Analysis
-
max time kernel
150s -
max time network
127s -
platform
windows7_x64 -
resource
win7-20241010-en -
resource tags
arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system -
submitted
09-11-2024 23:22
Static task
static1
Behavioral task
behavioral1
Sample
720bae37f1a34ece6142a1a1a52c06d9c6bfde69bad9f50f966e6abfb96ec6c1.exe
Resource
win7-20241010-en
General
-
Target
720bae37f1a34ece6142a1a1a52c06d9c6bfde69bad9f50f966e6abfb96ec6c1.exe
-
Size
275KB
-
MD5
81d398057527a05d601dea9487bf75d5
-
SHA1
d07bf99c5a43e87352037e2fd2e20ab8c33ad8ed
-
SHA256
720bae37f1a34ece6142a1a1a52c06d9c6bfde69bad9f50f966e6abfb96ec6c1
-
SHA512
98febc99daa728ea118de7e5106238056434ae95bbe4b48600a3cca487f3287d124b2e9c5a6fbb624ee03001d03037a59cf0d2d370e69d08147958d8f77ac204
-
SSDEEP
3072:8hOm2sI93UufdC67cimD5t251UrRE9TTFBe:8cm7ImGddXmNt251UriZFs
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 63 IoCs
Processes:
resource yara_rule behavioral1/memory/1832-7-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2564-13-0x0000000000220000-0x000000000024A000-memory.dmp family_blackmoon behavioral1/memory/2564-19-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1936-28-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1800-39-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1800-37-0x0000000000220000-0x000000000024A000-memory.dmp family_blackmoon behavioral1/memory/2396-47-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2900-64-0x0000000000220000-0x000000000024A000-memory.dmp family_blackmoon behavioral1/memory/2804-75-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2652-93-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2652-92-0x0000000000430000-0x000000000045A000-memory.dmp family_blackmoon behavioral1/memory/2652-90-0x0000000000430000-0x000000000045A000-memory.dmp family_blackmoon behavioral1/memory/2716-103-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2296-111-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1040-127-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2080-145-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1488-149-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2880-172-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2072-197-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2172-213-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1124-222-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2008-233-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2008-240-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1364-256-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2288-274-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2228-298-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1564-312-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2756-350-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2908-363-0x0000000000220000-0x000000000024A000-memory.dmp family_blackmoon behavioral1/memory/2768-372-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2664-380-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2616-393-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1804-400-0x00000000001B0000-0x00000000001DA000-memory.dmp family_blackmoon behavioral1/memory/2840-414-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2884-428-0x00000000001B0000-0x00000000001DA000-memory.dmp family_blackmoon behavioral1/memory/1964-454-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2956-467-0x0000000000220000-0x000000000024A000-memory.dmp family_blackmoon behavioral1/memory/2284-468-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2180-500-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1104-507-0x00000000003A0000-0x00000000003CA000-memory.dmp family_blackmoon behavioral1/memory/1752-521-0x0000000000220000-0x000000000024A000-memory.dmp family_blackmoon behavioral1/memory/1752-542-0x0000000000220000-0x000000000024A000-memory.dmp