Analysis
-
max time kernel
120s -
max time network
95s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
10-11-2024 00:00
Static task
static1
Behavioral task
behavioral1
Sample
7e7fe80fdc6bf11f69961585750afbeedbbb6757c109d3b550546845dcedeaebN.exe
Resource
win7-20241010-en
General
-
Target
7e7fe80fdc6bf11f69961585750afbeedbbb6757c109d3b550546845dcedeaebN.exe
-
Size
49KB
-
MD5
1a9a6b57a362a2a660f2f73ed02f6d70
-
SHA1
60319f0dcb5077c995c6060af6b259d8613ee4a4
-
SHA256
7e7fe80fdc6bf11f69961585750afbeedbbb6757c109d3b550546845dcedeaeb
-
SHA512
21c2c3d347c619beacc36c8685c6d81fa9fa10a4da66afbf18374ebddce44009339d1e56cf79a317a1a4fec1c66972572ca9ba4eaa540ce531c77f023f26ef95
-
SSDEEP
1536:mAocdpeVoBDulhzHMb7xNAa04Mcg5bx7BGx:0cdpeeBSHHMHLf9Rybx7BGx
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 64 IoCs
Processes:
resource yara_rule behavioral2/memory/4340-7-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1396-12-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2072-20-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4048-19-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3640-29-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4196-35-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4528-42-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2552-47-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3464-52-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2412-59-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/760-65-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3508-70-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2272-75-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3436-81-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/924-87-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2004-92-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3032-98-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3528-104-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2516-115-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/5056-121-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/740-127-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3836-134-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2244-139-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3320-145-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4164-155-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3168-166-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/652-187-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/792-194-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2420-210-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3896-220-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/876-233-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1244-247-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4780-252-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2708-264-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4452-268-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3988-275-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3580-291-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