Analysis
-
max time kernel
150s -
max time network
140s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
09-11-2024 23:22
Static task
static1
Behavioral task
behavioral1
Sample
723309ad292f1dccdc04adf25f1f2a32530a783785340e23ba683039a67fa715.exe
Resource
win7-20240903-en
General
-
Target
723309ad292f1dccdc04adf25f1f2a32530a783785340e23ba683039a67fa715.exe
-
Size
69KB
-
MD5
6d7f6ac74f3c76afb193faf660e92653
-
SHA1
6c094bf9d95ce1cc6e3afcd2861564ad9e984c50
-
SHA256
723309ad292f1dccdc04adf25f1f2a32530a783785340e23ba683039a67fa715
-
SHA512
1d8e210a2328d44770f769af15d81422ace240eaf9610dadfaf32bf820175ddc845eb9f4b76091fe2880ac0fbeeb72ce2085ded209d603fe4e8564ee2343e598
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDIFdJULh1214ar47:ymb3NkkiQ3mdBjFIFdJmdar47
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 29 IoCs
Processes:
resource yara_rule behavioral2/memory/408-3-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/408-7-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5008-11-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4472-18-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3888-25-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4416-30-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4284-44-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2520-54-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3416-63-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2416-66-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5104-72-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3556-84-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4248-91-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4928-96-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3668-102-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/216-108-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1940-114-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2784-120-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2420-127-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3336-131-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/60-138-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4592-144-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/644-150-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2392-161-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4768-168-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4320-174-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1556-185-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3164-203-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4732-211-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
Processes:
ttttnn.exejpppp.exexrrlrrr.exerrfxlfx.exennnhbt.exe1dpdj.exelfxrlfr.exennttnh.exevddvj.exe3xfxllx.exebhnnhh.exepjjdd.exepjvpp.exerlfxlfx.exentnnnn.exejjvjp.exelrxrfxr.exenhhbnh.exe7ppjv.exe5rxfrlx.exebtntnt.exejddpj.exerxfflfl.exetbhbnn.exevjvjp.exelrxxrrx.exe7nbbbt.exebnnhtn.exevpvjj.exerxrlfxr.exexlrlxrf.exe9pvpd.exe7jddv.exefrffxxx.exethbbtt.exe3tnhnh.exe9dvjv.exevpddp.exeffrlfff.exerxfxlxr.exebbhhhn.exennnnnh.exedjjjj.exe5vvvv.exerfxffll.exelflxrrx.exe7tbbtt.exetbhhhh.exeddjdp.exe3jvpj.exedppdd.exelxffflx.exe5llfxxr.exenbhbtt.exehttbtb.exevpjvv.exepvjdv.exeffffrfl.exefrlllxx.exennhhbb.exehttnhh.exe5dddp.exevjjpd.exexxxrrll.exepid process 5008 ttttnn.exe 4472 jpppp.exe 3888 xrrlrrr.exe 4416 rrfxlfx.exe 4284 nnnhbt.exe 2520 1dpdj.exe 3416 lfxrlfr.exe 2416 nnttnh.exe 5104 vddvj.exe 3556 3xfxllx.exe 4248 bhnnhh.exe 4928 pjjdd.exe 3668 pjvpp.exe 216 rlfxlfx.exe 1940 ntnnnn.exe 2784 jjvjp.exe 2420 lrxrfxr.exe 3336 nhhbnh.exe 60 7ppjv.exe 4592 5rxfrlx.exe 644 btntnt.exe 3656 jddpj.exe 2392 rxfflfl.exe 4768 tbhbnn.exe 4320 vjvjp.exe 4944 lrxxrrx.exe 1556 7nbbbt.exe 4228 bnnhtn.exe 1392 vpvjj.exe 3164 rxrlfxr.exe 4732 xlrlxrf.exe 1752 9pvpd.exe 2472 7jddv.exe 3084 frffxxx.exe 3360 thbbtt.exe 952 3tnhnh.exe 1424 9dvjv.exe 3068 vpddp.exe 2180 ffrlfff.exe 528 rxfxlxr.exe 1484 bbhhhn.exe 684 nnnnnh.exe 5068 djjjj.exe 3652 5vvvv.exe 1960 rfxffll.exe 3240 lflxrrx.exe 2224 7tbbtt.exe 5044 tbhhhh.exe 3972 ddjdp.exe 3924 3jvpj.exe 4020 dppdd.exe 4492 lxffflx.exe 4092 5llfxxr.exe 1420 nbhbtt.exe 1624 httbtb.exe 2984 vpjvv.exe 2764 pvjdv.exe 4808 ffffrfl.exe 3960 frlllxx.exe 3856 nnhhbb.exe 2164 httnhh.exe 3112 5dddp.exe 1712 vjjpd.exe 2900 xxxrrll.exe -
Processes:
resource yara_rule behavioral2/memory/408-3-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/408-7-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5008-11-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4472-18-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3888-25-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4284-40-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4284-39-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4416-30-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4284-44-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2520-49-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2520-48-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2520-47-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2520-54-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3416-57-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3416-63-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2416-66-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/5104-72-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3556-80-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3556-79-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3556-84-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4248-91-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4928-96-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3668-102-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/216-108-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1940-114-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2784-120-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2420-127-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3336-131-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/60-138-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4592-144-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/644-150-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/2392-161-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4768-168-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4320-174-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/1556-185-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/3164-203-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral2/memory/4732-211-0x0000000000400000-0x0000000000429000-memory.dmp upx -