family_blackmoon behavioral1/memory/1144-549-0x0000000000220000-0x000000000024A000-memory.dmp family_blackmoon behavioral1/memory/760-559-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/760-557-0x0000000000220000-0x000000000024A000-memory.dmp family_blackmoon behavioral1/memory/2620-597-0x0000000000220000-0x000000000024A000-memory.dmp family_blackmoon behavioral1/memory/1936-608-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2788-641-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2804-646-0x0000000000220000-0x000000000024A000-memory.dmp family_blackmoon behavioral1/memory/2076-655-0x0000000000220000-0x000000000024A000-memory.dmp family_blackmoon behavioral1/memory/1152-699-0x0000000000220000-0x000000000024A000-memory.dmp family_blackmoon behavioral1/memory/1152-718-0x0000000000220000-0x000000000024A000-memory.dmp family_blackmoon behavioral1/memory/2888-735-0x0000000000220000-0x000000000024A000-memory.dmp family_blackmoon behavioral1/memory/2384-751-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2384-758-0x0000000000220000-0x000000000024A000-memory.dmp family_blackmoon behavioral1/memory/2384-781-0x0000000000220000-0x000000000024A000-memory.dmp family_blackmoon behavioral1/memory/584-799-0x00000000003B0000-0x00000000003DA000-memory.dmp family_blackmoon behavioral1/memory/3012-798-0x0000000000220000-0x000000000024A000-memory.dmp family_blackmoon behavioral1/memory/1504-813-0x0000000000220000-0x000000000024A000-memory.dmp family_blackmoon behavioral1/memory/1324-818-0x0000000000220000-0x000000000024A000-memory.dmp family_blackmoon behavioral1/memory/2400-826-0x00000000001B0000-0x00000000001DA000-memory.dmp family_blackmoon behavioral1/memory/276-840-0x0000000000220000-0x000000000024A000-memory.dmp family_blackmoon behavioral1/memory/2368-853-0x00000000002A0000-0x00000000002CA000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
Processes:
jbvblpt.exervjtbfn.exeftnbnj.exexbfbt.exevbxjr.exevprfdt.exeblrdtxl.exenpjhpdv.exehlnnbd.exeddftjbp.exexlvfp.exeblldhn.exevbrpjr.exeprdnbr.exefbnpnhf.exexnbtrhb.exedhfrbl.exebvhrt.exexpjhtl.exevldjv.exevtvxbr.exejhxph.exendrxvbv.exednllxfp.exelldndrn.exevxbnbn.exednlldx.exepdbtbbl.exeflpbd.exelvbnt.exenjnjd.exebthfh.exehdhpvr.exeblhhhdf.exelpltpd.exedlnrvdx.exenptnhn.exehdfdtxp.exenxxvnl.exerpdtj.exelfdpdfn.exejhnvdj.exehfdhrdn.exepfxjt.exelxhlp.exeprrnnpl.exerldrvx.exevbbbd.exefrlnf.exerllbtn.exervnnbl.exevflnrpx.exehbljvj.exerblnb.exevpfdrp.exexdlld.exevbvtbfp.exertptvvt.exejdftvlf.exedfxhvx.exennxlxll.exeftfxb.exepjptrr.exerbfdv.exepid process 2564 jbvblpt.exe 1936 rvjtbfn.exe 1800 ftnbnj.exe 2396 xbfbt.exe 1192 vbxjr.exe 2900 vprfdt.exe 2804 blrdtxl.exe 2740 npjhpdv.exe 2652 hlnnbd.exe 2716 ddftjbp.exe 2296 xlvfp.exe 1700 blldhn.exe 1040 vbrpjr.exe 1256 prdnbr.exe 2080 fbnpnhf.exe 1488 xnbtrhb.exe 1484 dhfrbl.exe 2880 bvhrt.exe 2872 xpjhtl.exe 2420 vldjv.exe 2072 vtvxbr.exe 1816 jhxph.exe 2172 ndrxvbv.exe 1124 dnllxfp.exe 964 lldndrn.exe 2008 vxbnbn.exe 580 dnlldx.exe 1364 pdbtbbl.exe 544 flpbd.exe 2288 lvbnt.exe 1020 njnjd.exe 1712 bthfh.exe 2228 hdhpvr.exe 2568 blhhhdf.exe 1564 lpltpd.exe 2352 dlnrvdx.exe 1328 nptnhn.exe 2448 hdfdtxp.exe 2480 nxxvnl.exe 2532 rpdtj.exe 2756 lfdpdfn.exe 2156 jhnvdj.exe 2908 hfdhrdn.exe 2768 pfxjt.exe 1276 lxhlp.exe 2664 prrnnpl.exe 2616 rldrvx.exe 1804 vbbbd.exe 1604 frlnf.exe 2840 rllbtn.exe 1920 rvnnbl.exe 2884 vflnrpx.exe 1256 hbljvj.exe 1196 rblnb.exe 1808 vpfdrp.exe 1964 xdlld.exe 1484 vbvtbfp.exe 2956 rtptvvt.exe 2284 jdftvlf.exe 2748 dfxhvx.exe 3024 nnxlxll.exe 1708 ftfxb.exe 2180 pjptrr.exe 1104 rbfdv.exe -
Processes:
resource yara_rule behavioral1/memory/1832-7-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2564-9-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2564-19-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1936-28-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1800-39-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2396-47-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2804-66-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2804-75-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2652-93-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2716-103-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2296-111-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1040-127-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2080-137-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2080-145-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1488-149-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2880-164-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2880-172-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2072-197-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2172-213-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1124-222-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2008-233-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2008-240-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1364-256-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2288-274-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2228-291-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2228-298-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1564-312-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2756-350-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2768-364-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2768-372-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2664-380-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2616-393-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2840-414-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1920-415-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1964-454-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2284-468-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2180-500-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/800-508-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/760-550-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2316-560-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/760-559-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2272-574-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2620-597-0x0000000000220000-0x000000000024A000-memory.dmp upx behavioral1/memory/1936-608-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1636-609-0x00000000002C0000-0x00000000002EA000-memory.dmp upx behavioral1/memory/2784-622-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2788-641-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2804-646-0x0000000000220000-0x000000000024A000-memory.dmp upx behavioral1/memory/2384-751-0x0000000000400000-0x000000000042A000-memory.dmp upx -
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
nhntvlt.exeldtdvx.exexdljlh.exeltvnfxd.exettbtpd.exejlrrt.exebdljpjf.exefjtrjtf.exepjnpf.exelfbdvlx.exejnptvn.exenptdhb.exexlhhhp.exehrbpv.exelhfrlj.exebjptf.exehhtpbbh.exebvxdbhp.exejthdvtj.exehxbhhjj.exevlxpld.exepvftlr.exehbbpl.exebhxbxt.exefbttxvh.exehpdfpff.exepnpjf.exebjhxll.exervpxj.exejjfdhx.exelbjdv.exehdfdtxp.exepfdpd.exethjfhbt.exenhddlpp.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language nhntvlt.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ldtdvx.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language xdljlh.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ltvnfxd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ttbtpd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jlrrt.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language bdljpjf.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language fjtrjtf.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language pjnpf.