Analysis
-
max time kernel
120s -
max time network
16s -
platform
windows7_x64 -
resource
win7-20240708-en -
resource tags
arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system -
submitted
10-11-2024 01:12
Static task
static1
Behavioral task
behavioral1
Sample
237084a5edecf8ea2b8bf28db9dc942ba2a225d7a8edbf7e8f4937e0266d8654N.exe
Resource
win7-20240708-en
General
-
Target
237084a5edecf8ea2b8bf28db9dc942ba2a225d7a8edbf7e8f4937e0266d8654N.exe
-
Size
346KB
-
MD5
f99b6c1de8990c09e14a539ba5fc66b0
-
SHA1
d0fddf645ababa22fd2dabf61ab919b10295fe10
-
SHA256
237084a5edecf8ea2b8bf28db9dc942ba2a225d7a8edbf7e8f4937e0266d8654
-
SHA512
28db60e9abf811542c61b72e6e50895be69b3b6e1a6ca71ed7c4c1032a75e2f8c506ad9891cd9c5f9c8bb948a4bd370de5652ca566a1b0e4b93ab3097068af58
-
SSDEEP
6144:Xcm7ImGddXgYW5fNZWB5hFfci3Add4kGYAw:l7TcbWXZshJX2VGdw
Malware Config
Signatures
-
Blackmoon family
-
Detect Blackmoon payload 55 IoCs
Processes:
resource yara_rule behavioral1/memory/2292-7-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/2444-16-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/2392-26-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/2396-34-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/1220-46-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/2068-63-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/2592-73-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/2704-82-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/2752-85-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/2648-100-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/2660-117-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/2760-134-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/1940-151-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/1656-169-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/1924-189-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/676-187-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/2728-204-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/1720-212-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/1980-236-0x0000000000430000-0x0000000000458000-memory.dmp family_blackmoon behavioral1/memory/1088-247-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/1524-273-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/3040-276-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/568-291-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/1724-326-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/1672-333-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/2776-347-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/2208-360-0x0000000000220000-0x0000000000248000-memory.dmp family_blackmoon behavioral1/memory/2720-376-0x0000000000220000-0x0000000000248000-memory.dmp family_blackmoon behavioral1/memory/2720-375-0x0000000000220000-0x0000000000248000-memory.dmp family_blackmoon behavioral1/memory/2644-379-0x0000000000220000-0x0000000000248000-memory.dmp family_blackmoon behavioral1/memory/2524-387-0x0000000000220000-0x0000000000248000-memory.dmp family_blackmoon behavioral1/memory/2604-397-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/1972-469-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/444-509-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/980-522-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/692-548-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/692-547-0x0000000000220000-0x0000000000248000-memory.dmp family_blackmoon behavioral1/memory/2312-573-0x0000000000220000-0x0000000000248000-memory.dmp family_blackmoon behavioral1/memory/2356-586-0x0000000000220000-0x0000000000248000-memory.dmp