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
5btnhh.exethtbbh.exerlffrrr.exe3bthtn.exebbtttb.exelxfxxrl.exe5pvjv.exedjpjj.exeflffrlx.exehnhthb.exepjjvp.exedjpjv.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 5btnhh.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language thtbbh.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rlffrrr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 3bthtn.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language bbtttb.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language lxfxxrl.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 5pvjv.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language djpjj.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language flffrlx.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language hnhthb.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language pjjvp.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language djpjv.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
723309ad292f1dccdc04adf25f1f2a32530a783785340e23ba683039a67fa715.exettttnn.exejpppp.exexrrlrrr.exerrfxlfx.exennnhbt.exe1dpdj.exelfxrlfr.exennttnh.exevddvj.exe3xfxllx.exebhnnhh.exepjjdd.exepjvpp.exerlfxlfx.exentnnnn.exejjvjp.exelrxrfxr.exenhhbnh.exe7ppjv.exe5rxfrlx.exebtntnt.exedescription pid process target process PID 408 wrote to memory of 5008 408 723309ad292f1dccdc04adf25f1f2a32530a783785340e23ba683039a67fa715.exe ttttnn.exe PID 408 wrote to memory of 5008 408 723309ad292f1dccdc04adf25f1f2a32530a783785340e23ba683039a67fa715.exe ttttnn.exe PID 408 wrote to memory of 5008 408 723309ad292f1dccdc04adf25f1f2a32530a783785340e23ba683039a67fa715.exe ttttnn.exe PID 5008 wrote to memory of 4472 5008 ttttnn.exe jpppp.exe PID 5008 wrote to memory of 4472 5008 ttttnn.exe jpppp.exe PID 5008 wrote to memory of 4472 5008 ttttnn.exe jpppp.exe PID 4472 wrote to memory of 3888 4472 jpppp.exe xrrlrrr.exe PID 4472 wrote to memory of 3888 4472 jpppp.exe xrrlrrr.exe PID 4472 wrote to memory of 3888 4472 jpppp.exe xrrlrrr.exe PID 3888 wrote to memory of 4416 3888 xrrlrrr.exe rrfxlfx.exe PID 3888 wrote to memory of 4416 3888 xrrlrrr.exe rrfxlfx.exe PID 3888 wrote to memory of 4416 3888 xrrlrrr.exe rrfxlfx.exe PID 4416 wrote to memory of 4284 4416 rrfxlfx.exe nnnhbt.exe PID 4416 wrote to memory of 4284 4416 rrfxlfx.exe nnnhbt.exe PID 4416 wrote to memory of 4284 4416 rrfxlfx.exe nnnhbt.exe PID 4284 wrote to memory of 2520 4284 nnnhbt.exe 1dpdj.exe PID 4284 wrote to memory of 2520 4284 nnnhbt.exe 1dpdj.exe PID 4284 wrote to memory of 2520 4284 nnnhbt.exe 1dpdj.exe PID 2520 wrote to memory of 3416 2520 1dpdj.exe lfxrlfr.exe PID 2520 wrote to memory of 3416 2520 1dpdj.exe lfxrlfr.exe PID 2520 wrote to memory