1488-298-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/764-323-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4876-333-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1068-343-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2336-350-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2228-360-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3548-371-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4396-375-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1652-391-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3024-425-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2996-439-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3400-461-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3620-465-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2736-484-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4592-503-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2448-531-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1704-562-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2740-566-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/372-616-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4572-629-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1452-681-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/544-733-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/1548-755-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/2700-768-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/560-832-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/4364-941-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral2/memory/3432-1224-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
Processes:
vvppp.exexxrlffx.exe7xrrllf.exettbbnn.exe9tbtnt.exe5pddp.exeflrrxxl.exelrxxxxr.exethnbbt.exe1jjjd.exevvvpp.exelfflllr.exenthhbt.exebbtnbb.exeppddv.exerfxxxxx.exe3frlfff.exehttnnh.exe1djdv.exefrlxflr.exe5tttnn.exenbbthh.exedvjjj.exefrrlxrr.exerrxfxxf.exe9hhhbb.exedjppd.exeppjdp.exelxxrffx.exebnbhhb.exetbnhhh.exe5djdp.exeflrrlrx.exelrffxxx.exellxrlfx.exenbntnn.exenhthbb.exedjjjp.exedppjj.exe3xfxxrx.exefxfxxrr.exennttnb.exenhhbnn.exepddvp.exedvjdp.exeffxlxff.exe1rlfxxr.exe5hbtbb.exe7nttht.exe3pvdv.exeppdvp.exefflfrrl.exe9nthhh.exehntnnn.exedddvp.exefrxrffx.exentbhth.exenntnbb.exepvpjj.exevppdp.exe5lrfxxl.exerlxrrrr.exetthhhb.exe7tbtbt.exepid process 1396 vvppp.exe 4048 xxrlffx.exe 2072 7xrrllf.exe 3640 ttbbnn.exe 4196 9tbtnt.exe 4528 5pddp.exe 2552 flrrxxl.exe 3464 lrxxxxr.exe 2412 thnbbt.exe 760 1jjjd.exe 3508 vvvpp.exe 2272 lfflllr.exe 3436 nthhbt.exe 924 bbtnbb.exe 2004 ppddv.exe 3032 rfxxxxx.exe 3528 3frlfff.exe 3580 httnnh.exe 2516 1djdv.exe 5056 frlxflr.exe 740 5tttnn.exe 3836 nbbthh.exe 2244 dvjjj.exe 3320 frrlxrr.exe 764 rrxfxxf.exe 4164 9hhhbb.exe 3344 djppd.exe 3168 ppjdp.exe 3888 lxxrffx.exe 5000 bnbhhb.exe 2112 tbnhhh.exe 3456 5djdp.exe 652 flrrlrx.exe 792 lrffxxx.exe 4016 llxrlfx.exe 1556 nbntnn.exe 912 nhthbb.exe 4376 djjjp.exe 2420 dppjj.exe 1256 3xfxxrx.exe 3780 fxfxxrr.exe 3896 nnttnb.exe 4068 nhhbnn.exe 4844 pddvp.exe 1736 dvjdp.exe 876 ffxlxff.exe 1604 1rlfxxr.exe 1800 5hbtbb.exe 1724 7nttht.exe 1244 3pvdv.exe 3624 ppdvp.exe 4780 fflfrrl.exe 3204 9nthhh.exe 1196 hntnnn.exe 2708 dddvp.exe 4452 frxrffx.exe 2036 ntbhth.exe 3988 nntnbb.exe 1960 pvpjj.exe 3588 vppdp.exe 1436 5lrfxxl.exe 2628 rlxrrrr.exe 3580 tthhhb.exe 1160 7tbtbt.exe -