family_blackmoon behavioral1/memory/2444-606-0x0000000000250000-0x0000000000278000-memory.dmp family_blackmoon behavioral1/memory/2568-619-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/2456-691-0x0000000000220000-0x0000000000248000-memory.dmp family_blackmoon behavioral1/memory/2656-707-0x00000000001B0000-0x00000000001D8000-memory.dmp family_blackmoon behavioral1/memory/1660-742-0x00000000002B0000-0x00000000002D8000-memory.dmp family_blackmoon behavioral1/memory/2796-768-0x0000000000220000-0x0000000000248000-memory.dmp family_blackmoon behavioral1/memory/1640-813-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/564-845-0x0000000000220000-0x0000000000248000-memory.dmp family_blackmoon behavioral1/memory/2148-932-0x00000000002C0000-0x00000000002E8000-memory.dmp family_blackmoon behavioral1/memory/2496-945-0x0000000000220000-0x0000000000248000-memory.dmp family_blackmoon behavioral1/memory/2412-958-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/2656-993-0x0000000000430000-0x0000000000458000-memory.dmp family_blackmoon behavioral1/memory/1960-1021-0x0000000000400000-0x0000000000428000-memory.dmp family_blackmoon behavioral1/memory/980-1091-0x0000000000220000-0x0000000000248000-memory.dmp family_blackmoon behavioral1/memory/844-1099-0x0000000000220000-0x0000000000248000-memory.dmp family_blackmoon behavioral1/memory/2376-1125-0x0000000000220000-0x0000000000248000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
Processes:
vpdjd.exehhthbh.exe3jddj.exerlxxxfl.exetttbtn.exenhthnn.exerrllxrf.exenhbhnn.exejdvdj.exe7rlrxxf.exe1nbhnb.exedppdj.exe9lxflrf.exerlfrrrx.exepjpvd.exerlfrxxl.exebtnthh.exe1ppvj.exelflxlxr.exetnbhtb.exedvvvp.exexrflrxf.exethnbtt.exejdvjj.exe5htnhn.exetnhhtt.exe9pjdj.exejdvvv.exe5jvvv.exe7vjdd.exefxxfrfl.exehhttbb.exedpvjj.exe5rffllx.exe1bttbn.exebthnbh.exejvjjp.exe9frllll.exelfrfrll.exenhnntt.exedpddv.exexlrrfll.exexrlrrxf.exennnhtt.exepjdpj.exepjdpd.exefffxllr.exenbnhnh.exepdvdj.exejdjdj.exerxfrrlf.exetnbthn.exebtbbbb.exejvvpj.exefrlflff.exexrlxfrx.exenhhhnt.exehbtnnh.exe3jvvv.exerxfllll.exetthbhb.exethtnhb.exedpvpp.exe1fxrrrf.exepid process 2444 vpdjd.exe 2392 hhthbh.exe 2396 3jddj.exe 2204 rlxxxfl.exe 1220 tttbtn.exe 2068 nhthnn.exe 2592 rrllxrf.exe 2704 nhbhnn.exe 2752 jdvdj.exe 2648 7rlrxxf.exe 2512 1nbhnb.exe 2660 dppdj.exe 2552 9lxflrf.exe 2760 rlfrrrx.exe 1848 pjpvd.exe 1940 rlfrxxl.exe 296 btnthh.exe 1656 1ppvj.exe 1964 lflxlxr.exe 676 tnbhtb.exe 1924 dvvvp.exe 2728 xrflrxf.exe 1720 thnbtt.exe 700 jdvjj.exe 980 5htnhn.exe 1980 tnhhtt.exe 1088 9pjdj.exe 2252 jdvvv.exe 1616 5jvvv.exe 1524 7vjdd.exe 3040 fxxfrfl.exe 568 hhttbb.exe 2212 dpvjj.exe 1716 5rffllx.exe 1684 1bttbn.exe 336 bthnbh.exe 1724 jvjjp.exe 2272 9frllll.exe 1672 lfrfrll.exe 2776 nhnntt.exe 1220 dpddv.exe 2208 xlrrfll.exe 2616 xrlrrxf.exe 2720 nnnhtt.exe 2644 pjdpj.exe 2524 pjdpd.exe 2604 fffxllr.exe 2624 nbnhnh.exe 2508 pdvdj.exe 2608 jdjdj.exe 2540 rxfrrlf.exe 1676 tnbthn.exe 2224 btbbbb.exe 1448 jvvpj.exe 1380 frlflff.exe 2316 xrlxfrx.exe 2320 nhhhnt.exe 1972 hbtnnh.exe 1964 3jvvv.exe 1580 rxfllll.exe 1908 tthbhb.exe 2712 thtnhb.exe 740 dpvpp.exe 444 1fxrrrf.exe -
Processes:
resource yara_rule behavioral1/memory/2292-7-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2444-16-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2392-26-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2396-34-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/1220-46-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2068-63-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2592-64-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2068-61-0x00000000001B0000-0x00000000001D8000-memory.dmp upx behavioral1/memory/2592-73-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2704-82-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2752-85-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2648-100-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2660-117-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2760-134-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/1940-151-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/1656-169-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/1924-189-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/676-187-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2728-204-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/1720-212-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/1720-238-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/1980-236-0x0000000000430000-0x0000000000458000-memory.dmp upx behavioral1/memory/1088-247-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/1524-273-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/3040-276-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/568-291-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2212-292-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/1724-321-0x0000000000220000-0x0000000000248000-memory.dmp upx behavioral1/memory/1724-326-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/1672-333-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2776-347-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2524-387-0x0000000000220000-0x0000000000248000-memory.dmp upx behavioral1/memory/2604-397-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/1972-469-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/1964-470-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/740-495-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/1908-504-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/444-509-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/980-522-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/692-548-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2568-619-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2616-650-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2648-676-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2456-691-0x0000000000220000-0x0000000000248000-memory.dmp upx behavioral1/memory/2656-704-0x00000000001B0000-0x00000000001D8000-memory.dmp upx behavioral1/memory/1640-813-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2412-958-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2656-993-0x0000000000430000-0x0000000000458000-memory.dmp upx behavioral1/memory/284-1008-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/1960-1021-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/1852-1034-0x0000000000400000-0x0000000000428000-memory.dmp upx behavioral1/memory/2124-1112-0x0000000000400000-0x0000000000428000-memory.dmp upx -
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
Processes:
nbnhnt.exedjdpv.exettnthh.exetnbnhn.exe7llffll.exedppdj.exebntnhb.exe5btnhh.exettntht.exenbhhhn.exepjpvd.exenhtbhh.exeffrrffl.exepdjvj.exejvddj.exe1bttbn.exebtbbhh.exe1thhtn.exebhtbbt.exethnhnh.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language nbnhnt.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language djdpv.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ttnthh.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language tnbnhn.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 7llffll.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language dppdj.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language bntnhb.