb.exec:\jdnvtb.exe52⤵
- Executes dropped EXE
PID:2596 -
\??\c:\pbbdll.exec:\pbbdll.exe53⤵
- Executes dropped EXE
PID:2448 -
\??\c:\dltlx.exec:\dltlx.exe54⤵
- Executes dropped EXE
PID:2036 -
\??\c:\nphhjpx.exec:\nphhjpx.exe55⤵
- Executes dropped EXE
PID:1900 -
\??\c:\thlpfxn.exec:\thlpfxn.exe56⤵
- Executes dropped EXE
PID:1760 -
\??\c:\xpnvh.exec:\xpnvh.exe57⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2672 -
\??\c:\xxrtv.exec:\xxrtv.exe58⤵
- Executes dropped EXE
PID:2068 -
\??\c:\xfflf.exec:\xfflf.exe59⤵
- Executes dropped EXE
PID:2388 -
\??\c:\txbnpxn.exec:\txbnpxn.exe60⤵
- Executes dropped EXE
PID:2456 -
\??\c:\npbhpx.exec:\npbhpx.exe61⤵
- Executes dropped EXE
PID:964 -
\??\c:\fxfhtlr.exec:\fxfhtlr.exe62⤵
- Executes dropped EXE
PID:712 -
\??\c:\lldnfx.exec:\lldnfx.exe63⤵
- Executes dropped EXE
PID:2708 -
\??\c:\rhthpx.exec:\rhthpx.exe64⤵
- Executes dropped EXE
PID:1008 -
\??\c:\ppnpptb.exec:\ppnpptb.exe65⤵
- Executes dropped EXE
PID:1104 -
\??\c:\vrxhv.exec:\vrxhv.exe66⤵PID:1328
-
\??\c:\ldrhhr.exec:\ldrhhr.exe67⤵PID:1820
-
\??\c:\jbjvxjp.exec:\jbjvxjp.exe68⤵PID:1700
-
\??\c:\xvnrb.exec:\xvnrb.exe69⤵PID:108
-
\??\c:\dtrplrn.exec:\dtrplrn.exe70⤵PID:776
-
\??\c:\rrffxt.exec:\rrffxt.exe71⤵PID:2432
-
\??\c:\xvhpj.exec:\xvhpj.exe72⤵PID:1220
-
\??\c:\rjfhphl.exec:\rjfhphl.exe73⤵PID:2276
-
\??\c:\dtnnjj.exec:\dtnnjj.exe74⤵PID:2680
-
\??\c:\rfldxph.exec:\rfldxph.exe75⤵PID:1288
-
\??\c:\rxbxjx.exec:\rxbxjx.exe76⤵PID:1156
-
\??\c:\rlnjr.exec:\rlnjr.exe77⤵PID:1824
-
\??\c:\pxddbpr.exec:\pxddbpr.exe78⤵PID:2828
-
\??\c:\jtnvp.exec:\jtnvp.exe79⤵PID:2824
-
\??\c:\dvnldr.exec:\dvnldr.exe80⤵PID:2236
-
\??\c:\tptftdr.exec:\tptftdr.exe81⤵PID:2948
-
\??\c:\xbvlbp.exec:\xbvlbp.exe82⤵PID:2940
-
\??\c:\vlfpj.exec:\vlfpj.exe83⤵PID:3016
-
\??\c:\bnhxl.exec:\bnhxl.exe84⤵PID:2896
-
\??\c:\ndxbd.exec:\ndxbd.exe85⤵PID:2928
-
\??\c:\njthtv.exec:\njthtv.exe86⤵PID:3052
-
\??\c:\nnxvt.exec:\nnxvt.exe87⤵PID:2808
-
\??\c:\fjhpxb.exec:\fjhpxb.exe88⤵PID:2408
-
\??\c:\dhxhp.exec:\dhxhp.exe89⤵PID:2012
-
\??\c:\hpplxvt.exec:\hpplxvt.exe90⤵PID:960
-
\??\c:\tjrhl.exec:\tjrhl.exe91⤵PID:2096
-
\??\c:\phnlhtr.exec:\phnlhtr.exe92⤵PID:3044
-
\??\c:\xnpdtxj.exec:\xnpdtxj.exe93⤵PID:2832
-
\??\c:\nxxvvd.exec:\nxxvvd.exe94⤵PID:2164
-
\??\c:\phprtp.exec:\phprtp.exe95⤵PID:592
-
\??\c:\tbhjfd.exec:\tbhjfd.exe96⤵PID:2548