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language lfbdvlx.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jnptvn.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language nptdhb.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language xlhhhp.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language hrbpv.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language lhfrlj.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language bjptf.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language hhtpbbh.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language bvxdbhp.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jthdvtj.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language hxbhhjj.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language vlxpld.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language pvftlr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language hbbpl.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language bhxbxt.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language fbttxvh.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language hpdfpff.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language pnpjf.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language bjhxll.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rvpxj.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jjfdhx.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language lbjdv.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language hdfdtxp.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language pfdpd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language thjfhbt.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language nhddlpp.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
720bae37f1a34ece6142a1a1a52c06d9c6bfde69bad9f50f966e6abfb96ec6c1.exejbvblpt.exervjtbfn.exeftnbnj.exexbfbt.exevbxjr.exevprfdt.exeblrdtxl.exenpjhpdv.exehlnnbd.exeddftjbp.exexlvfp.exeblldhn.exevbrpjr.exeprdnbr.exefbnpnhf.exedescription pid process target process PID 1832 wrote to memory of 2564 1832 720bae37f1a34ece6142a1a1a52c06d9c6bfde69bad9f50f966e6abfb96ec6c1.exe jbvblpt.exe PID 1832 wrote to memory of 2564 1832 720bae37f1a34ece6142a1a1a52c06d9c6bfde69bad9f50f966e6abfb96ec6c1.exe jbvblpt.exe PID 1832 wrote to memory of 2564 1832 720bae37f1a34ece6142a1a1a52c06d9c6bfde69bad9f50f966e6abfb96ec6c1.exe jbvblpt.exe PID 1832 wrote to memory of 2564 1832 720bae37f1a34ece6142a1a1a52c06d9c6bfde69bad9f50f966e6abfb96ec6c1.exe jbvblpt.exe PID 2564 wrote to memory of 1936 2564 jbvblpt.exe rvjtbfn.exe PID 2564 wrote to memory of 1936 2564 jbvblpt.exe rvjtbfn.exe PID 2564 wrote to memory of 1936 2564 jbvblpt.exe rvjtbfn.exe PID 2564 wrote to memory of 1936 2564 jbvblpt.exe rvjtbfn.exe PID 1936 wrote to memory of 1800 1936 rvjtbfn.exe ftnbnj.exe PID 1936 wrote to memory of 1800 1936 rvjtbfn.exe ftnbnj.exe PID 1936 wrote to memory of 1800 1936 rvjtbfn.exe ftnbnj.exe PID 1936 wrote to memory of 1800 1936 rvjtbfn.exe ftnbnj.exe PID 1800 wrote to memory of 2396 1800 ftnbnj.exe xbfbt.exe PID 1800 wrote to memory of 2396 1800 ftnbnj.exe xbfbt.exe PID 1800 wrote to memory of 2396 1800 ftnbnj.exe xbfbt.exe PID 1800 wrote to memory of 2396 1800 ftnbnj.exe xbfbt.exe PID 2396 wrote to memory of 1192 2396 xbfbt.exe vbxjr.exe PID 2396 wrote to memory of 1192 2396 xbfbt.exe vbxjr.exe PID 2396 wrote to memory of 1192 2396 xbfbt.exe vbxjr.exe PID 2396 wrote to memory of 1192 2396 xbfbt.exe vbxjr.exe PID 1192 wrote to memory of 2900 1192 vbxjr.exe vprfdt.exe PID 1192 wrote to memory of 2900 1192 vbxjr.exe vprfdt.exe PID 1192 wrote to memory of 2900 1192 vbxjr.exe vprfdt.exe PID 1192 wrote to memory of 2900 1192 vbxjr.exe vprfdt.exe PID 2900 wrote to memory of 2804 2900 vprfdt.exe blrdtxl.exe PID 2900 wrote to memory of 2804 2900 vprfdt.exe