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 5btnhh.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ttntht.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language nbhhhn.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language pjpvd.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language nhtbhh.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language ffrrffl.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language pdjvj.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language jvddj.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 1bttbn.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language btbbhh.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language 1thhtn.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language bhtbbt.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language thnhnh.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
237084a5edecf8ea2b8bf28db9dc942ba2a225d7a8edbf7e8f4937e0266d8654N.exevpdjd.exehhthbh.exe3jddj.exerlxxxfl.exetttbtn.exenhthnn.exerrllxrf.exenhbhnn.exejdvdj.exe7rlrxxf.exe1nbhnb.exedppdj.exe9lxflrf.exerlfrrrx.exepjpvd.exedescription pid process target process PID 2292 wrote to memory of 2444 2292 237084a5edecf8ea2b8bf28db9dc942ba2a225d7a8edbf7e8f4937e0266d8654N.exe vpdjd.exe PID 2292 wrote to memory of 2444 2292 237084a5edecf8ea2b8bf28db9dc942ba2a225d7a8edbf7e8f4937e0266d8654N.exe vpdjd.exe PID 2292 wrote to memory of 2444 2292 237084a5edecf8ea2b8bf28db9dc942ba2a225d7a8edbf7e8f4937e0266d8654N.exe vpdjd.exe PID 2292 wrote to memory of 2444 2292 237084a5edecf8ea2b8bf28db9dc942ba2a225d7a8edbf7e8f4937e0266d8654N.exe vpdjd.exe PID 2444 wrote to memory of 2392 2444 vpdjd.exe hhthbh.exe PID 2444 wrote to memory of 2392 2444 vpdjd.exe hhthbh.exe PID 2444 wrote to memory of 2392 2444 vpdjd.exe hhthbh.exe PID 2444 wrote to memory of 2392 2444 vpdjd.exe hhthbh.exe PID 2392 wrote to memory of 2396 2392 hhthbh.exe 3jddj.exe PID 2392 wrote to memory of 2396 2392 hhthbh.exe 3jddj.exe PID 2392 wrote to memory of 2396 2392 hhthbh.exe 3jddj.exe PID 2392 wrote to memory of 2396 2392 hhthbh.exe 3jddj.exe PID 2396 wrote to memory of 2204 2396 3jddj.exe rlxxxfl.exe PID 2396 wrote to memory of 2204 2396 3jddj.exe rlxxxfl.exe PID 2396 wrote to memory of 2204 2396 3jddj.exe rlxxxfl.exe PID 2396 wrote to memory of 2204 2396 3jddj.exe rlxxxfl.exe PID 2204 wrote to memory of 1220 2204 rlxxxfl.exe tttbtn.exe PID 2204 wrote to memory of 1220 2204 rlxxxfl.exe tttbtn.exe PID 2204 wrote to memory of 1220 2204 rlxxxfl.exe tttbtn.exe PID 2204 wrote to memory of 1220 2204 rlxxxfl.exe tttbtn.exe PID 1220 wrote to memory of 2068 1220 tttbtn.exe nhthnn.exe PID 1220 wrote to memory of 2068 1220 tttbtn.exe nhthnn.exe PID 1220 wrote to memory of 2068 1220 tttbtn.exe nhthnn.exe PID 1220 wrote to memory of 2068 1220 tttbtn.exe nhthnn.exe PID 2068 wrote to memory of 2592 2068 nhthnn.exe rrllxrf.exe PID 2068 wrote to memory of 2592 2068 nhthnn.exe rrllxrf.exe PID 2068 wrote to memory of 2592 2068 nhthnn.exe rrllxrf.exe PID 2068 wrote to memory of 2592 2068 nhthnn.exe rrllxrf.exe PID 2592 wrote to memory of 2704 2592 rrllxrf.exe nhbhnn.exe PID 2592 wrote to memory of 2704 2592 rrllxrf.exe nhbhnn.exe PID 2592 wrote to memory of 2704 2592 rrllxrf.exe nhbhnn.exe PID 2592 wrote to memory of 2704 2592 rrllxrf.exe nhbhnn.exe PID 2704 wrote to memory of 2752 2704 nhbhnn.exe jdvdj.exe PID 2704 wrote to memory of 2752 2704 nhbhnn.exe jdvdj.exe PID 2704 wrote to memory of 2752 2704 nhbhnn.exe jdvdj.exe PID 2704 wrote to memory of 2752 2704 nhbhnn.exe jdvdj.exe PID 2752 wrote to memory of 2648 2752 