of 3416 2520 1dpdj.exe lfxrlfr.exe PID 3416 wrote to memory of 2416 3416 lfxrlfr.exe nnttnh.exe PID 3416 wrote to memory of 2416 3416 lfxrlfr.exe nnttnh.exe PID 3416 wrote to memory of 2416 3416 lfxrlfr.exe nnttnh.exe PID 2416 wrote to memory of 5104 2416 nnttnh.exe vddvj.exe PID 2416 wrote to memory of 5104 2416 nnttnh.exe vddvj.exe PID 2416 wrote to memory of 5104 2416 nnttnh.exe vddvj.exe PID 5104 wrote to memory of 3556 5104 vddvj.exe 3xfxllx.exe PID 5104 wrote to memory of 3556 5104 vddvj.exe 3xfxllx.exe PID 5104 wrote to memory of 3556 5104 vddvj.exe 3xfxllx.exe PID 3556 wrote to memory of 4248 3556 3xfxllx.exe bhnnhh.exe PID 3556 wrote to memory of 4248 3556 3xfxllx.exe bhnnhh.exe PID 3556 wrote to memory of 4248 3556 3xfxllx.exe bhnnhh.exe PID 4248 wrote to memory of 4928 4248 bhnnhh.exe pjjdd.exe PID 4248 wrote to memory of 4928 4248 bhnnhh.exe pjjdd.exe PID 4248 wrote to memory of 4928 4248 bhnnhh.exe pjjdd.exe PID 4928 wrote to memory of 3668 4928 pjjdd.exe pjvpp.exe PID 4928 wrote to memory of 3668 4928 pjjdd.exe pjvpp.exe PID 4928 wrote to memory of 3668 4928 pjjdd.exe pjvpp.exe PID 3668 wrote to memory of 216 3668 pjvpp.exe rlfxlfx.exe PID 3668 wrote to memory of 216 3668 pjvpp.exe rlfxlfx.exe PID 3668 wrote to memory of 216 3668 pjvpp.exe rlfxlfx.exe PID 216 wrote to memory of 1940 216 rlfxlfx.exe ntnnnn.exe PID 216 wrote to memory of 1940 216 rlfxlfx.exe ntnnnn.exe PID 216 wrote to memory of 1940 216 rlfxlfx.exe ntnnnn.exe PID 1940 wrote to memory of 2784 1940 ntnnnn.exe jjvjp.exe PID 1940 wrote to memory of 2784 1940 ntnnnn.exe jjvjp.exe PID 1940 wrote to memory of 2784 1940 ntnnnn.exe jjvjp.exe PID 2784 wrote to memory of 2420 2784 jjvjp.exe lrxrfxr.exe PID 2784 wrote to memory of 2420 2784 jjvjp.exe lrxrfxr.exe PID 2784 wrote to memory of 2420 2784 jjvjp.exe lrxrfxr.exe PID 2420 wrote to memory of 3336 2420 lrxrfxr.exe nhhbnh.exe PID 2420 wrote to memory of 3336 2420 lrxrfxr.exe nhhbnh.exe PID 2420 wrote to memory of 3336 2420 lrxrfxr.exe nhhbnh.exe PID 3336 wrote to memory of 60 3336 nhhbnh.exe 7ppjv.exe PID 3336 wrote to memory of 60 3336 nhhbnh.exe 7ppjv.exe PID 3336 wrote to memory of 60 3336 nhhbnh.exe 7ppjv.exe PID 60 wrote to memory of 4592 60 7ppjv.exe 5rxfrlx.exe PID 60 wrote to memory of 4592 60 7ppjv.exe 5rxfrlx.exe PID 60 wrote to memory of 4592 60 7ppjv.exe 5rxfrlx.exe PID 4592 wrote to memory of 644 4592 5rxfrlx.exe btntnt.exe PID 4592 wrote to memory of 644 4592 5rxfrlx.exe btntnt.exe PID 4592 wrote to memory of 644 4592 5rxfrlx.exe btntnt.exe PID 644 wrote to memory of 3656 644 btntnt.exe jddpj.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\723309ad292f1dccdc04adf25f1f2a32530a783785340e23ba683039a67fa715.exe"C:\Users\Admin\AppData\Local\Temp\723309ad292f1dccdc04adf25f1f2a32530a783785340e23ba683039a67fa715.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:408 -
\??\c:\ttttnn.exec:\ttttnn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5008 -
\??\c:\jpppp.exec:\jpppp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4472 -
\??\c:\xrrlrrr.exec:\xrrlrrr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3888 -