blrdtxl.exe PID 2900 wrote to memory of 2804 2900 vprfdt.exe blrdtxl.exe PID 2900 wrote to memory of 2804 2900 vprfdt.exe blrdtxl.exe PID 2804 wrote to memory of 2740 2804 blrdtxl.exe npjhpdv.exe PID 2804 wrote to memory of 2740 2804 blrdtxl.exe npjhpdv.exe PID 2804 wrote to memory of 2740 2804 blrdtxl.exe npjhpdv.exe PID 2804 wrote to memory of 2740 2804 blrdtxl.exe npjhpdv.exe PID 2740 wrote to memory of 2652 2740 npjhpdv.exe hlnnbd.exe PID 2740 wrote to memory of 2652 2740 npjhpdv.exe hlnnbd.exe PID 2740 wrote to memory of 2652 2740 npjhpdv.exe hlnnbd.exe PID 2740 wrote to memory of 2652 2740 npjhpdv.exe hlnnbd.exe PID 2652 wrote to memory of 2716 2652 hlnnbd.exe ddftjbp.exe PID 2652 wrote to memory of 2716 2652 hlnnbd.exe ddftjbp.exe PID 2652 wrote to memory of 2716 2652 hlnnbd.exe ddftjbp.exe PID 2652 wrote to memory of 2716 2652 hlnnbd.exe ddftjbp.exe PID 2716 wrote to memory of 2296 2716 ddftjbp.exe xlvfp.exe PID 2716 wrote to memory of 2296 2716 ddftjbp.exe xlvfp.exe PID 2716 wrote to memory of 2296 2716 ddftjbp.exe xlvfp.exe PID 2716 wrote to memory of 2296 2716 ddftjbp.exe xlvfp.exe PID 2296 wrote to memory of 1700 2296 xlvfp.exe blldhn.exe PID 2296 wrote to memory of 1700 2296 xlvfp.exe blldhn.exe PID 2296 wrote to memory of 1700 2296 xlvfp.exe blldhn.exe PID 2296 wrote to memory of 1700 2296 xlvfp.exe blldhn.exe PID 1700 wrote to memory of 1040 1700 blldhn.exe vbrpjr.exe PID 1700 wrote to memory of 1040 1700 blldhn.exe vbrpjr.exe PID 1700 wrote to memory of 1040 1700 blldhn.exe vbrpjr.exe PID 1700 wrote to memory of 1040 1700 blldhn.exe vbrpjr.exe PID 1040 wrote to memory of 1256 1040 vbrpjr.exe prdnbr.exe PID 1040 wrote to memory of 1256 1040 vbrpjr.exe prdnbr.exe PID 1040 wrote to memory of 1256 1040 vbrpjr.exe prdnbr.exe PID 1040 wrote to memory of 1256 1040 vbrpjr.exe prdnbr.exe PID 1256 wrote to memory of 2080 1256 prdnbr.exe fbnpnhf.exe PID 1256 wrote to memory of 2080 1256 prdnbr.exe fbnpnhf.exe PID 1256 wrote to memory of 2080 1256 prdnbr.exe fbnpnhf.exe PID 1256 wrote to memory of 2080 1256 prdnbr.exe fbnpnhf.exe PID 2080 wrote to memory of 1488 2080 fbnpnhf.exe xnbtrhb.exe PID 2080 wrote to memory of 1488 2080 fbnpnhf.exe xnbtrhb.exe PID 2080 wrote to memory of 1488 2080 fbnpnhf.exe xnbtrhb.exe PID 2080 wrote to memory of 1488 2080 fbnpnhf.exe xnbtrhb.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\720bae37f1a34ece6142a1a1a52c06d9c6bfde69bad9f50f966e6abfb96ec6c1.exe"C:\Users\Admin\AppData\Local\Temp\720bae37f1a34ece6142a1a1a52c06d9c6bfde69bad9f50f966e6abfb96ec6c1.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1832 -
\??\c:\jbvblpt.exec:\jbvblpt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2564 -
\??\c:\rvjtbfn.exec:\rvjtbfn.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1936 -
\??\c:\ftnbnj.exec:\ftnbnj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1800 -
\??\c:\xbfbt.exec:\xbfbt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2396 -
\??\c:\vbxjr.exec:\vbxjr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1192 -
\??\c:\vprfdt.exec:\vprfdt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2900 -
\??\c:\blrdtxl.exec:\blrdtxl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2804 -
\??\c:\npjhpdv.exec:\npjhpdv.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2740 -
\??\c:\hlnnbd.exec:\hlnnbd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2652 -
\??\c:\ddftjbp.exec:\ddftjbp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2716 -
\??\c:\xlvfp.exec:\xlvfp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2296 -
\??\c:\blldhn.exec:\blldhn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1700 -
\??\c:\vbrpjr.exec:\vbrpjr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1040 -
\??\c:\prdnbr.exec:\prdnbr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1256 -
\??\c:\fbnpnhf.exec:\fbnpnhf.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2080 -