jdvdj.exe 7rlrxxf.exe PID 2752 wrote to memory of 2648 2752 jdvdj.exe 7rlrxxf.exe PID 2752 wrote to memory of 2648 2752 jdvdj.exe 7rlrxxf.exe PID 2752 wrote to memory of 2648 2752 jdvdj.exe 7rlrxxf.exe PID 2648 wrote to memory of 2512 2648 7rlrxxf.exe 1nbhnb.exe PID 2648 wrote to memory of 2512 2648 7rlrxxf.exe 1nbhnb.exe PID 2648 wrote to memory of 2512 2648 7rlrxxf.exe 1nbhnb.exe PID 2648 wrote to memory of 2512 2648 7rlrxxf.exe 1nbhnb.exe PID 2512 wrote to memory of 2660 2512 1nbhnb.exe dppdj.exe PID 2512 wrote to memory of 2660 2512 1nbhnb.exe dppdj.exe PID 2512 wrote to memory of 2660 2512 1nbhnb.exe dppdj.exe PID 2512 wrote to memory of 2660 2512 1nbhnb.exe dppdj.exe PID 2660 wrote to memory of 2552 2660 dppdj.exe 9lxflrf.exe PID 2660 wrote to memory of 2552 2660 dppdj.exe 9lxflrf.exe PID 2660 wrote to memory of 2552 2660 dppdj.exe 9lxflrf.exe PID 2660 wrote to memory of 2552 2660 dppdj.exe 9lxflrf.exe PID 2552 wrote to memory of 2760 2552 9lxflrf.exe rlfrrrx.exe PID 2552 wrote to memory of 2760 2552 9lxflrf.exe rlfrrrx.exe PID 2552 wrote to memory of 2760 2552 9lxflrf.exe rlfrrrx.exe PID 2552 wrote to memory of 2760 2552 9lxflrf.exe rlfrrrx.exe PID 2760 wrote to memory of 1848 2760 rlfrrrx.exe pjpvd.exe PID 2760 wrote to memory of 1848 2760 rlfrrrx.exe pjpvd.exe PID 2760 wrote to memory of 1848 2760 rlfrrrx.exe pjpvd.exe PID 2760 wrote to memory of 1848 2760 rlfrrrx.exe pjpvd.exe PID 1848 wrote to memory of 1940 1848 pjpvd.exe rlfrxxl.exe PID 1848 wrote to memory of 1940 1848 pjpvd.exe rlfrxxl.exe PID 1848 wrote to memory of 1940 1848 pjpvd.exe rlfrxxl.exe PID 1848 wrote to memory of 1940 1848 pjpvd.exe rlfrxxl.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\237084a5edecf8ea2b8bf28db9dc942ba2a225d7a8edbf7e8f4937e0266d8654N.exe"C:\Users\Admin\AppData\Local\Temp\237084a5edecf8ea2b8bf28db9dc942ba2a225d7a8edbf7e8f4937e0266d8654N.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2292 -
\??\c:\vpdjd.exec:\vpdjd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2444 -
\??\c:\hhthbh.exec:\hhthbh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2392 -
\??\c:\3jddj.exec:\3jddj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2396 -
\??\c:\rlxxxfl.exec:\rlxxxfl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2204 -
\??\c:\tttbtn.exec:\tttbtn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1220 -
\??\c:\nhthnn.exec:\nhthnn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2068 -
\??\c:\rrllxrf.exec:\rrllxrf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2592 -
\??\c:\nhbhnn.exec:\nhbhnn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2704 -
\??\c:\jdvdj.exec:\jdvdj.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2752 -
\??\c:\7rlrxxf.exec:\7rlrxxf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2648 -
\??\c:\1nbhnb.exec:\1nbhnb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2512 -
\??\c:\dppdj.exec:\dppdj.exe13⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2660 -
\??\c:\9lxflrf.exec:\9lxflrf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2552 -
\??\c:\rlfrrrx.exec:\rlfrrrx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2760 -
\??\c:\pjpvd.exec:\pjpvd.exe16⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1848 -
\??\c:\rlfrxxl.exec:\rlfrxxl.exe17⤵
- Executes dropped EXE
PID:1940 -
\??\c:\btnthh.exec:\btnthh.exe18⤵
- Executes dropped EXE
PID:296 -
\??\c:\1ppvj.exec:\1ppvj.exe19⤵
- Executes dropped EXE
PID:1656 -
\??\c:\lflxlxr.exec:\lflxlxr.exe20⤵
- Executes dropped EXE
PID:1964 -
\??\c:\tnbhtb.exec:\tnbhtb.exe21⤵
- Executes dropped EXE
PID:676 -
\??\c:\dvvvp.exec:\dvvvp.exe22⤵
- Executes dropped EXE