-
\??\c:\tpfxrjr.exec:\tpfxrjr.exe97⤵PID:892
-
\??\c:\xlrnh.exec:\xlrnh.exe98⤵
- System Location Discovery: System Language Discovery
PID:1656 -
\??\c:\rnlpd.exec:\rnlpd.exe99⤵PID:1692
-
\??\c:\btttr.exec:\btttr.exe100⤵PID:2424
-
\??\c:\hhflvlx.exec:\hhflvlx.exe101⤵PID:1316
-
\??\c:\dflhx.exec:\dflhx.exe102⤵PID:1184
-
\??\c:\dtfrf.exec:\dtfrf.exe103⤵PID:2700
-
\??\c:\tblddtv.exec:\tblddtv.exe104⤵
- System Location Discovery: System Language Discovery
PID:2176 -
\??\c:\hjdbjnl.exec:\hjdbjnl.exe105⤵PID:320
-
\??\c:\dfrvpj.exec:\dfrvpj.exe106⤵PID:852
-
\??\c:\rltxbdn.exec:\rltxbdn.exe107⤵PID:1544
-
\??\c:\hfhpp.exec:\hfhpp.exe108⤵PID:2544
-
\??\c:\rvbnnhl.exec:\rvbnnhl.exe109⤵PID:1008
-
\??\c:\vhdbt.exec:\vhdbt.exe110⤵
- System Location Discovery: System Language Discovery
PID:2480 -
\??\c:\djftddl.exec:\djftddl.exe111⤵PID:2304
-
\??\c:\phrfp.exec:\phrfp.exe112⤵PID:644
-
\??\c:\vxplth.exec:\vxplth.exe113⤵PID:1684
-
\??\c:\nxrtb.exec:\nxrtb.exe114⤵PID:1176
-
\??\c:\nbvpf.exec:\nbvpf.exe115⤵PID:2144
-
\??\c:\hpljhrr.exec:\hpljhrr.exe116⤵PID:2076
-
\??\c:\xfnlj.exec:\xfnlj.exe117⤵PID:880
-
\??\c:\nfftrxn.exec:\nfftrxn.exe118⤵PID:1520
-
\??\c:\ldhvxv.exec:\ldhvxv.exe119⤵PID:1696
-
\??\c:\ljnhx.exec:\ljnhx.exe120⤵PID:2116
-
\??\c:\tpdphdx.exec:\tpdphdx.exe121⤵
- System Location Discovery: System Language Discovery
PID:1492 -
\??\c:\tlfhr.exec:\tlfhr.exe122⤵PID:1716
-
\??\c:\xfpvjxd.exec:\xfpvjxd.exe123⤵PID:1632
-
\??\c:\hxhbd.exec:\hxhbd.exe124⤵PID:2936
-
\??\c:\tnvlf.exec:\tnvlf.exe125⤵PID:2872
-
\??\c:\djttfnp.exec:\djttfnp.exe126⤵PID:2268
-
\??\c:\fvrdnf.exec:\fvrdnf.exe127⤵PID:2900
-
\??\c:\tdrlj.exec:\tdrlj.exe128⤵PID:2904
-
\??\c:\pptpnd.exec:\pptpnd.exe129⤵PID:2224
-
\??\c:\jnfdvj.exec:\jnfdvj.exe130⤵PID:2908
-
\??\c:\xtlphv.exec:\xtlphv.exe131⤵
- System Location Discovery: System Language Discovery
PID:2804 -
\??\c:\hphbf.exec:\hphbf.exe132⤵PID:2284
-
\??\c:\xdddlb.exec:\xdddlb.exe133⤵PID:940
-
\??\c:\bxbhx.exec:\bxbhx.exe134⤵PID:2192
-
\??\c:\pxrpb.exec:\pxrpb.exe135⤵PID:1020
-
\??\c:\bvvntj.exec:\bvvntj.exe136⤵PID:2988
-
\??\c:\jvxbfhd.exec:\jvxbfhd.exe137⤵PID:3044
-
\??\c:\vvbnl.exec:\vvbnl.exe138⤵PID:2832
-
\??\c:\frttxv.exec:\frttxv.exe139⤵PID:1180
-
\??\c:\bhntf.exec:\bhntf.exe140⤵PID:2596
-
\??\c:\jxxvbn.exec:\jxxvbn.exe141⤵