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
5hbtbb.exe7tttnh.exexffxrlf.exe3vdvj.exejjddp.exepppjp.exethnbbt.exelffxlll.exeddvpp.exevpvpv.exetnbbhh.exerlrlfrl.exebthhbb.exenhtntt.exerllxlrf.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 5hbtbb.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 7tttnh.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language xffxrlf.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 3vdvj.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jjddp.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language pppjp.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language thnbbt.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language lffxlll.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ddvpp.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language vpvpv.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language tnbbhh.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rlrlfrl.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language bthhbb.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language nhtntt.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language rllxlrf.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
7e7fe80fdc6bf11f69961585750afbeedbbb6757c109d3b550546845dcedeaebN.exevvppp.exexxrlffx.exe7xrrllf.exettbbnn.exe9tbtnt.exe5pddp.exeflrrxxl.exelrxxxxr.exethnbbt.exe1jjjd.exevvvpp.exelfflllr.exenthhbt.exebbtnbb.exeppddv.exerfxxxxx.exe3frlfff.exehttnnh.exe1djdv.exefrlxflr.exe5tttnn.exedescription pid process target process PID 4340 wrote to memory of 1396 4340 7e7fe80fdc6bf11f69961585750afbeedbbb6757c109d3b550546845dcedeaebN.exe vvppp.exe PID 4340 wrote to memory of 1396 4340 7e7fe80fdc6bf11f69961585750afbeedbbb6757c109d3b550546845dcedeaebN.exe vvppp.exe PID 4340 wrote to memory of 1396 4340 7e7fe80fdc6bf11f69961585750afbeedbbb6757c109d3b550546845dcedeaebN.exe vvppp.exe PID 1396 wrote to memory of 4048 1396 vvppp.exe xxrlffx.exe PID 1396 wrote to memory of 4048 1396 vvppp.exe xxrlffx.exe PID 1396 wrote to memory of 4048 1396 vvppp.exe xxrlffx.exe PID 4048 wrote to memory of 2072 4048 xxrlffx.exe 7xrrllf.exe PID 4048 wrote to memory of 2072 4048 xxrlffx.exe 7xrrllf.exe PID 4048 wrote to memory of 2072 4048 xxrlffx.exe 7xrrllf.exe PID 2072 wrote to memory of 3640 2072 7xrrllf.exe ttbbnn.exe PID 2072 wrote to memory of 3640 2072 7xrrllf.exe ttbbnn.exe PID 2072 wrote to memory of 3640 2072 7xrrllf.exe ttbbnn.exe PID 3640 wrote to memory of 4196 3640 ttbbnn.exe 9tbtnt.exe PID 3640 wrote to memory of 4196 3640 ttbbnn.exe 9tbtnt.exe PID 3640 wrote to memory of 4196 3640 ttbbnn.exe 9tbtnt.exe PID 4196 wrote to memory of 4528 4196 9tbtnt.exe 5pddp.exe PID 4196 wrote to memory of 4528 4196 9tbtnt.exe 5pddp.exe PID 4196 wrote to memory of 4528 4196 9tbtnt.exe 5pddp.exe PID 4528 wrote to memory of 2552 4528 5pddp.exe flrrxxl.exe PID 