PID:1924 -
\??\c:\xrflrxf.exec:\xrflrxf.exe23⤵
- Executes dropped EXE
PID:2728 -
\??\c:\thnbtt.exec:\thnbtt.exe24⤵
- Executes dropped EXE
PID:1720 -
\??\c:\jdvjj.exec:\jdvjj.exe25⤵
- Executes dropped EXE
PID:700 -
\??\c:\5htnhn.exec:\5htnhn.exe26⤵
- Executes dropped EXE
PID:980 -
\??\c:\tnhhtt.exec:\tnhhtt.exe27⤵
- Executes dropped EXE
PID:1980 -
\??\c:\9pjdj.exec:\9pjdj.exe28⤵
- Executes dropped EXE
PID:1088 -
\??\c:\jdvvv.exec:\jdvvv.exe29⤵
- Executes dropped EXE
PID:2252 -
\??\c:\5jvvv.exec:\5jvvv.exe30⤵
- Executes dropped EXE
PID:1616 -
\??\c:\7vjdd.exec:\7vjdd.exe31⤵
- Executes dropped EXE
PID:1524 -
\??\c:\fxxfrfl.exec:\fxxfrfl.exe32⤵
- Executes dropped EXE
PID:3040 -
\??\c:\hhttbb.exec:\hhttbb.exe33⤵
- Executes dropped EXE
PID:568 -
\??\c:\dpvjj.exec:\dpvjj.exe34⤵
- Executes dropped EXE
PID:2212 -
\??\c:\5rffllx.exec:\5rffllx.exe35⤵
- Executes dropped EXE
PID:1716 -
\??\c:\1bttbn.exec:\1bttbn.exe36⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1684 -
\??\c:\bthnbh.exec:\bthnbh.exe37⤵
- Executes dropped EXE
PID:336 -
\??\c:\jvjjp.exec:\jvjjp.exe38⤵
- Executes dropped EXE
PID:1724 -
\??\c:\9frllll.exec:\9frllll.exe39⤵
- Executes dropped EXE
PID:2272 -
\??\c:\lfrfrll.exec:\lfrfrll.exe40⤵
- Executes dropped EXE
PID:1672 -
\??\c:\nhnntt.exec:\nhnntt.exe41⤵
- Executes dropped EXE
PID:2776 -
\??\c:\dpddv.exec:\dpddv.exe42⤵
- Executes dropped EXE
PID:1220 -
\??\c:\xlrrfll.exec:\xlrrfll.exe43⤵
- Executes dropped EXE
PID:2208 -
\??\c:\xrlrrxf.exec:\xrlrrxf.exe44⤵
- Executes dropped EXE
PID:2616 -
\??\c:\nnnhtt.exec:\nnnhtt.exe45⤵
- Executes dropped EXE
PID:2720 -
\??\c:\pjdpj.exec:\pjdpj.exe46⤵
- Executes dropped EXE
PID:2644 -
\??\c:\pjdpd.exec:\pjdpd.exe47⤵
- Executes dropped EXE
PID:2524 -
\??\c:\fffxllr.exec:\fffxllr.exe48⤵
- Executes dropped EXE
PID:2604 -
\??\c:\nbnhnh.exec:\nbnhnh.exe49⤵
- Executes dropped EXE
PID:2624 -
\??\c:\pdvdj.exec:\pdvdj.exe50⤵
- Executes dropped EXE
PID:2508 -
\??\c:\jdjdj.exec:\jdjdj.exe51⤵
- Executes dropped EXE
PID:2608 -
\??\c:\rxfrrlf.exec:\rxfrrlf.exe52⤵
- Executes dropped EXE
PID:2540 -
\??\c:\tnbthn.exec:\tnbthn.exe53⤵
- Executes dropped EXE
PID:1676 -
\??\c:\btbbbb.exec:\btbbbb.exe54⤵
- Executes dropped EXE
PID:2224 -
\??\c:\jvvpj.exec:\jvvpj.exe55⤵
- Executes dropped EXE
PID:1448 -
\??\c:\frlflff.exec:\frlflff.exe56⤵
- Executes dropped EXE
PID:1380 -
\??\c:\xrlxfrx.exec:\xrlxfrx.exe57⤵
- Executes dropped EXE
PID:2316 -
\??\c:\nhhhnt.exec:\nhhhnt.exe58⤵
- Executes dropped EXE
PID:2320 -
\??\c:\hbtnnh.exec:\hbtnnh.exe59⤵
- Executes dropped EXE
PID:1972 -
\??\c:\3jvvv.exec:\3jvvv.exe60⤵
- Executes dropped EXE
PID:1964 -
\??\c:\rxfllll.exec:\rxfllll.exe61⤵
- Executes dropped EXE
PID:1580 -
\??\c:\tthbhb.exec:\tthbhb.exe62⤵
- Executes dropped EXE
PID:1908 -
\??\c:\thtnhb.exec:\thtnhb.exe63⤵
- Executes dropped EXE
PID:2712 -
\??\c:\dpvpp.exec:\dpvpp.exe64⤵
- Executes dropped EXE
PID:740 -
\??\c:\1fxrrrf.exec:\1fxrrrf.exe65⤵
- Executes dropped EXE
PID:444 -
\??\c:\rfrfflr.exec:\rfrfflr.exe66⤵PID:776
-
\??\c:\5nbhtb.exec:\5nbhtb.exe67⤵PID:980
-
\??\c:\5dvdd.exec:\5dvdd.exe68⤵PID:844
-
\??\c:\dpdvv.exec:\dpdvv.exe69⤵PID:1528
-
\??\c:\xfrrrlr.exec:\xfrrrlr.exe70⤵PID:1648
-
\??\c:\9llxffr.exec:\9llxffr.exe71⤵PID:692
-
\??\c:\bnnhhb.exec:\bnnhhb.exe72⤵PID:640
-
\??\c:\9jvdd.exec:\9jvdd.exe73⤵PID:348
-
\??\c:\dvjpd.exec:\dvjpd.exe74⤵PID:3064
-
\??\c:\3rxrxrr.exec:\3rxrxrr.exe75⤵PID:2312
-
\??\c:\httnbh.exec:\httnbh.exe76⤵PID:2984
-
\??\c:\1tttth.exec:\1tttth.exe77⤵PID:2356
-
\??\c:\pvjvp.exec:\pvjvp.exe78⤵PID:1572
-
\??\c:\ffrflrf.exec:\ffrflrf.exe79⤵PID:2228
-
\??\c:\fxllrfr.exec:\fxllrfr.exe80⤵PID:2444
-
\??\c:\htbbhh.exec:\htbbhh.exe81⤵PID:2392