\??\c:\xnbtrhb.exec:\xnbtrhb.exe17⤵
- Executes dropped EXE
PID:1488 -
\??\c:\dhfrbl.exec:\dhfrbl.exe18⤵
- Executes dropped EXE
PID:1484 -
\??\c:\bvhrt.exec:\bvhrt.exe19⤵
- Executes dropped EXE
PID:2880 -
\??\c:\xpjhtl.exec:\xpjhtl.exe20⤵
- Executes dropped EXE
PID:2872 -
\??\c:\vldjv.exec:\vldjv.exe21⤵
- Executes dropped EXE
PID:2420 -
\??\c:\vtvxbr.exec:\vtvxbr.exe22⤵
- Executes dropped EXE
PID:2072 -
\??\c:\jhxph.exec:\jhxph.exe23⤵
- Executes dropped EXE
PID:1816 -
\??\c:\ndrxvbv.exec:\ndrxvbv.exe24⤵
- Executes dropped EXE
PID:2172 -
\??\c:\dnllxfp.exec:\dnllxfp.exe25⤵
- Executes dropped EXE
PID:1124 -
\??\c:\lldndrn.exec:\lldndrn.exe26⤵
- Executes dropped EXE
PID:964 -
\??\c:\vxbnbn.exec:\vxbnbn.exe27⤵
- Executes dropped EXE
PID:2008 -
\??\c:\dnlldx.exec:\dnlldx.exe28⤵
- Executes dropped EXE
PID:580 -
\??\c:\pdbtbbl.exec:\pdbtbbl.exe29⤵
- Executes dropped EXE
PID:1364 -
\??\c:\flpbd.exec:\flpbd.exe30⤵
- Executes dropped EXE
PID:544 -
\??\c:\lvbnt.exec:\lvbnt.exe31⤵
- Executes dropped EXE
PID:2288 -
\??\c:\njnjd.exec:\njnjd.exe32⤵
- Executes dropped EXE
PID:1020 -
\??\c:\bthfh.exec:\bthfh.exe33⤵
- Executes dropped EXE
PID:1712 -
\??\c:\hdhpvr.exec:\hdhpvr.exe34⤵
- Executes dropped EXE
PID:2228 -
\??\c:\blhhhdf.exec:\blhhhdf.exe35⤵
- Executes dropped EXE
PID:2568 -
\??\c:\lpltpd.exec:\lpltpd.exe36⤵
- Executes dropped EXE
PID:1564 -
\??\c:\dlnrvdx.exec:\dlnrvdx.exe37⤵
- Executes dropped EXE
PID:2352 -
\??\c:\nptnhn.exec:\nptnhn.exe38⤵
- Executes dropped EXE
PID:1328 -
\??\c:\hdfdtxp.exec:\hdfdtxp.exe39⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2448 -
\??\c:\nxxvnl.exec:\nxxvnl.exe40⤵
- Executes dropped EXE
PID:2480 -
\??\c:\rpdtj.exec:\rpdtj.exe41⤵
- Executes dropped EXE
PID:2532 -
\??\c:\lfdpdfn.exec:\lfdpdfn.exe42⤵
- Executes dropped EXE
PID:2756 -
\??\c:\jhnvdj.exec:\jhnvdj.exe43⤵
- Executes dropped EXE
PID:2156 -
\??\c:\hfdhrdn.exec:\hfdhrdn.exe44⤵
- Executes dropped EXE
PID:2908 -
\??\c:\pfxjt.exec:\pfxjt.exe45⤵
- Executes dropped EXE
PID:2768 -
\??\c:\lxhlp.exec:\lxhlp.exe46⤵
- Executes dropped EXE
PID:1276 -
\??\c:\prrnnpl.exec:\prrnnpl.exe47⤵
- Executes dropped EXE
PID:2664 -
\??\c:\rldrvx.exec:\rldrvx.exe48⤵
- Executes dropped EXE
PID:2616 -
\??\c:\vbbbd.exec:\vbbbd.exe49⤵
- Executes dropped EXE
PID:1804 -
\??\c:\frlnf.exec:\frlnf.exe50⤵
- Executes dropped EXE
PID:1604 -
\??\c:\rllbtn.exec:\rllbtn.exe51⤵
- Executes dropped EXE
PID:2840 -
\??\c:\rvnnbl.exec:\rvnnbl.exe52⤵
- Executes dropped EXE
PID:1920 -
\??\c:\vflnrpx.exec:\vflnrpx.exe53⤵
- Executes dropped EXE
PID:2884 -
\??\c:\hbljvj.exec:\hbljvj.exe54⤵
- Executes dropped EXE
PID:1256 -
\??\c:\rblnb.exec:\rblnb.exe55⤵
- Executes dropped EXE
PID:1196 -
\??\c:\vpfdrp.exec:\vpfdrp.exe56⤵
- Executes dropped EXE
PID:1808 -
\??\c:\xdlld.exec:\xdlld.exe57⤵
- Executes dropped EXE
PID:1964 -
\??\c:\vbvtbfp.exec:\vbvtbfp.exe58⤵
- Executes dropped EXE
PID:1484 -
\??\c:\rtptvvt.exec:\rtptvvt.exe59⤵
- Executes dropped EXE
PID:2956 -
\??\c:\jdftvlf.exec:\jdftvlf.exe60⤵
- Executes dropped EXE
PID:2284 -
\??\c:\dfxhvx.exec:\dfxhvx.exe61⤵
- Executes dropped EXE
PID:2748 -
\??\c:\nnxlxll.exec:\nnxlxll.exe62⤵
- Executes dropped EXE
PID:3024 -
\??\c:\ftfxb.exec:\ftfxb.exe63⤵
- Executes dropped EXE
PID:1708 -
\??\c:\pjptrr.exec:\pjptrr.exe64⤵
- Executes dropped EXE
PID:2180 -
\??\c:\rbfdv.exec:\rbfdv.exe65⤵
- Executes dropped EXE
PID:1104 -
\??\c:\jfnvddd.exec:\jfnvddd.exe66⤵PID:800
-
\??\c:\lhdlb.exec:\lhdlb.exe67⤵PID:1752
-
\??\c:\ltppr.exec:\ltppr.exe68⤵PID:1736
-
\??\c:\nbhtdxn.exec:\nbhtdxn.exe69⤵PID:1888
-
\??\c:\nlldtxt.exec:\nlldtxt.exe70⤵PID:648
-
\??\c:\rphbpf.exec:\rphbpf.exe71⤵PID:1144
-
\??\c:\pdjldf.exec:\pdjldf.exe72⤵PID:760
-
\??\c:\ttbhvf.exec:\ttbhvf.exe73⤵PID:2316
-
\??\c:\xfhtvj.exec:\xfhtvj.exe74⤵PID:1020
-
\??\c:\ffjnd.exec:\ffjnd.exe75⤵PID:2272
-
\??\c:\tdrjfvb.exec:\tdrjfvb.exe76⤵PID:1636