4528 wrote to memory of 2552 4528 5pddp.exe flrrxxl.exe PID 4528 wrote to memory of 2552 4528 5pddp.exe flrrxxl.exe PID 2552 wrote to memory of 3464 2552 flrrxxl.exe lrxxxxr.exe PID 2552 wrote to memory of 3464 2552 flrrxxl.exe lrxxxxr.exe PID 2552 wrote to memory of 3464 2552 flrrxxl.exe lrxxxxr.exe PID 3464 wrote to memory of 2412 3464 lrxxxxr.exe thnbbt.exe PID 3464 wrote to memory of 2412 3464 lrxxxxr.exe thnbbt.exe PID 3464 wrote to memory of 2412 3464 lrxxxxr.exe thnbbt.exe PID 2412 wrote to memory of 760 2412 thnbbt.exe 1jjjd.exe PID 2412 wrote to memory of 760 2412 thnbbt.exe 1jjjd.exe PID 2412 wrote to memory of 760 2412 thnbbt.exe 1jjjd.exe PID 760 wrote to memory of 3508 760 1jjjd.exe vvvpp.exe PID 760 wrote to memory of 3508 760 1jjjd.exe vvvpp.exe PID 760 wrote to memory of 3508 760 1jjjd.exe vvvpp.exe PID 3508 wrote to memory of 2272 3508 vvvpp.exe lfflllr.exe PID 3508 wrote to memory of 2272 3508 vvvpp.exe lfflllr.exe PID 3508 wrote to memory of 2272 3508 vvvpp.exe lfflllr.exe PID 2272 wrote to memory of 3436 2272 lfflllr.exe nthhbt.exe PID 2272 wrote to memory of 3436 2272 lfflllr.exe nthhbt.exe PID 2272 wrote to memory of 3436 2272 lfflllr.exe nthhbt.exe PID 3436 wrote to memory of 924 3436 nthhbt.exe bbtnbb.exe PID 3436 wrote to memory of 924 3436 nthhbt.exe bbtnbb.exe PID 3436 wrote to memory of 924 3436 nthhbt.exe bbtnbb.exe PID 924 wrote to memory of 2004 924 bbtnbb.exe ppddv.exe PID 924 wrote to memory of 2004 924 bbtnbb.exe ppddv.exe PID 924 wrote to memory of 2004 924 bbtnbb.exe ppddv.exe PID 2004 wrote to memory of 3032 2004 ppddv.exe rfxxxxx.exe PID 2004 wrote to memory of 3032 2004 ppddv.exe rfxxxxx.exe PID 2004 wrote to memory of 3032 2004 ppddv.exe rfxxxxx.exe PID 3032 wrote to memory of 3528 3032 rfxxxxx.exe 3frlfff.exe PID 3032 wrote to memory of 3528 3032 rfxxxxx.exe 3frlfff.exe PID 3032 wrote to memory of 3528 3032 rfxxxxx.exe 3frlfff.exe PID 3528 wrote to memory of 3580 3528 3frlfff.exe httnnh.exe PID 3528 wrote to memory of 3580 3528 3frlfff.exe httnnh.exe PID 3528 wrote to memory of 3580 3528 3frlfff.exe httnnh.exe PID 3580 wrote to memory of 2516 3580 httnnh.exe 1djdv.exe PID 3580 wrote to memory of 2516 3580 httnnh.exe 1djdv.exe PID 3580 wrote to memory of 2516 3580 httnnh.exe 1djdv.exe PID 2516 wrote to memory of 5056 2516 1djdv.exe frlxflr.exe PID 2516 wrote to memory of 5056 2516 1djdv.exe frlxflr.exe PID 2516 wrote to memory of 5056 2516 1djdv.exe frlxflr.exe PID 5056 wrote to memory of 740 5056 frlxflr.exe 5tttnn.exe PID 5056 wrote to memory of 740 5056 frlxflr.exe 5tttnn.exe PID 5056 wrote to memory of 740 5056 frlxflr.exe 5tttnn.exe PID 740 wrote to memory of 3836 740 5tttnn.exe nbbthh.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\7e7fe80fdc6bf11f69961585750afbeedbbb6757c109d3b550546845dcedeaebN.exe"C:\Users\Admin\AppData\Local\Temp\7e7fe80fdc6bf11f69961585750afbeedbbb6757c109d3b550546845dcedeaebN.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4340 -
\??\c:\vvppp.exec:\vvppp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1396 -
\??\c:\xxrlffx.exec:\xxrlffx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4048 -