- System Location Discovery: System Language Discovery
PID:2428 -
\??\c:\bftlp.exec:\bftlp.exe142⤵PID:2312
-
\??\c:\nxpfr.exec:\nxpfr.exe143⤵PID:1280
-
\??\c:\fxxbtf.exec:\fxxbtf.exe144⤵PID:984
-
\??\c:\bxtxbhv.exec:\bxtxbhv.exe145⤵PID:560
-
\??\c:\xtpjhl.exec:\xtpjhl.exe146⤵PID:2464
-
\??\c:\ljjfl.exec:\ljjfl.exe147⤵PID:2272
-
\??\c:\hhvnbxb.exec:\hhvnbxb.exe148⤵PID:2700
-
\??\c:\jvxjldv.exec:\jvxjldv.exe149⤵PID:2456
-
\??\c:\blvth.exec:\blvth.exe150⤵PID:2696
-
\??\c:\jrhnld.exec:\jrhnld.exe151⤵PID:712
-
\??\c:\pttjdv.exec:\pttjdv.exe152⤵PID:2376
-
\??\c:\lhxlppj.exec:\lhxlppj.exe153⤵PID:2612
-
\??\c:\ptxbx.exec:\ptxbx.exe154⤵PID:1104
-
\??\c:\ftnpfjd.exec:\ftnpfjd.exe155⤵PID:1540
-
\??\c:\hdrhjj.exec:\hdrhjj.exe156⤵PID:1820
-
\??\c:\bfrxpj.exec:\bfrxpj.exe157⤵PID:832
-
\??\c:\vbnbl.exec:\vbnbl.exe158⤵PID:108
-
\??\c:\vxlpvb.exec:\vxlpvb.exe159⤵PID:840
-
\??\c:\pplpv.exec:\pplpv.exe160⤵PID:1356
-
\??\c:\fjtrjbr.exec:\fjtrjbr.exe161⤵PID:2800
-
\??\c:\vrrlpf.exec:\vrrlpf.exe162⤵PID:2180
-
\??\c:\ptdxnd.exec:\ptdxnd.exe163⤵PID:2260
-
\??\c:\bdbxpxn.exec:\bdbxpxn.exe164⤵PID:2108
-
\??\c:\pxlnvn.exec:\pxlnvn.exe165⤵PID:1156
-
\??\c:\lxjjpln.exec:\lxjjpln.exe166⤵PID:1736
-
\??\c:\vhbxtx.exec:\vhbxtx.exe167⤵PID:2824
-
\??\c:\pnhnbbd.exec:\pnhnbbd.exe168⤵PID:2244
-
\??\c:\tdnfj.exec:\tdnfj.exe169⤵PID:2992
-
\??\c:\dnpbn.exec:\dnpbn.exe170⤵PID:3008
-
\??\c:\pvtrfp.exec:\pvtrfp.exe171⤵PID:2412
-
\??\c:\plvrnph.exec:\plvrnph.exe172⤵PID:2896
-
\??\c:\vrjrn.exec:\vrjrn.exe173⤵PID:2928
-
\??\c:\jbbdt.exec:\jbbdt.exe174⤵PID:2776
-
\??\c:\ljpnhhh.exec:\ljpnhhh.exe175⤵PID:2856
-
\??\c:\hfpvph.exec:\hfpvph.exe176⤵PID:2408
-
\??\c:\fnxxxtl.exec:\fnxxxtl.exe177⤵PID:2228
-
\??\c:\nljthl.exec:\nljthl.exe178⤵PID:3036
-
\??\c:\jptphtt.exec:\jptphtt.exe179⤵PID:1496
-
\??\c:\phdjvrb.exec:\phdjvrb.exe180⤵PID:3048
-
\??\c:\xfvxxp.exec:\xfvxxp.exe181⤵PID:2552
-
\??\c:\tjffr.exec:\tjffr.exe182⤵PID:2140
-
\??\c:\lrvpl.exec:\lrvpl.exe183⤵PID:1832
-
\??\c:\dxvjnpp.exec:\dxvjnpp.exe184⤵PID:2448
-
\??\c:\vvffxr.exec:\vvffxr.exe185⤵PID:2044
-
\??\c:\pxbdp.exec:\pxbdp.exe186⤵PID:2036
-
\??\c:\ltxbhpt.exec:\ltxbhpt.exe187⤵PID:1280
-
\??\c:\tbfnlh.exec:\tbfnlh.exe188⤵PID:984
-
\??\c:\fxfdxrn.exec:\fxfdxrn.exe189⤵PID:568
-
\??\c:\bpbbj.exec:\bpbbj.exe190⤵PID:2452
-
\??\c:\dphdhrf.exec:\dphdhrf.exe191⤵PID:2272
-