-
\??\c:\bjhxll.exec:\bjhxll.exe77⤵
- System Location Discovery: System Language Discovery
PID:2308 -
\??\c:\nrvxt.exec:\nrvxt.exe78⤵PID:2620
-
\??\c:\jtlvdpf.exec:\jtlvdpf.exe79⤵PID:1936
-
\??\c:\thpfbp.exec:\thpfbp.exe80⤵PID:1800
-
\??\c:\lbhvnv.exec:\lbhvnv.exe81⤵PID:2480
-
\??\c:\bvdtv.exec:\bvdtv.exe82⤵PID:2784
-
\??\c:\tntdt.exec:\tntdt.exe83⤵PID:2936
-
\??\c:\hbnvdnr.exec:\hbnvdnr.exe84⤵PID:2788
-
\??\c:\tpbltlx.exec:\tpbltlx.exe85⤵PID:2804
-
\??\c:\hxdlrr.exec:\hxdlrr.exe86⤵PID:2076
-
\??\c:\lfbdvlx.exec:\lfbdvlx.exe87⤵
- System Location Discovery: System Language Discovery
PID:2800 -
\??\c:\tlndrd.exec:\tlndrd.exe88⤵PID:2820
-
\??\c:\hjxrjb.exec:\hjxrjb.exe89⤵PID:2632
-
\??\c:\btbdnf.exec:\btbdnf.exe90⤵PID:1984
-
\??\c:\ptlxv.exec:\ptlxv.exe91⤵PID:2164
-
\??\c:\xbpvj.exec:\xbpvj.exe92⤵PID:1352
-
\??\c:\pnvbjl.exec:\pnvbjl.exe93⤵PID:1152
-
\??\c:\xtrvltl.exec:\xtrvltl.exe94⤵PID:2032
-
\??\c:\jnthnt.exec:\jnthnt.exe95⤵PID:1716
-
\??\c:\ftrlt.exec:\ftrlt.exe96⤵PID:2540
-
\??\c:\nvljph.exec:\nvljph.exe97⤵PID:1376
-
\??\c:\bxrbbtb.exec:\bxrbbtb.exe98⤵PID:1016
-
\??\c:\tvrtv.exec:\tvrtv.exe99⤵PID:2888
-
\??\c:\pdhrnr.exec:\pdhrnr.exe100⤵PID:2852
-
\??\c:\dxhdhdl.exec:\dxhdhdl.exe101⤵PID:3052
-
\??\c:\fbrxd.exec:\fbrxd.exe102⤵PID:2384
-
\??\c:\flxtvh.exec:\flxtvh.exe103⤵PID:3028
-
\??\c:\tjnbhvf.exec:\tjnbhvf.exe104⤵PID:2088
-
\??\c:\tvvtbfp.exec:\tvvtbfp.exe105⤵PID:584
-
\??\c:\dnldhpt.exec:\dnldhpt.exe106⤵PID:1788
-
\??\c:\hhlxdt.exec:\hhlxdt.exe107⤵PID:1104
-
\??\c:\vjhrdpx.exec:\vjhrdpx.exe108⤵PID:3012
-
\??\c:\rvrjlnv.exec:\rvrjlnv.exe109⤵PID:1044
-
\??\c:\bbbttjb.exec:\bbbttjb.exe110⤵PID:1504
-
\??\c:\rnhxn.exec:\rnhxn.exe111⤵PID:1324
-
\??\c:\fhnbdx.exec:\fhnbdx.exe112⤵PID:2400
-
\??\c:\nplhj.exec:\nplhj.exe113⤵PID:1852
-
\??\c:\hdlrxt.exec:\hdlrxt.exe114⤵PID:276
-
\??\c:\vbdbdd.exec:\vbdbdd.exe115⤵PID:2116
-
\??\c:\pprfjn.exec:\pprfjn.exe116⤵PID:2368
-
\??\c:\hjndbr.exec:\hjndbr.exe117⤵PID:1576
-
\??\c:\fhldxf.exec:\fhldxf.exe118⤵PID:1284
-
\??\c:\rjlvtp.exec:\rjlvtp.exe119⤵PID:2984
-
\??\c:\nhnvn.exec:\nhnvn.exe120⤵PID:1972
-
\??\c:\thlxjnv.exec:\thlxjnv.exe121⤵PID:1328
-
\??\c:\fljhv.exec:\fljhv.exe122⤵PID:2440
-
\??\c:\jrnpr.exec:\jrnpr.exe123⤵PID:2496
-
\??\c:\rhbpr.exec:\rhbpr.exe124⤵PID:2916
-
\??\c:\dblfxff.exec:\dblfxff.exe125⤵PID:2156
-
\??\c:\bttrtrx.exec:\bttrtrx.exe126⤵PID:2512
-
\??\c:\pjtrd.exec:\pjtrd.exe127⤵PID:2676
-
\??\c:\pdvjrt.exec:\pdvjrt.exe128⤵PID:2988
-
\??\c:\htvlf.exec:\htvlf.exe129⤵PID:2656
-
\??\c:\hvdrt.exec:\hvdrt.exe130⤵PID:2716
-
\??\c:\lbxjr.exec:\lbxjr.exe131⤵PID:1960
-
\??\c:\nxdlpht.exec:\nxdlpht.exe132⤵PID:556
-
\??\c:\hnlrxpp.exec:\hnlrxpp.exe133⤵PID:1648
-
\??\c:\nrbnjl.exec:\nrbnjl.exe134⤵PID:2164
-
\??\c:\nnlfl.exec:\nnlfl.exe135⤵PID:1548
-
\??\c:\pbfnb.exec:\pbfnb.exe136⤵PID:796
-
\??\c:\fbtltrp.exec:\fbtltrp.exe137⤵PID:1704
-
\??\c:\dhrdbj.exec:\dhrdbj.exe138⤵PID:660
-
\??\c:\jplnxd.exec:\jplnxd.exe139⤵PID:1940
-
\??\c:\pdvlb.exec:\pdvlb.exe140⤵PID:1964
-
\??\c:\djxdn.exec:\djxdn.exe141⤵PID:2964
-
\??\c:\phlpntl.exec:\phlpntl.exe142⤵PID:2960
-
\??\c:\fnvhl.exec:\fnvhl.exe143⤵PID:2332
-
\??\c:\vfhrpl.exec:\vfhrpl.exe144⤵PID:3052
-
\??\c:\fdlpd.exec:\fdlpd.exe145⤵PID:2072
-
\??\c:\lpvdvhr.exec:\lpvdvhr.exe146⤵PID:936
-
\??\c:\rbtljd.exec:\rbtljd.exe147⤵PID:616
-
\??\c:\vhrrdxd.exec:\vhrrdxd.exe148⤵PID:2172
-
\??\c:\jtlbrrd.exec:\jtlbrrd.exe149⤵PID:1788
-
\??\c:\dfptxn.exec:\dfptxn.exe150⤵PID:1004
-
\??\c:\htbdbdv.exec:\htbdbdv.exe151⤵PID:1752
-
\??\c:\flphbx.exec:\flphbx.exe152⤵PID:2008
-
\??\c:\dhljxb.exec:\dhljxb.exe153⤵PID:748
-
\??\c:\rjlvjx.exec:\rjlvjx.exe154⤵PID:1500
-
\??\c:\tjpxjll.exec:\tjpxjll.exe155⤵PID:1620
-
\??\c:\jjfbfb.exec:\jjfbfb.exe156⤵PID:2036
-
\??\c:\tbvdvhp.exec:\tbvdvhp.exe157⤵PID:1852
-
\??\c:\btbtfn.exec:\btbtfn.exe158⤵PID:2276
-
\??\c:\frdjpdp.exec:\frdjpdp.exe159⤵PID:2116
-
\??\c:\vvjbxth.exec:\vvjbxth.exe160⤵PID:2272