\??\c:\7xrrllf.exec:\7xrrllf.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2072 -
\??\c:\ttbbnn.exec:\ttbbnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3640 -
\??\c:\9tbtnt.exec:\9tbtnt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4196 -
\??\c:\5pddp.exec:\5pddp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4528 -
\??\c:\flrrxxl.exec:\flrrxxl.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2552 -
\??\c:\lrxxxxr.exec:\lrxxxxr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3464 -
\??\c:\thnbbt.exec:\thnbbt.exe10⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2412 -
\??\c:\1jjjd.exec:\1jjjd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:760 -
\??\c:\vvvpp.exec:\vvvpp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3508 -
\??\c:\lfflllr.exec:\lfflllr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2272 -
\??\c:\nthhbt.exec:\nthhbt.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3436 -
\??\c:\bbtnbb.exec:\bbtnbb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:924 -
\??\c:\ppddv.exec:\ppddv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2004 -
\??\c:\rfxxxxx.exec:\rfxxxxx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3032 -
\??\c:\3frlfff.exec:\3frlfff.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3528 -
\??\c:\httnnh.exec:\httnnh.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3580 -
\??\c:\1djdv.exec:\1djdv.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2516 -
\??\c:\frlxflr.exec:\frlxflr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5056 -
\??\c:\5tttnn.exec:\5tttnn.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:740 -
\??\c:\nbbthh.exec:\nbbthh.exe23⤵
- Executes dropped EXE
PID:3836 -
\??\c:\dvjjj.exec:\dvjjj.exe24⤵
- Executes dropped EXE
PID:2244 -
\??\c:\frrlxrr.exec:\frrlxrr.exe25⤵
- Executes dropped EXE
PID:3320 -
\??\c:\rrxfxxf.exec:\rrxfxxf.exe26⤵
- Executes dropped EXE
PID:764 -
\??\c:\9hhhbb.exec:\9hhhbb.exe27⤵
- Executes dropped EXE
PID:4164 -
\??\c:\djppd.exec:\djppd.exe28⤵
- Executes dropped EXE
PID:3344 -
\??\c:\ppjdp.exec:\ppjdp.exe29⤵
- Executes dropped EXE
PID:3168 -
\??\c:\lxxrffx.exec:\lxxrffx.exe30⤵
- Executes dropped EXE
PID:3888 -
\??\c:\bnbhhb.exec:\bnbhhb.exe31⤵
- Executes dropped EXE
PID:5000 -
\??\c:\tbnhhh.exec:\tbnhhh.exe32⤵
- Executes dropped EXE
PID:2112 -
\??\c:\5djdp.exec:\5djdp.exe33⤵
- Executes dropped EXE
PID:3456 -
\??\c:\flrrlrx.exec:\flrrlrx.exe34⤵
- Executes dropped EXE
PID:652 -
\??\c:\lrffxxx.exec:\lrffxxx.exe35⤵
- Executes dropped EXE
PID:792 -
\??\c:\llxrlfx.exec:\llxrlfx.exe36⤵
- Executes dropped EXE
PID:4016 -
\??\c:\nbntnn.exec:\nbntnn.exe37⤵
- Executes dropped EXE
PID:1556 -
\??\c:\nhthbb.exec:\nhthbb.exe38⤵
- Executes dropped EXE
PID:912 -
\??\c:\djjjp.exec:\djjjp.exe39⤵
- Executes dropped EXE
PID:4376 -
\??\c:\dppjj.exec:\dppjj.exe40⤵
- Executes dropped EXE
PID:2420 -
\??\c:\3xfxxrx.exec:\3xfxxrx.exe41⤵
- Executes dropped EXE
PID:1256 -
\??\c:\fxfxxrr.exec:\fxfxxrr.exe42⤵
- Executes dropped EXE
PID:3780 -
\??\c:\nnttnb.exec:\nnttnb.exe43⤵
- Executes dropped EXE
PID:3896 -
\??\c:\nhhbnn.exec:\nhhbnn.exe44⤵
- Executes dropped EXE