\??\c:\fhtjhv.exec:\fhtjhv.exe192⤵PID:2700
-
\??\c:\vpnxnp.exec:\vpnxnp.exe193⤵PID:2456
-
\??\c:\dpdbl.exec:\dpdbl.exe194⤵PID:1672
-
\??\c:\nbtbhd.exec:\nbtbhd.exe195⤵PID:712
-
\??\c:\pfxtf.exec:\pfxtf.exe196⤵PID:2568
-
\??\c:\lxhnvbx.exec:\lxhnvbx.exe197⤵PID:1008
-
\??\c:\djblrvd.exec:\djblrvd.exe198⤵PID:2480
-
\??\c:\bdfnj.exec:\bdfnj.exe199⤵PID:1096
-
\??\c:\xbdxvjd.exec:\xbdxvjd.exe200⤵PID:1820
-
\??\c:\dtbfx.exec:\dtbfx.exe201⤵PID:832
-
\??\c:\nrrrn.exec:\nrrrn.exe202⤵PID:304
-
\??\c:\hpxrrn.exec:\hpxrrn.exe203⤵PID:2144
-
\??\c:\jfbfj.exec:\jfbfj.exe204⤵PID:2276
-
\??\c:\plfdn.exec:\plfdn.exe205⤵PID:880
-
\??\c:\rrxrv.exec:\rrxrv.exe206⤵PID:2180
-
\??\c:\lttvh.exec:\lttvh.exe207⤵PID:2260
-
\??\c:\hrldxfd.exec:\hrldxfd.exe208⤵PID:2336
-
\??\c:\plvprt.exec:\plvprt.exe209⤵PID:2600
-
\??\c:\lhdlj.exec:\lhdlj.exe210⤵PID:2320
-
\??\c:\vrtrnb.exec:\vrtrnb.exe211⤵PID:1632
-
\??\c:\tdhbbvx.exec:\tdhbbvx.exe212⤵PID:704
-
\??\c:\jttnhv.exec:\jttnhv.exe213⤵PID:2884
-
\??\c:\dvnvpx.exec:\dvnvpx.exe214⤵PID:2748
-
\??\c:\dldtbn.exec:\dldtbn.exe215⤵PID:3008
-
\??\c:\xdbxv.exec:\xdbxv.exe216⤵PID:2412
-
\??\c:\nxntbf.exec:\nxntbf.exe217⤵PID:2860
-
\??\c:\xjdbf.exec:\xjdbf.exe218⤵PID:2820
-
\??\c:\nxpldx.exec:\nxpldx.exe219⤵PID:2776
-
\??\c:\jtbbxx.exec:\jtbbxx.exe220⤵PID:2856
-
\??\c:\rffpj.exec:\rffpj.exe221⤵PID:2284
-
\??\c:\nfhfnhl.exec:\nfhfnhl.exe222⤵PID:2360
-
\??\c:\nlvfhrf.exec:\nlvfhrf.exe223⤵PID:580
-
\??\c:\vjnjfp.exec:\vjnjfp.exe224⤵PID:1500
-
\??\c:\bhrtlxb.exec:\bhrtlxb.exe225⤵PID:1496
-
\??\c:\lnhjvj.exec:\lnhjvj.exe226⤵PID:2308
-
\??\c:\dlbhrjx.exec:\dlbhrjx.exe227⤵PID:2552
-
\??\c:\rtvlh.exec:\rtvlh.exe228⤵PID:2840
-
\??\c:\bxnld.exec:\bxnld.exe229⤵PID:2132
-
\??\c:\rpvxj.exec:\rpvxj.exe230⤵PID:892
-
\??\c:\tbblxb.exec:\tbblxb.exe231⤵PID:1812
-
\??\c:\vtxdlp.exec:\vtxdlp.exe232⤵PID:2120
-
\??\c:\nftpd.exec:\nftpd.exe233⤵PID:1320
-
\??\c:\lrhvlhb.exec:\lrhvlhb.exe234⤵PID:2296
-
\??\c:\tjrltr.exec:\tjrltr.exe235⤵PID:984
-
\??\c:\htlttb.exec:\htlttb.exe236⤵PID:284
-
\??\c:\lhfxxr.exec:\lhfxxr.exe237⤵PID:2464
-
\??\c:\jfvpvv.exec:\jfvpvv.exe238⤵PID:768
-
\??\c:\rpphnpd.exec:\rpphnpd.exe239⤵PID:2700
-
\??\c:\xttxj.exec:\xttxj.exe240⤵PID:1948
-
\??\c:\jfrdfbn.exec:\jfrdfbn.exe241⤵PID:1532
-
\??\c:\vrxtxn.exec:\vrxtxn.exe242⤵
- System Location Discovery: System Language Discovery
PID:1064