\??\c:\rrfxlfx.exec:\rrfxlfx.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4416 -
\??\c:\nnnhbt.exec:\nnnhbt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4284 -
\??\c:\1dpdj.exec:\1dpdj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2520 -
\??\c:\lfxrlfr.exec:\lfxrlfr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3416 -
\??\c:\nnttnh.exec:\nnttnh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2416 -
\??\c:\vddvj.exec:\vddvj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5104 -
\??\c:\3xfxllx.exec:\3xfxllx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3556 -
\??\c:\bhnnhh.exec:\bhnnhh.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4248 -
\??\c:\pjjdd.exec:\pjjdd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4928 -
\??\c:\pjvpp.exec:\pjvpp.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3668 -
\??\c:\rlfxlfx.exec:\rlfxlfx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:216 -
\??\c:\ntnnnn.exec:\ntnnnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1940 -
\??\c:\jjvjp.exec:\jjvjp.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2784 -
\??\c:\lrxrfxr.exec:\lrxrfxr.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2420 -
\??\c:\nhhbnh.exec:\nhhbnh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3336 -
\??\c:\7ppjv.exec:\7ppjv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:60 -
\??\c:\5rxfrlx.exec:\5rxfrlx.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4592 -
\??\c:\btntnt.exec:\btntnt.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:644 -
\??\c:\jddpj.exec:\jddpj.exe23⤵
- Executes dropped EXE
PID:3656 -
\??\c:\rxfflfl.exec:\rxfflfl.exe24⤵
- Executes dropped EXE
PID:2392 -
\??\c:\tbhbnn.exec:\tbhbnn.exe25⤵
- Executes dropped EXE
PID:4768 -
\??\c:\vjvjp.exec:\vjvjp.exe26⤵
- Executes dropped EXE
PID:4320 -
\??\c:\lrxxrrx.exec:\lrxxrrx.exe27⤵
- Executes dropped EXE
PID:4944 -
\??\c:\7nbbbt.exec:\7nbbbt.exe28⤵
- Executes dropped EXE
PID:1556 -
\??\c:\bnnhtn.exec:\bnnhtn.exe29⤵
- Executes dropped EXE
PID:4228 -
\??\c:\vpvjj.exec:\vpvjj.exe30⤵
- Executes dropped EXE
PID:1392 -
\??\c:\rxrlfxr.exec:\rxrlfxr.exe31⤵
- Executes dropped EXE
PID:3164 -
\??\c:\xlrlxrf.exec:\xlrlxrf.exe32⤵
- Executes dropped EXE
PID:4732 -
\??\c:\9pvpd.exec:\9pvpd.exe33⤵
- Executes dropped EXE
PID:1752 -
\??\c:\7jddv.exec:\7jddv.exe34⤵
- Executes dropped EXE
PID:2472 -
\??\c:\frffxxx.exec:\frffxxx.exe35⤵
- Executes dropped EXE
PID:3084 -
\??\c:\thbbtt.exec:\thbbtt.exe36⤵
- Executes dropped EXE
PID:3360 -
\??\c:\3tnhnh.exec:\3tnhnh.exe37⤵
- Executes dropped EXE
PID:952 -
\??\c:\9dvjv.exec:\9dvjv.exe38⤵
- Executes dropped EXE
PID:1424 -
\??\c:\vpddp.exec:\vpddp.exe39⤵
- Executes dropped EXE
PID:3068 -
\??\c:\ffrlfff.exec:\ffrlfff.exe40⤵
- Executes dropped EXE
PID:2180 -
\??\c:\rxfxlxr.exec:\rxfxlxr.exe41⤵
- Executes dropped EXE
PID:528 -
\??\c:\bbhhhn.exec:\bbhhhn.exe42⤵
- Executes dropped EXE
PID:1484 -
\??\c:\nnnnnh.exec:\nnnnnh.exe43⤵
- Executes dropped EXE
PID:684 -
\??\c:\djjjj.exec:\djjjj.exe44⤵
- Executes dropped EXE
PID:5068 -
\??\c:\5vvvv.exec:\5vvvv.exe45⤵
- Executes dropped EXE
PID:3652 -
\??\c:\rfxffll.exec:\rfxffll.exe46⤵