PID:4068 -
\??\c:\pddvp.exec:\pddvp.exe45⤵
- Executes dropped EXE
PID:4844 -
\??\c:\dvjdp.exec:\dvjdp.exe46⤵
- Executes dropped EXE
PID:1736 -
\??\c:\ffxlxff.exec:\ffxlxff.exe47⤵
- Executes dropped EXE
PID:876 -
\??\c:\1rlfxxr.exec:\1rlfxxr.exe48⤵
- Executes dropped EXE
PID:1604 -
\??\c:\5hbtbb.exec:\5hbtbb.exe49⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1800 -
\??\c:\7nttht.exec:\7nttht.exe50⤵
- Executes dropped EXE
PID:1724 -
\??\c:\3pvdv.exec:\3pvdv.exe51⤵
- Executes dropped EXE
PID:1244 -
\??\c:\ppdvp.exec:\ppdvp.exe52⤵
- Executes dropped EXE
PID:3624 -
\??\c:\fflfrrl.exec:\fflfrrl.exe53⤵
- Executes dropped EXE
PID:4780 -
\??\c:\9nthhh.exec:\9nthhh.exe54⤵
- Executes dropped EXE
PID:3204 -
\??\c:\hntnnn.exec:\hntnnn.exe55⤵
- Executes dropped EXE
PID:1196 -
\??\c:\dddvp.exec:\dddvp.exe56⤵
- Executes dropped EXE
PID:2708 -
\??\c:\frxrffx.exec:\frxrffx.exe57⤵
- Executes dropped EXE
PID:4452 -
\??\c:\ntbhth.exec:\ntbhth.exe58⤵
- Executes dropped EXE
PID:2036 -
\??\c:\nntnbb.exec:\nntnbb.exe59⤵
- Executes dropped EXE
PID:3988 -
\??\c:\pvpjj.exec:\pvpjj.exe60⤵
- Executes dropped EXE
PID:1960 -
\??\c:\vppdp.exec:\vppdp.exe61⤵
- Executes dropped EXE
PID:3588 -
\??\c:\5lrfxxl.exec:\5lrfxxl.exe62⤵
- Executes dropped EXE
PID:1436 -
\??\c:\rlxrrrr.exec:\rlxrrrr.exe63⤵
- Executes dropped EXE
PID:2628 -
\??\c:\tthhhb.exec:\tthhhb.exe64⤵
- Executes dropped EXE
PID:3580 -
\??\c:\7tbtbt.exec:\7tbtbt.exe65⤵
- Executes dropped EXE
PID:1160 -
\??\c:\tnbtbh.exec:\tnbtbh.exe66⤵PID:1488
-
\??\c:\1jppj.exec:\1jppj.exe67⤵PID:1464
-
\??\c:\dvvpj.exec:\dvvpj.exe68⤵PID:1548
-
\??\c:\lrxxrxx.exec:\lrxxrxx.exe69⤵PID:2932
-
\??\c:\rrfxllr.exec:\rrfxllr.exe70⤵PID:2800
-
\??\c:\tntnhh.exec:\tntnhh.exe71⤵PID:1740
-
\??\c:\rllxllf.exec:\rllxllf.exe72⤵PID:4072
-
\??\c:\7fllxrf.exec:\7fllxrf.exe73⤵PID:2736
-
\??\c:\nhnhbt.exec:\nhnhbt.exe74⤵PID:764
-
\??\c:\hnhbnn.exec:\hnhbnn.exe75⤵PID:1988
-
\??\c:\vvvdp.exec:\vvvdp.exe76⤵PID:3216
-
\??\c:\dddpj.exec:\dddpj.exe77⤵PID:4876
-
\??\c:\lxrlxxx.exec:\lxrlxxx.exe78⤵PID:1316
-
\??\c:\flllfff.exec:\flllfff.exe79⤵PID:3172
-
\??\c:\hbbbbb.exec:\hbbbbb.exe80⤵PID:1068
-
\??\c:\hnnnnn.exec:\hnnnnn.exe81⤵PID:2032
-
\??\c:\jpvvv.exec:\jpvvv.exe82⤵PID:2336
-
\??\c:\dvvpj.exec:\dvvpj.exe83⤵PID:3440
-
\??\c:\xxllxxl.exec:\xxllxxl.exe84⤵PID:2868
-
\??\c:\rrrlllf.exec:\rrrlllf.exe85⤵PID:2228
-
\??\c:\ntbbbb.exec:\ntbbbb.exe86⤵PID:4940
-
\??\c:\tbnhhh.exec:\tbnhhh.exe87⤵PID:2400
-
\??\c:\bbnnnn.exec:\bbnnnn.exe88⤵PID:1860
-
\??\c:\1ppdv.exec:\1ppdv.exe89⤵PID:3548
-
\??\c:\dpvvp.exec:\dpvvp.exe90⤵PID:4396
-
\??\c:\5lxrflr.exec:\5lxrflr.exe91⤵PID:1256
-
\??\c:\xflflrx.exec:\xflflrx.exe92⤵PID:3780
-
\??\c:\hhhhnn.exec:\hhhhnn.exe93⤵PID:3896
-
\??\c:\tbnthh.exec:\tbnthh.exe94⤵PID:1172
-
\??\c:\hbbtnn.exec:\hbbtnn.exe95⤵PID:1652
-
\??\c:\ddppp.exec:\ddppp.exe96⤵PID:4404
-
\??\c:\jpdpp.exec:\jpdpp.exe97⤵PID:3712
-
\??\c:\lxlfrrl.exec:\lxlfrrl.exe98⤵PID:560
-
\??\c:\3xffffx.exec:\3xffffx.exe99⤵PID:1704
-
\??\c:\5ntntn.exec:\5ntntn.exe100⤵PID:2740
-
\??\c:\bhhbnn.exec:\bhhbnn.exe101⤵PID:1668
-
\??\c:\vpvpj.exec:\vpvpj.exe102⤵PID:3100
-
\??\c:\dddvp.exec:\dddvp.exe103⤵PID:888