-
\??\c:\bfjrp.exec:\bfjrp.exe161⤵PID:1540
-
\??\c:\dtndt.exec:\dtndt.exe162⤵PID:1300
-
\??\c:\rjprl.exec:\rjprl.exe163⤵PID:2500
-
\??\c:\rtvtbrx.exec:\rtvtbrx.exe164⤵PID:2028
-
\??\c:\drpdhfx.exec:\drpdhfx.exe165⤵PID:2092
-
\??\c:\lbdbjf.exec:\lbdbjf.exe166⤵PID:2396
-
\??\c:\jtxdpjd.exec:\jtxdpjd.exe167⤵PID:2912
-
\??\c:\dxtlrtf.exec:\dxtlrtf.exe168⤵PID:2248
-
\??\c:\bjhpblt.exec:\bjhpblt.exe169⤵PID:2900
-
\??\c:\lrfvn.exec:\lrfvn.exe170⤵PID:2044
-
\??\c:\rxdbf.exec:\rxdbf.exe171⤵PID:2168
-
\??\c:\pdpnnhh.exec:\pdpnnhh.exe172⤵PID:2652
-
\??\c:\lxdxjj.exec:\lxdxjj.exe173⤵PID:2656
-
\??\c:\hbrdt.exec:\hbrdt.exe174⤵PID:2992
-
\??\c:\ffbvf.exec:\ffbvf.exe175⤵PID:1804
-
\??\c:\vlpvrd.exec:\vlpvrd.exe176⤵PID:556
-
\??\c:\vlxpld.exec:\vlxpld.exe177⤵
- System Location Discovery: System Language Discovery
PID:1700 -
\??\c:\fbllr.exec:\fbllr.exe178⤵PID:1784
-
\??\c:\nlbnvfb.exec:\nlbnvfb.exe179⤵PID:2640
-
\??\c:\xhvpxt.exec:\xhvpxt.exe180⤵PID:1256
-
\??\c:\drxtf.exec:\drxtf.exe181⤵PID:1948
-
\??\c:\frdpp.exec:\frdpp.exe182⤵PID:1952
-
\??\c:\hhjpdjl.exec:\hhjpdjl.exe183⤵PID:3044
-
\??\c:\ttjjldx.exec:\ttjjldx.exe184⤵PID:1764
-
\??\c:\rbdtn.exec:\rbdtn.exe185⤵PID:1028
-
\??\c:\hnlldb.exec:\hnlldb.exe186⤵PID:2420
-
\??\c:\hrhfvpd.exec:\hrhfvpd.exe187⤵PID:2432
-
\??\c:\vtbfjn.exec:\vtbfjn.exe188⤵PID:2720
-
\??\c:\fxrftn.exec:\fxrftn.exe189⤵PID:1708
-
\??\c:\fhppbt.exec:\fhppbt.exe190⤵PID:2132
-
\??\c:\pnrjx.exec:\pnrjx.exe191⤵PID:1124
-
\??\c:\ffhfbt.exec:\ffhfbt.exe192⤵PID:964
-
\??\c:\hldtdhp.exec:\hldtdhp.exe193⤵PID:3000
-
\??\c:\tlpxb.exec:\tlpxb.exe194⤵PID:1680
-
\??\c:\xnnxn.exec:\xnnxn.exe195⤵PID:1044
-
\??\c:\dfdjvt.exec:\dfdjvt.exe196⤵PID:1364
-
\??\c:\dfbnjth.exec:\dfbnjth.exe197⤵PID:1556
-
\??\c:\nhnhfpl.exec:\nhnhfpl.exe198⤵PID:2204
-
\??\c:\btbvtx.exec:\btbvtx.exe199⤵PID:2524
-
\??\c:\hdbntjd.exec:\hdbntjd.exe200⤵PID:1408
-
\??\c:\tlllpnj.exec:\tlllpnj.exe201⤵PID:672
-
\??\c:\nvldpr.exec:\nvldpr.exe202⤵PID:2228
-
\??\c:\rfdxlp.exec:\rfdxlp.exe203⤵PID:1796
-
\??\c:\dfhrb.exec:\dfhrb.exe204⤵PID:1560
-
\??\c:\jthdvtj.exec:\jthdvtj.exe205⤵
- System Location Discovery: System Language Discovery
PID:1284 -
\??\c:\rthrp.exec:\rthrp.exe206⤵PID:2600
-
\??\c:\ljxxj.exec:\ljxxj.exe207⤵PID:2744
-
\??\c:\vjdxdv.exec:\vjdxdv.exe208⤵PID:2176
-
\??\c:\xxfxhd.exec:\xxfxhd.exe209⤵PID:2480
-
\??\c:\rljvvhh.exec:\rljvvhh.exe210⤵PID:2928
-
\??\c:\lfldttb.exec:\lfldttb.exe211⤵PID:2920
-
\??\c:\jrdffjh.exec:\jrdffjh.exe212⤵PID:2756
-
\??\c:\rfldx.exec:\rfldx.exe213⤵PID:2512
-
\??\c:\txplbht.exec:\txplbht.exe214⤵PID:2684
-
\??\c:\tfjtlv.exec:\tfjtlv.exe215⤵PID:2664
-
\??\c:\trpxflx.exec:\trpxflx.exe216⤵PID:2652
-
\??\c:\brrnx.exec:\brrnx.exe217⤵PID:1676
-
\??\c:\bxppp.exec:\bxppp.exe218⤵PID:1032
-
\??\c:\xbhhf.exec:\xbhhf.exe219⤵PID:1036
-
\??\c:\vlxdbf.exec:\vlxdbf.exe220⤵PID:2832
-
\??\c:\frpxx.exec:\frpxx.exe221⤵PID:2840
-
\??\c:\lvnrptb.exec:\lvnrptb.exe222⤵PID:2884
-
\??\c:\ltlhpr.exec:\ltlhpr.exe223⤵PID:2080
-
\??\c:\fhjnv.exec:\fhjnv.exe224⤵PID:1608
-
\??\c:\ttxlbft.exec:\ttxlbft.exe225⤵PID:1488
-
\??\c:\rxfvjd.exec:\rxfvjd.exe226⤵PID:1656
-
\??\c:\hjrhdbx.exec:\hjrhdbx.exe227⤵PID:1964
-
\??\c:\fdtlt.exec:\fdtlt.exe228⤵PID:3044
-
\??\c:\vpthjp.exec:\vpthjp.exe229⤵PID:2360
-
\??\c:\hhtpbbh.exec:\hhtpbbh.exe230⤵
- System Location Discovery: System Language Discovery
PID:1028 -
\??\c:\rvjvttx.exec:\rvjvttx.exe231⤵PID:1864
-
\??\c:\vlpnp.exec:\vlpnp.exe232⤵PID:2432
-
\??\c:\dlbnpd.exec:\dlbnpd.exe233⤵PID:2720
-
\??\c:\xlppxhn.exec:\xlppxhn.exe234⤵PID:1708
-
\??\c:\pbbrl.exec:\pbbrl.exe235⤵PID:1744
-
\??\c:\jndtdpf.exec:\jndtdpf.exe236⤵PID:1392
-
\??\c:\lftjdxl.exec:\lftjdxl.exe237⤵PID:1104
-
\??\c:\xlltr.exec:\xlltr.exe238⤵PID:3012
-
\??\c:\bhfxhr.exec:\bhfxhr.exe239⤵PID:1736
-
\??\c:\nvlvv.exec:\nvlvv.exe240⤵PID:1692
-
\??\c:\hrtxnhv.exec:\hrtxnhv.exe241⤵PID:1248
-
\??\c:\fjjjt.exec:\fjjjt.exe242⤵PID:272