- Executes dropped EXE
PID:1960 -
\??\c:\lflxrrx.exec:\lflxrrx.exe47⤵
- Executes dropped EXE
PID:3240 -
\??\c:\7tbbtt.exec:\7tbbtt.exe48⤵
- Executes dropped EXE
PID:2224 -
\??\c:\tbhhhh.exec:\tbhhhh.exe49⤵
- Executes dropped EXE
PID:5044 -
\??\c:\ddjdp.exec:\ddjdp.exe50⤵
- Executes dropped EXE
PID:3972 -
\??\c:\3jvpj.exec:\3jvpj.exe51⤵
- Executes dropped EXE
PID:3924 -
\??\c:\dppdd.exec:\dppdd.exe52⤵
- Executes dropped EXE
PID:4020 -
\??\c:\lxffflx.exec:\lxffflx.exe53⤵
- Executes dropped EXE
PID:4492 -
\??\c:\5llfxxr.exec:\5llfxxr.exe54⤵
- Executes dropped EXE
PID:4092 -
\??\c:\nbhbtt.exec:\nbhbtt.exe55⤵
- Executes dropped EXE
PID:1420 -
\??\c:\httbtb.exec:\httbtb.exe56⤵
- Executes dropped EXE
PID:1624 -
\??\c:\vpjvv.exec:\vpjvv.exe57⤵
- Executes dropped EXE
PID:2984 -
\??\c:\pvjdv.exec:\pvjdv.exe58⤵
- Executes dropped EXE
PID:2764 -
\??\c:\ffffrfl.exec:\ffffrfl.exe59⤵
- Executes dropped EXE
PID:4808 -
\??\c:\frlllxx.exec:\frlllxx.exe60⤵
- Executes dropped EXE
PID:3960 -
\??\c:\nnhhbb.exec:\nnhhbb.exe61⤵
- Executes dropped EXE
PID:3856 -
\??\c:\httnhh.exec:\httnhh.exe62⤵
- Executes dropped EXE
PID:2164 -
\??\c:\5dddp.exec:\5dddp.exe63⤵
- Executes dropped EXE
PID:3112 -
\??\c:\vjjpd.exec:\vjjpd.exe64⤵
- Executes dropped EXE
PID:1712 -
\??\c:\xxxrrll.exec:\xxxrrll.exe65⤵
- Executes dropped EXE
PID:2900 -
\??\c:\1rffxxx.exec:\1rffxxx.exe66⤵PID:3236
-
\??\c:\hhnntt.exec:\hhnntt.exe67⤵PID:916
-
\??\c:\hhhbbb.exec:\hhhbbb.exe68⤵PID:2212
-
\??\c:\ddjjp.exec:\ddjjp.exe69⤵PID:4364
-
\??\c:\vpppv.exec:\vpppv.exe70⤵PID:3448
-
\??\c:\xllfxxr.exec:\xllfxxr.exe71⤵PID:3656
-
\??\c:\fxfxrrl.exec:\fxfxrrl.exe72⤵PID:4176
-
\??\c:\bbtttb.exec:\bbtttb.exe73⤵
- System Location Discovery: System Language Discovery
PID:2928 -
\??\c:\nnttbb.exec:\nnttbb.exe74⤵PID:2772
-
\??\c:\7vvdp.exec:\7vvdp.exe75⤵PID:4568
-
\??\c:\dvvpp.exec:\dvvpp.exe76⤵PID:4944
-
\??\c:\lfrrllr.exec:\lfrrllr.exe77⤵PID:4268
-
\??\c:\5rxxfff.exec:\5rxxfff.exe78⤵PID:3380
-
\??\c:\hbtntt.exec:\hbtntt.exe79⤵PID:3600
-
\??\c:\nhhtnn.exec:\nhhtnn.exe80⤵PID:4848
-
\??\c:\djddp.exec:\djddp.exe81⤵PID:3164
-
\??\c:\jdjdp.exec:\jdjdp.exe82⤵PID:5060
-
\??\c:\lfllffx.exec:\lfllffx.exe83⤵PID:2400
-
\??\c:\rlxxrff.exec:\rlxxrff.exe84⤵PID:3944
-
\??\c:\ntbbbb.exec:\ntbbbb.exe85⤵PID:4264
-
\??\c:\1ntbnn.exec:\1ntbnn.exe86⤵PID:3436
-
\??\c:\jvdvp.exec:\jvdvp.exe87⤵PID:4480
-
\??\c:\jdjdp.exec:\jdjdp.exe88⤵PID:4436
-
\??\c:\7pjdp.exec:\7pjdp.exe89⤵PID:1708
-
\??\c:\rrrrlxx.exec:\rrrrlxx.exe90⤵PID:3260
-
\??\c:\rrllrxx.exec:\rrllrxx.exe91⤵PID:4200
-
\??\c:\hthbtt.exec:\hthbtt.exe92⤵PID:2328
-
\??\c:\thnbbt.exec:\thnbbt.exe93⤵PID:1636
-
\??\c:\jddjj.exec:\jddjj.exe94⤵PID:2808
-
\??\c:\jjvpj.exec:\jjvpj.exe95⤵PID:3632
-
\??\c:\9rrxffr.exec:\9rrxffr.exe96⤵PID:5016
-
\??\c:\httnnn.exec:\httnnn.exe97⤵PID:4584
-
\??\c:\ttnnhn.exec:\ttnnhn.exe98⤵PID:3912
-
\??\c:\9ntnhh.exec:\9ntnhh.exe99⤵PID:4048
-
\??\c:\7vppv.exec:\7vppv.exe100⤵PID:5044
-
\??\c:\5jjvp.exec:\5jjvp.exe101⤵PID:4296
-
\??\c:\flxlffx.exec:\flxlffx.exe102⤵PID:3412
-
\??\c:\ffxlffx.exec:\ffxlffx.exe103⤵PID:4860
-
\??\c:\bthnnn.exec:\bthnnn.exe104⤵PID:840
-
\??\c:\1htbnt.exec:\1htbnt.exe105⤵PID:4092