-
\??\c:\flffffl.exec:\flffffl.exe104⤵PID:732
-
\??\c:\xfxxrxr.exec:\xfxxrxr.exe105⤵PID:2776
-
\??\c:\3bhbbt.exec:\3bhbbt.exe106⤵PID:3024
-
\??\c:\bbbthh.exec:\bbbthh.exe107⤵PID:2568
-
\??\c:\1jjvp.exec:\1jjvp.exe108⤵PID:4356
-
\??\c:\vpvvv.exec:\vpvvv.exe109⤵PID:3996
-
\??\c:\pjjvj.exec:\pjjvj.exe110⤵PID:2996
-
\??\c:\7lrxxxr.exec:\7lrxxxr.exe111⤵PID:4432
-
\??\c:\7fffxxr.exec:\7fffxxr.exe112⤵PID:1660
-
\??\c:\hhbbbb.exec:\hhbbbb.exe113⤵PID:5092
-
\??\c:\3nhbtt.exec:\3nhbtt.exe114⤵PID:2628
-
\??\c:\pjjjj.exec:\pjjjj.exe115⤵PID:3580
-
\??\c:\pppjp.exec:\pppjp.exe116⤵PID:5056
-
\??\c:\xflfrxx.exec:\xflfrxx.exe117⤵PID:3400
-
\??\c:\xfrfxxr.exec:\xfrfxxr.exe118⤵PID:3620
-
\??\c:\nbhbtn.exec:\nbhbtn.exe119⤵PID:1036
-
\??\c:\ntbbnn.exec:\ntbbnn.exe120⤵PID:2932
-
\??\c:\1vdpj.exec:\1vdpj.exe121⤵PID:1496
-
\??\c:\jpvpd.exec:\jpvpd.exe122⤵PID:1740
-
\??\c:\lfxrllf.exec:\lfxrllf.exe123⤵PID:4272
-
\??\c:\flxrrrr.exec:\flxrrrr.exe124⤵PID:2736
-
\??\c:\3btnbt.exec:\3btnbt.exe125⤵PID:2764
-
\??\c:\pdvpj.exec:\pdvpj.exe126⤵PID:3272
-
\??\c:\7pvpp.exec:\7pvpp.exe127⤵PID:2224
-
\??\c:\ffxxlll.exec:\ffxxlll.exe128⤵PID:2056
-
\??\c:\1rlxlxr.exec:\1rlxlxr.exe129⤵PID:1600
-
\??\c:\tnhnnt.exec:\tnhnnt.exe130⤵PID:4592
-
\??\c:\vvdvj.exec:\vvdvj.exe131⤵PID:4408
-
\??\c:\jdpjd.exec:\jdpjd.exe132⤵PID:2688
-
\??\c:\rffxlll.exec:\rffxlll.exe133⤵PID:4136
-
\??\c:\llxxrrx.exec:\llxxrrx.exe134⤵PID:4772
-
\??\c:\bbhntt.exec:\bbhntt.exe135⤵PID:696
-
\??\c:\htbbtt.exec:\htbbtt.exe136⤵PID:4940
-
\??\c:\9jjjv.exec:\9jjjv.exe137⤵PID:2400
-
\??\c:\jddvj.exec:\jddvj.exe138⤵PID:4376
-
\??\c:\llllxxx.exec:\llllxxx.exe139⤵PID:2448
-
\??\c:\5ffxrrl.exec:\5ffxrrl.exe140⤵PID:4416
-
\??\c:\hhhhbb.exec:\hhhhbb.exe141⤵PID:4904
-
\??\c:\bnbnnh.exec:\bnbnnh.exe142⤵PID:3640
-
\??\c:\pddvp.exec:\pddvp.exe143⤵PID:1452
-
\??\c:\ppjdp.exec:\ppjdp.exe144⤵PID:4848
-
\??\c:\xxfxrll.exec:\xxfxrll.exe145⤵PID:1652
-
\??\c:\1lxxrrr.exec:\1lxxrrr.exe146⤵PID:4404
-
\??\c:\ntnttt.exec:\ntnttt.exe147⤵PID:3712
-
\??\c:\7ntnbh.exec:\7ntnbh.exe148⤵PID:560
-
\??\c:\nbtnhh.exec:\nbtnhh.exe149⤵PID:1704
-
\??\c:\jjjdv.exec:\jjjdv.exe150⤵PID:2740
-
\??\c:\jpppj.exec:\jpppj.exe151⤵PID:3036
-
\??\c:\xlrlxxx.exec:\xlrlxxx.exe152⤵PID:1104
-
\??\c:\xlllrrr.exec:\xlllrrr.exe153⤵PID:3944
-
\??\c:\tbhbbn.exec:\tbhbbn.exe154⤵PID:388
-
\??\c:\nnnhtt.exec:\nnnhtt.exe155⤵PID:3304
-
\??\c:\jvvjd.exec:\jvvjd.exe156⤵PID:2708
-
\??\c:\vvjdv.exec:\vvjdv.exe157⤵PID:4056
-
\??\c:\rlfxlrl.exec:\rlfxlrl.exe158⤵PID:2036
-
\??\c:\xxxfxff.exec:\xxxfxff.exe159⤵PID:3032
-
\??\c:\bntnhh.exec:\bntnhh.exe160⤵PID:1960
-
\??\c:\jjddd.exec:\jjddd.exe161⤵PID:532
-
\??\c:\ffllxlr.exec:\ffllxlr.exe162⤵PID:2464
-
\??\c:\bbbttt.exec:\bbbttt.exe163⤵PID:3524
-
\??\c:\ttbthb.exec:\ttbthb.exe164⤵PID:4768
-
\??\c:\djjdd.exec:\djjdd.exe165⤵PID:5068
-
\??\c:\rrfxllf.exec:\rrfxllf.exe166⤵PID:2792
-
\??\c:\9xffrrr.exec:\9xffrrr.exe167⤵PID:372
-
\??\c:\hthhhh.exec:\hthhhh.exe168⤵PID:3628
-
\??\c:\bhhthh.exec:\bhhthh.exe169⤵PID:2932
-
\??\c:\ddppj.exec:\ddppj.exe170⤵PID:1176
-
\??\c:\jjppd.exec:\jjppd.exe171⤵PID:4572
-
\??\c:\vpdjv.exec:\vpdjv.exe172⤵PID:4488
-
\??\c:\3lxrllf.exec:\3lxrllf.exe173⤵PID:5112