-
\??\c:\nhbhtb.exec:\nhbhtb.exe82⤵PID:2568
-
\??\c:\ppddv.exec:\ppddv.exe83⤵PID:1036
-
\??\c:\lxrxflr.exec:\lxrxflr.exe84⤵PID:1216
-
\??\c:\7flrxxf.exec:\7flrxxf.exe85⤵PID:2668
-
\??\c:\tnbhnt.exec:\tnbhnt.exe86⤵PID:2148
-
\??\c:\hbthtt.exec:\hbthtt.exe87⤵PID:2208
-
\??\c:\jpdvd.exec:\jpdvd.exe88⤵PID:2616
-
\??\c:\xrrxxxf.exec:\xrrxxxf.exe89⤵PID:2704
-
\??\c:\bnbbhh.exec:\bnbbhh.exe90⤵PID:2748
-
\??\c:\nhtntb.exec:\nhtntb.exe91⤵PID:2412
-
\??\c:\dvppv.exec:\dvppv.exe92⤵PID:2648
-
\??\c:\3fxfrxr.exec:\3fxfrxr.exe93⤵PID:2512
-
\??\c:\bnbhnh.exec:\bnbhnh.exe94⤵PID:2456
-
\??\c:\thttnb.exec:\thttnb.exe95⤵PID:2940
-
\??\c:\jvddd.exec:\jvddd.exe96⤵PID:2656
-
\??\c:\fxrrxfl.exec:\fxrrxfl.exe97⤵PID:2760
-
\??\c:\9ntttt.exec:\9ntttt.exe98⤵PID:1848
-
\??\c:\nhhtnb.exec:\nhhtnb.exe99⤵PID:2556
-
\??\c:\7pdvv.exec:\7pdvv.exe100⤵PID:1384
-
\??\c:\5pdjp.exec:\5pdjp.exe101⤵PID:1660
-
\??\c:\lxflrxl.exec:\lxflrxl.exe102⤵PID:2452
-
\??\c:\rfrrrrf.exec:\rfrrrrf.exe103⤵PID:2044
-
\??\c:\1hbtbb.exec:\1hbtbb.exe104⤵PID:1952
-
\??\c:\jjdjv.exec:\jjdjv.exe105⤵PID:2796
-
\??\c:\dvpvj.exec:\dvpvj.exe106⤵PID:1632
-
\??\c:\rfrlxxf.exec:\rfrlxxf.exe107⤵PID:2728
-
\??\c:\lxfxrll.exec:\lxfxrll.exe108⤵PID:2576
-
\??\c:\nbtthh.exec:\nbtthh.exe109⤵PID:1144
-
\??\c:\3ddvd.exec:\3ddvd.exe110⤵PID:956
-
\??\c:\1dvvv.exec:\1dvvv.exe111⤵PID:532
-
\??\c:\lffflrx.exec:\lffflrx.exe112⤵PID:1640
-
\??\c:\5bthnb.exec:\5bthnb.exe113⤵PID:2192
-
\??\c:\9bbnbh.exec:\9bbnbh.exe114⤵PID:904
-
\??\c:\vpdjp.exec:\vpdjp.exe115⤵PID:2252
-
\??\c:\fxrrxxf.exec:\fxrrxxf.exe116⤵PID:1616
-
\??\c:\lflrxxl.exec:\lflrxxl.exe117⤵PID:564
-
\??\c:\hbnntt.exec:\hbnntt.exe118⤵PID:3012
-
\??\c:\hbhntb.exec:\hbhntb.exe119⤵PID:1508
-
\??\c:\pjdjv.exec:\pjdjv.exe120⤵PID:568
-
\??\c:\1lxfrlx.exec:\1lxfrlx.exe121⤵PID:1820
-
\??\c:\xlfrflx.exec:\xlfrflx.exe122⤵PID:1716
-
\??\c:\nbtnbn.exec:\nbtnbn.exe123⤵PID:1708
-
\??\c:\7hnhhb.exec:\7hnhhb.exe124⤵PID:2228
-
\??\c:\3vdvp.exec:\3vdvp.exe125⤵PID:2268
-
\??\c:\rffflff.exec:\rffflff.exe126⤵PID:2272
-
\??\c:\rxlflxf.exec:\rxlflxf.exe127⤵PID:836
-
\??\c:\tnnhhh.exec:\tnnhhh.exe128⤵PID:2572
-
\??\c:\7vpvd.exec:\7vpvd.exe129⤵PID:3008
-
\??\c:\7jddd.exec:\7jddd.exe130⤵PID:2668
-
\??\c:\rlrrxfr.exec:\rlrrxfr.exe131⤵PID:2148
-
\??\c:\rxxrrrx.exec:\rxxrrrx.exe132⤵PID:2208
-
\??\c:\tnhhth.exec:\tnhhth.exe133⤵PID:2496
-
\??\c:\pdppd.exec:\pdppd.exe134⤵PID:2704
-
\??\c:\vpddd.exec:\vpddd.exe135⤵PID:2748
-
\??\c:\xxrrxxr.exec:\xxrrxxr.exe136⤵PID:2412
-
\??\c:\7xlxxrx.exec:\7xlxxrx.exe137⤵PID:2484
-
\??\c:\thtnhh.exec:\thtnhh.exe138⤵PID:2512
-
\??\c:\nttbhn.exec:\nttbhn.exe139⤵PID:2216
-
\??\c:\jdjjj.exec:\jdjjj.exe140⤵PID:2940
-
\??\c:\7rxxxxf.exec:\7rxxxxf.exe141⤵PID:2656
-
\??\c:\1xlfllx.exec:\1xlfllx.exe142⤵PID:636
-
\??\c:\nhhbbt.exec:\nhhbbt.exe143⤵PID:1804
-
\??\c:\5bnttt.exec:\5bnttt.exe144⤵PID:284
-
\??\c:\vpvpv.exec:\vpvpv.exe145⤵PID:1368
-
\??\c:\lfrrrrr.exec:\lfrrrrr.exe146⤵PID:1960
-
\??\c:\rlrrfff.exec:\rlrrfff.exe147⤵PID:2452
-
\??\c:\hhhhnn.exec:\hhhhnn.exe148⤵PID:1852
-
\??\c:\btnbhh.exec:\btnbhh.exe149⤵PID:1608
-
\??\c:\vvpdp.exec:\vvpdp.exe150⤵PID:2804
-
\??\c:\lrxfxxf.exec:\lrxfxxf.exe151⤵PID:2812
-
\??\c:\xfrxfrx.exec:\xfrxfrx.exe152⤵PID:2040
-
\??\c:\tnttbn.exec:\tnttbn.exe153⤵PID:1172
-
\??\c:\vvjpv.exec:\vvjpv.exe154⤵PID:1584
-
\??\c:\htbttt.exec:\htbttt.exe155⤵PID:1668
-
\??\c:\5thbbt.exec:\5thbbt.exe156⤵PID:980
-
\??\c:\5ppjd.exec:\5ppjd.exe157⤵PID:844
-
\??\c:\xlxxfxx.exec:\xlxxfxx.exe158⤵PID:1160
-
\??\c:\flrrrll.exec:\flrrrll.exe159⤵PID:612
-
\??\c:\btnhnb.exec:\btnhnb.exe160⤵PID:2124
-
\??\c:\htnnnn.exec:\htnnnn.exe161⤵PID:2376
-
\??\c:\jvjvp.exec:\jvjvp.exe162⤵PID:3040
-