-
\??\c:\jpdvp.exec:\jpdvp.exe106⤵PID:1452
-
\??\c:\dvddp.exec:\dvddp.exe107⤵PID:4820
-
\??\c:\1rfxllx.exec:\1rfxllx.exe108⤵PID:3172
-
\??\c:\llffllr.exec:\llffllr.exe109⤵PID:2764
-
\??\c:\9bnbtt.exec:\9bnbtt.exe110⤵PID:2676
-
\??\c:\hhhttt.exec:\hhhttt.exe111⤵PID:1640
-
\??\c:\pjvpv.exec:\pjvpv.exe112⤵PID:3856
-
\??\c:\rflllll.exec:\rflllll.exe113⤵PID:516
-
\??\c:\3lrrrrr.exec:\3lrrrrr.exe114⤵PID:4712
-
\??\c:\9bhhtt.exec:\9bhhtt.exe115⤵PID:1712
-
\??\c:\3bhhhh.exec:\3bhhhh.exe116⤵PID:1836
-
\??\c:\vdjjd.exec:\vdjjd.exe117⤵PID:3236
-
\??\c:\3jppj.exec:\3jppj.exe118⤵PID:4432
-
\??\c:\lxfrrfl.exec:\lxfrrfl.exe119⤵PID:1924
-
\??\c:\lxfllrr.exec:\lxfllrr.exe120⤵PID:4892
-
\??\c:\hnthbh.exec:\hnthbh.exe121⤵PID:3448
-
\??\c:\dppdj.exec:\dppdj.exe122⤵PID:4608
-
\??\c:\jvdvv.exec:\jvdvv.exe123⤵PID:2084
-
\??\c:\5dddv.exec:\5dddv.exe124⤵PID:1544
-
\??\c:\5frlrxf.exec:\5frlrxf.exe125⤵PID:4456
-
\??\c:\frlllrl.exec:\frlllrl.exe126⤵PID:3468
-
\??\c:\bhhhbb.exec:\bhhhbb.exe127⤵PID:2160
-
\??\c:\tnnhbh.exec:\tnnhbh.exe128⤵PID:4184
-
\??\c:\pddvj.exec:\pddvj.exe129⤵PID:4884
-
\??\c:\djjdp.exec:\djjdp.exe130⤵PID:2476
-
\??\c:\rffrxrf.exec:\rffrxrf.exe131⤵PID:4732
-
\??\c:\xllfrrr.exec:\xllfrrr.exe132⤵PID:5064
-
\??\c:\nbtntb.exec:\nbtntb.exe133⤵PID:1124
-
\??\c:\nhnhnt.exec:\nhnhnt.exe134⤵PID:2608
-
\??\c:\jvvvv.exec:\jvvvv.exe135⤵PID:1576
-
\??\c:\3xxlllf.exec:\3xxlllf.exe136⤵PID:4408
-
\??\c:\xrxxfff.exec:\xrxxfff.exe137⤵PID:1500
-
\??\c:\fxlrlll.exec:\fxlrlll.exe138⤵PID:4720
-
\??\c:\hhbnth.exec:\hhbnth.exe139⤵PID:2080
-
\??\c:\hthnbt.exec:\hthnbt.exe140⤵PID:4864
-
\??\c:\pdjdv.exec:\pdjdv.exe141⤵PID:3896
-
\??\c:\5rlfrrr.exec:\5rlfrrr.exe142⤵PID:684
-
\??\c:\rlrlrll.exec:\rlrlrll.exe143⤵PID:2448
-
\??\c:\nthhbb.exec:\nthhbb.exe144⤵PID:2768
-
\??\c:\bttnnn.exec:\bttnnn.exe145⤵PID:2788
-
\??\c:\vjvpj.exec:\vjvpj.exe146⤵PID:3240
-
\??\c:\1jjdv.exec:\1jjdv.exe147⤵PID:2224
-
\??\c:\flxrfff.exec:\flxrfff.exe148⤵PID:4596
-
\??\c:\9rffllr.exec:\9rffllr.exe149⤵PID:3972
-
\??\c:\tnttnn.exec:\tnttnn.exe150⤵PID:3924
-
\??\c:\jdpvd.exec:\jdpvd.exe151⤵PID:4020
-
\??\c:\dvppp.exec:\dvppp.exe152⤵PID:4492
-
\??\c:\rlxrfxl.exec:\rlxrfxl.exe153⤵PID:4380
-
\??\c:\lxffxfx.exec:\lxffxfx.exe154⤵PID:840
-
\??\c:\bhhhbn.exec:\bhhhbn.exe155⤵PID:1624
-
\??\c:\9hbttt.exec:\9hbttt.exe156⤵PID:1764
-
\??\c:\5jpjd.exec:\5jpjd.exe157⤵PID:2324
-
\??\c:\rlffrrr.exec:\rlffrrr.exe158⤵
- System Location Discovery: System Language Discovery
PID:3852 -
\??\c:\rflrrxx.exec:\rflrrxx.exe159⤵PID:2076
-
\??\c:\hnbnhh.exec:\hnbnhh.exe160⤵PID:2260
-
\??\c:\bthntb.exec:\bthntb.exe161⤵PID:4588
-
\??\c:\jjdpp.exec:\jjdpp.exe162⤵PID:2388
-
\??\c:\jvpjd.exec:\jvpjd.exe163⤵PID:1816
-
\??\c:\llllxxx.exec:\llllxxx.exe164⤵PID:2060
-
\??\c:\7rrlllf.exec:\7rrlllf.exe165⤵PID:1836
-
\??\c:\hhhhbh.exec:\hhhhbh.exe166⤵PID:3236
-
\??\c:\nhbntn.exec:\nhbntn.exe167⤵PID:4120
-
\??\c:\pjppv.exec:\pjppv.exe168⤵PID:212
-
\??\c:\vpvvp.exec:\vpvvp.exe169⤵PID:1192
-
\??\c:\frfxxxx.exec:\frfxxxx.exe170⤵PID:1720
-
\??\c:\rxxxxrr.exec:\rxxxxrr.exe171⤵PID:1996
-
\??\c:\nhtttt.exec:\nhtttt.exe172⤵PID:1392
-
\??\c:\9tnhbh.exec:\9tnhbh.exe173⤵PID:3600
-