-
\??\c:\frxxxxx.exec:\frxxxxx.exe174⤵PID:3984
-
\??\c:\thtnnh.exec:\thtnnh.exe175⤵PID:2112
-
\??\c:\ttnbnh.exec:\ttnbnh.exe176⤵PID:1600
-
\??\c:\7jdvp.exec:\7jdvp.exe177⤵PID:4408
-
\??\c:\vdvjd.exec:\vdvjd.exe178⤵PID:4016
-
\??\c:\xllfxxr.exec:\xllfxxr.exe179⤵PID:1708
-
\??\c:\7lrrrlf.exec:\7lrrrlf.exe180⤵PID:4368
-
\??\c:\fxfxrrl.exec:\fxfxrrl.exe181⤵PID:2936
-
\??\c:\1bttnn.exec:\1bttnn.exe182⤵PID:2420
-
\??\c:\tntbtn.exec:\tntbtn.exe183⤵PID:4396
-
\??\c:\jpvpj.exec:\jpvpj.exe184⤵PID:4500
-
\??\c:\jdjjp.exec:\jdjjp.exe185⤵PID:4068
-
\??\c:\rlrrflf.exec:\rlrrflf.exe186⤵PID:3640
-
\??\c:\rrfxxff.exec:\rrfxxff.exe187⤵PID:1452
-
\??\c:\3ntbtt.exec:\3ntbtt.exe188⤵PID:4848
-
\??\c:\bnhthh.exec:\bnhthh.exe189⤵PID:2660
-
\??\c:\pddjd.exec:\pddjd.exe190⤵PID:3728
-
\??\c:\lflfllf.exec:\lflfllf.exe191⤵PID:3660
-
\??\c:\frxfflr.exec:\frxfflr.exe192⤵PID:4992
-
\??\c:\tnnhhb.exec:\tnnhhb.exe193⤵PID:1704
-
\??\c:\7nhhbb.exec:\7nhhbb.exe194⤵PID:4780
-
\??\c:\pdjvp.exec:\pdjvp.exe195⤵PID:1484
-
\??\c:\7lrrrlx.exec:\7lrrrlx.exe196⤵PID:216
-
\??\c:\llrxxxl.exec:\llrxxxl.exe197⤵PID:4268
-
\??\c:\nbhbtt.exec:\nbhbtt.exe198⤵PID:4800
-
\??\c:\jpdpd.exec:\jpdpd.exe199⤵PID:2664
-
\??\c:\xxxxxxr.exec:\xxxxxxr.exe200⤵PID:3304
-
\??\c:\vddvj.exec:\vddvj.exe201⤵PID:2004
-
\??\c:\ddddp.exec:\ddddp.exe202⤵PID:2796
-
\??\c:\9xfxrll.exec:\9xfxrll.exe203⤵PID:1768
-
\??\c:\xflfxrl.exec:\xflfxrl.exe204⤵PID:544
-
\??\c:\1bnhbb.exec:\1bnhbb.exe205⤵PID:1660
-
\??\c:\hbthtn.exec:\hbthtn.exe206⤵PID:1436
-
\??\c:\jvvpd.exec:\jvvpd.exe207⤵PID:3772
-
\??\c:\vppjd.exec:\vppjd.exe208⤵PID:1348
-
\??\c:\xxxxfll.exec:\xxxxfll.exe209⤵PID:3020
-
\??\c:\rfffffx.exec:\rfffffx.exe210⤵PID:5068
-
\??\c:\tbnnhn.exec:\tbnnhn.exe211⤵PID:1548
-
\??\c:\ppvpj.exec:\ppvpj.exe212⤵PID:2076
-
\??\c:\llxrllf.exec:\llxrllf.exe213⤵PID:1500
-
\??\c:\lfrflfl.exec:\lfrflfl.exe214⤵PID:4164
-
\??\c:\thhbtn.exec:\thhbtn.exe215⤵PID:2700
-
\??\c:\bnnbtn.exec:\bnnbtn.exe216⤵PID:2764
-
\??\c:\vvdvp.exec:\vvdvp.exe217⤵PID:1696
-
\??\c:\xrxlfxr.exec:\xrxlfxr.exe218⤵PID:1068
-
\??\c:\xrrlfxl.exec:\xrrlfxl.exe219⤵PID:2056
-
\??\c:\hhbhbh.exec:\hhbhbh.exe220⤵PID:5040
-
\??\c:\tthbnt.exec:\tthbnt.exe221⤵PID:1600
-
\??\c:\djjvj.exec:\djjvj.exe222⤵PID:2732
-
\??\c:\jjjdp.exec:\jjjdp.exe223⤵PID:4016
-
\??\c:\3fxrfxr.exec:\3fxrfxr.exe224⤵PID:3748
-
\??\c:\rfxrlll.exec:\rfxrlll.exe225⤵PID:4368
-
\??\c:\nbhhhh.exec:\nbhhhh.exe226⤵PID:4524
-
\??\c:\hhhbnt.exec:\hhhbnt.exe227⤵PID:1256
-
\??\c:\dvvvj.exec:\dvvvj.exe228⤵PID:1204
-
\??\c:\vddvj.exec:\vddvj.exe229⤵PID:4500
-
\??\c:\fxfxlll.exec:\fxfxlll.exe230⤵PID:1172
-
\??\c:\fxrxrll.exec:\fxrxrll.exe231⤵PID:4980
-
\??\c:\hbbbbt.exec:\hbbbbt.exe232⤵PID:1452
-
\??\c:\3htnhb.exec:\3htnhb.exe233⤵PID:4848
-
\??\c:\pjjdp.exec:\pjjdp.exe234⤵PID:2552
-
\??\c:\ppdpj.exec:\ppdpj.exe235⤵PID:3736
-
\??\c:\frxxrrl.exec:\frxxrrl.exe236⤵PID:560
-
\??\c:\lllxlff.exec:\lllxlff.exe237⤵PID:2528
-
\??\c:\nnhhtn.exec:\nnhhtn.exe238⤵PID:1668
-
\??\c:\tthbnn.exec:\tthbnn.exe239⤵PID:1608
-
\??\c:\vvdvp.exec:\vvdvp.exe240⤵PID:3036
-
\??\c:\jddvp.exec:\jddvp.exe241⤵PID:3204
-
\??\c:\xflllrl.exec:\xflllrl.exe242⤵PID:3292