\??\c:\5dvvd.exec:\5dvvd.exe163⤵PID:3028
-
\??\c:\flllxxl.exec:\flllxxl.exe164⤵PID:2120
-
\??\c:\1lrllll.exec:\1lrllll.exe165⤵PID:2196
-
\??\c:\thnnnh.exec:\thnnnh.exe166⤵PID:1548
-
\??\c:\tnnnnn.exec:\tnnnnn.exe167⤵PID:2244
-
\??\c:\1dddd.exec:\1dddd.exe168⤵PID:2236
-
\??\c:\jvvjj.exec:\jvvjj.exe169⤵PID:2444
-
\??\c:\7rrllxr.exec:\7rrllxr.exe170⤵PID:1808
-
\??\c:\lxxxfxx.exec:\lxxxfxx.exe171⤵PID:1304
-
\??\c:\7bnnhb.exec:\7bnnhb.exe172⤵PID:2340
-
\??\c:\5hthhh.exec:\5hthhh.exe173⤵PID:2852
-
\??\c:\9pvjd.exec:\9pvjd.exe174⤵PID:2068
-
\??\c:\jdpvp.exec:\jdpvp.exe175⤵PID:3016
-
\??\c:\xlllllr.exec:\xlllllr.exe176⤵PID:2864
-
\??\c:\thhhhh.exec:\thhhhh.exe177⤵PID:2676
-
\??\c:\7bhbbn.exec:\7bhbbn.exe178⤵PID:2816
-
\??\c:\dpddd.exec:\dpddd.exe179⤵PID:2764
-
\??\c:\1jjjd.exec:\1jjjd.exe180⤵PID:2732
-
\??\c:\frrrrrr.exec:\frrrrrr.exe181⤵PID:2600
-
\??\c:\7frllll.exec:\7frllll.exe182⤵PID:2544
-
\??\c:\htbbbt.exec:\htbbbt.exe183⤵PID:1056
-
\??\c:\thttnb.exec:\thttnb.exe184⤵PID:2996
-
\??\c:\djjvv.exec:\djjvv.exe185⤵PID:1696
-
\??\c:\lxlxlfx.exec:\lxlxlfx.exe186⤵PID:1048
-
\??\c:\1frffff.exec:\1frffff.exe187⤵PID:1712
-
\??\c:\tntnbt.exec:\tntnbt.exe188⤵PID:1380
-
\??\c:\3nbtbn.exec:\3nbtbn.exe189⤵PID:1184
-
\??\c:\vjppv.exec:\vjppv.exe190⤵PID:1368
-
\??\c:\dpvvv.exec:\dpvvv.exe191⤵PID:1972
-
\??\c:\frflrlr.exec:\frflrlr.exe192⤵PID:1320
-
\??\c:\9nbttt.exec:\9nbttt.exe193⤵PID:1624
-
\??\c:\7nbbtn.exec:\7nbbtn.exe194⤵PID:2792
-
\??\c:\pjppv.exec:\pjppv.exe195⤵PID:1200
-
\??\c:\jvjdj.exec:\jvjdj.exe196⤵PID:2824
-
\??\c:\frfxxll.exec:\frfxxll.exe197⤵PID:444
-
\??\c:\thnbbt.exec:\thnbbt.exe198⤵PID:700
-
\??\c:\bhtnnt.exec:\bhtnnt.exe199⤵PID:1748
-
\??\c:\pjvpp.exec:\pjvpp.exe200⤵PID:1348
-
\??\c:\dpdvv.exec:\dpdvv.exe201⤵PID:1604
-
\??\c:\3frrlfx.exec:\3frrlfx.exe202⤵PID:2192
-
\??\c:\thnbht.exec:\thnbht.exe203⤵PID:1732
-
\??\c:\hnnhbt.exec:\hnnhbt.exe204⤵PID:1524
-
\??\c:\3jvpd.exec:\3jvpd.exe205⤵PID:2104
-
\??\c:\vjvvv.exec:\vjvvv.exe206⤵PID:564
-
\??\c:\xllrlxx.exec:\xllrlxx.exe207⤵PID:2312
-
\??\c:\frlxxrr.exec:\frlxxrr.exe208⤵PID:2212
-
\??\c:\nbhnnn.exec:\nbhnnn.exe209⤵PID:2356
-
\??\c:\nbhbht.exec:\nbhbht.exe210⤵PID:1684
-
\??\c:\vjppj.exec:\vjppj.exe211⤵PID:2000
-
\??\c:\xlxxxrx.exec:\xlxxxrx.exe212⤵PID:2264
-
\??\c:\rflffll.exec:\rflffll.exe213⤵PID:2256
-
\??\c:\hthbhn.exec:\hthbhn.exe214⤵PID:2396
-
\??\c:\1nbtbn.exec:\1nbtbn.exe215⤵PID:1808
-
\??\c:\jppdv.exec:\jppdv.exe216⤵PID:1672
-
\??\c:\1djdv.exec:\1djdv.exe217⤵PID:2340
-
\??\c:\9rfxrff.exec:\9rfxrff.exe218⤵PID:2580
-
\??\c:\9rrrllr.exec:\9rrrllr.exe219⤵PID:2684
-
\??\c:\5thhhh.exec:\5thhhh.exe220⤵PID:2720
-
\??\c:\1bhtnh.exec:\1bhtnh.exe221⤵PID:2772
-
\??\c:\dvjjj.exec:\dvjjj.exe222⤵PID:2516
-
\??\c:\9jjdv.exec:\9jjdv.exe223⤵PID:2752
-
\??\c:\3rxxxrr.exec:\3rxxxrr.exe224⤵PID:2748
-
\??\c:\5thhnh.exec:\5thhnh.exe225⤵PID:2652
-
\??\c:\ttbbbn.exec:\ttbbbn.exe226⤵PID:2536
-
\??\c:\dpddj.exec:\dpddj.exe227⤵PID:2456
-
\??\c:\jdddv.exec:\jdddv.exe228⤵PID:2956
-
\??\c:\rfrfxrr.exec:\rfrfxrr.exe229⤵PID:2948
-
\??\c:\thnhnh.exec:\thnhnh.exe230⤵
- System Location Discovery: System Language Discovery
PID:2476 -
\??\c:\tbnhbt.exec:\tbnhbt.exe231⤵PID:636
-
\??\c:\dpvpj.exec:\dpvpj.exe232⤵PID:1664
-
\??\c:\7jpjd.exec:\7jpjd.exe233⤵PID:1068
-
\??\c:\rlxflfl.exec:\rlxflfl.exe234⤵PID:1300
-
\??\c:\1hhttn.exec:\1hhttn.exe235⤵PID:1948
-
\??\c:\7btnnb.exec:\7btnnb.exe236⤵PID:1928
-
\??\c:\pdpdj.exec:\pdpdj.exe237⤵PID:2828
-
\??\c:\vjvpp.exec:\vjvpp.exe238⤵PID:1964
-
\??\c:\xllrlff.exec:\xllrlff.exe239⤵PID:1624
-
\??\c:\bnntnn.exec:\bnntnn.exe240⤵PID:2812
-
\??\c:\1nhbbb.exec:\1nhbbb.exe241⤵PID:1752
-
\??\c:\dvvjp.exec:\dvvjp.exe242⤵PID:1720