\??\c:\vppjd.exec:\vppjd.exe174⤵PID:2408
-
\??\c:\dvjdd.exec:\dvjdd.exe175⤵PID:2476
-
\??\c:\pjjdv.exec:\pjjdv.exe176⤵PID:4932
-
\??\c:\xlrfxxr.exec:\xlrfxxr.exe177⤵PID:2860
-
\??\c:\lfffffx.exec:\lfffffx.exe178⤵PID:2472
-
\??\c:\thtbbh.exec:\thtbbh.exe179⤵
- System Location Discovery: System Language Discovery
PID:1176 -
\??\c:\3nhbnb.exec:\3nhbnb.exe180⤵PID:1424
-
\??\c:\hhbhbb.exec:\hhbhbb.exe181⤵PID:3068
-
\??\c:\pjddd.exec:\pjddd.exe182⤵PID:408
-
\??\c:\pjvvv.exec:\pjvvv.exe183⤵PID:2340
-
\??\c:\tnthnn.exec:\tnthnn.exe184⤵PID:4080
-
\??\c:\nhbhht.exec:\nhbhht.exe185⤵PID:4448
-
\??\c:\7ppvv.exec:\7ppvv.exe186⤵PID:1436
-
\??\c:\pvjjj.exec:\pvjjj.exe187⤵PID:3460
-
\??\c:\xffrffl.exec:\xffrffl.exe188⤵PID:1344
-
\??\c:\nnthnn.exec:\nnthnn.exe189⤵PID:2504
-
\??\c:\xrxrxlf.exec:\xrxrxlf.exe190⤵PID:4280
-
\??\c:\fxxrxrx.exec:\fxxrxrx.exe191⤵PID:3912
-
\??\c:\nhnntn.exec:\nhnntn.exe192⤵PID:372
-
\??\c:\hhttbb.exec:\hhttbb.exe193⤵PID:2624
-
\??\c:\3dvvj.exec:\3dvvj.exe194⤵PID:1768
-
\??\c:\vdjjd.exec:\vdjjd.exe195⤵PID:3428
-
\??\c:\xxlxrlf.exec:\xxlxrlf.exe196⤵PID:2748
-
\??\c:\nbthbh.exec:\nbthbh.exe197⤵PID:4328
-
\??\c:\vvpdj.exec:\vvpdj.exe198⤵PID:116
-
\??\c:\7lxrllr.exec:\7lxrllr.exe199⤵PID:752
-
\??\c:\9lfxllx.exec:\9lfxllx.exe200⤵PID:1156
-
\??\c:\tnnnnn.exec:\tnnnnn.exe201⤵PID:216
-
\??\c:\vpppd.exec:\vpppd.exe202⤵PID:884
-
\??\c:\pvvvj.exec:\pvvvj.exe203⤵PID:2676
-
\??\c:\xrlfrrf.exec:\xrlfrrf.exe204⤵PID:4544
-
\??\c:\nhbtth.exec:\nhbtth.exe205⤵PID:4400
-
\??\c:\thbhbt.exec:\thbhbt.exe206⤵PID:3220
-
\??\c:\7hbnbt.exec:\7hbnbt.exe207⤵PID:3064
-
\??\c:\pjdvv.exec:\pjdvv.exe208⤵PID:4592
-
\??\c:\jvvjv.exec:\jvvjv.exe209⤵PID:3152
-
\??\c:\xxxlxxl.exec:\xxxlxxl.exe210⤵PID:1924
-
\??\c:\htnbnh.exec:\htnbnh.exe211⤵PID:4892
-
\??\c:\hnbnth.exec:\hnbnth.exe212⤵PID:2616
-
\??\c:\vdjjj.exec:\vdjjj.exe213⤵PID:2208
-
\??\c:\vppjp.exec:\vppjp.exe214⤵PID:816
-
\??\c:\llrlrlx.exec:\llrlrlx.exe215⤵PID:1448
-
\??\c:\xrflflf.exec:\xrflflf.exe216⤵PID:1016
-
\??\c:\btbnbt.exec:\btbnbt.exe217⤵PID:3884
-
\??\c:\ppjdj.exec:\ppjdj.exe218⤵PID:3164
-
\??\c:\vdppp.exec:\vdppp.exe219⤵PID:1056
-
\??\c:\7flfrll.exec:\7flfrll.exe220⤵PID:5064
-
\??\c:\rxxrfxl.exec:\rxxrfxl.exe221⤵PID:3084
-
\??\c:\nhnbnh.exec:\nhnbnh.exe222⤵PID:3516
-
\??\c:\5tnhhb.exec:\5tnhhb.exe223⤵PID:1176
-
\??\c:\pdjjv.exec:\pdjjv.exe224⤵PID:1700
-
\??\c:\pvpdv.exec:\pvpdv.exe225⤵PID:4728
-
\??\c:\lfffxrr.exec:\lfffxrr.exe226⤵PID:5008
-
\??\c:\xllfxlx.exec:\xllfxlx.exe227⤵PID:2080
-
\??\c:\tbhtnb.exec:\tbhtnb.exe228⤵PID:2328
-
\??\c:\7tnhnh.exec:\7tnhnh.exe229⤵PID:2856
-
\??\c:\vvjpd.exec:\vvjpd.exe230⤵PID:1948
-
\??\c:\9dvjv.exec:\9dvjv.exe231⤵PID:2448
-
\??\c:\rlfrlfx.exec:\rlfrlfx.exe232⤵PID:2768
-
\??\c:\rllfxrr.exec:\rllfxrr.exe233⤵PID:2788
-
\??\c:\tbnhtn.exec:\tbnhtn.exe234⤵PID:864
-
\??\c:\htnhtn.exec:\htnhtn.exe235⤵PID:4580
-
\??\c:\nbbnbb.exec:\nbbnbb.exe236⤵PID:2224
-
\??\c:\djjjv.exec:\djjjv.exe237⤵PID:4280
-
\??\c:\fllfrrr.exec:\fllfrrr.exe238⤵PID:5044
-
\??\c:\7lxlfrf.exec:\7lxlfrf.exe239⤵PID:2612
-
\??\c:\hbtnhb.exec:\hbtnhb.exe240⤵PID:3556
-
\??\c:\thhbbt.exec:\thhbbt.exe241⤵PID:4020
-
\??\c:\dvvpv.exec:\dvvpv.exe242⤵PID:1704