Analysis
-
max time kernel
145s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 01:12
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
67d6f69a040c9096573aba3748954a90_NeikiAnalytics.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
67d6f69a040c9096573aba3748954a90_NeikiAnalytics.exe
-
Size
306KB
-
MD5
67d6f69a040c9096573aba3748954a90
-
SHA1
4fc4c28e79e5388b8538bfcde5f893c93f937a89
-
SHA256
ad5c9443d462de158b47993a1ff106ff7ce8e77c895af27f789f545e6dc635d8
-
SHA512
de7ef64916046bc9b2ef6fae6dfc9895ef0ce9b92eaa4efa96863f59cdf486ecca4d25cb668e31bea29db48a1e1fee884f5f6181782de69d9d05005105b8c72f
-
SSDEEP
3072:PhOm2sI93UufdC67cihfmCiiiXAQ5lpBoG74Abtud+3SomfOTr00d:Pcm7ImGddXtWrXF5lpKGsAbA+3pB0S
Malware Config
Signatures
-
Detect Blackmoon payload 41 IoCs
resource yara_rule behavioral1/memory/2000-7-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1896-11-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2456-26-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2520-47-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2516-37-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2384-61-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2088-59-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2436-79-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/3012-94-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2244-103-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1664-113-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2112-131-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2100-149-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1644-159-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/840-168-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2704-171-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/3048-188-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1576-204-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2596-213-0x00000000001B0000-0x00000000001D9000-memory.dmp family_blackmoon behavioral1/memory/1456-218-0x00000000001B0000-0x00000000001D9000-memory.dmp family_blackmoon behavioral1/memory/712-225-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1488-243-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/936-258-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/772-268-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2716-277-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1944-294-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2184-303-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2000-312-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon behavioral1/memory/1188-401-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2348-414-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1580-441-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1568-456-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2704-476-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2312-508-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/3056-522-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/880-541-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon behavioral1/memory/2568-676-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon behavioral1/memory/2392-687-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1796-847-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon behavioral1/memory/1796-846-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon behavioral1/memory/1796-884-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 1896 btnhbt.exe 2456 vvvdj.exe 2516 hhnntb.exe 2520 ddvjp.exe 2088 9fxlxrr.exe 2384 jjddp.exe 2360 xlflflx.exe 2436 bttbtb.exe 3012 jdvdp.exe 2244 rffrxlf.exe 1664 5jdjp.exe 2656 rrrxllf.exe 2112 tnhhtb.exe 1528 ddvvp.exe 2100 flfxlrr.exe 1644 vjjpp.exe 840 frlxlrx.exe 2704 tbhnbb.exe 1912 vjppp.exe 3048 rlxlxxf.exe 1576 tnbhtb.exe 2596 vpjpd.exe 1456 lxflrrf.exe 712 dvjpd.exe 496 rlxflrf.exe 1488 bttttt.exe 936 vjdjv.exe 772 xlxrlxx.exe 2716 hnnhtb.exe 1740 vpjpd.exe 1944 7xrfrfx.exe 2184 3bnbht.exe 1864 7fxlxxl.exe 2000 bththn.exe 1508 vvpdp.exe 1732 rlxxrlf.exe 2824 ttbbhh.exe 2456 pjdpv.exe 2724 jjdjd.exe 2524 5rlxlxl.exe 2588 tttnnt.exe 2388 jdddj.exe 2372 frlrxlr.exe 2488 ttntbh.exe 2392 vdddp.exe 2336 pjdvj.exe 1188 xlxxflf.exe 864 1thnhh.exe 2348 nbnntb.exe 2672 1pdpj.exe 2660 lfxxxrr.exe 2144 3nhbhb.exe 1580 1pdpj.exe 1228 pdppp.exe 1568 1xxffrl.exe 1548 nnhnbt.exe 2464 jdvpp.exe 1128 pdpvv.exe 2704 rlrxlxl.exe 2224 hhbntt.exe 2208 vdvjv.exe 2344 7vpvv.exe 1576 9frxrff.exe 2312 ntbhbh.exe -
resource yara_rule behavioral1/memory/2000-0-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2000-7-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1896-11-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2456-26-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2516-28-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2520-47-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2520-38-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2516-37-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2384-61-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2088-59-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2436-79-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/3012-94-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2244-103-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1664-113-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1528-132-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2112-131-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1644-150-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2100-149-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1644-159-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/840-160-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/840-168-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2704-171-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/3048-188-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1576-204-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/712-225-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1488-243-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/936-250-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/936-258-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/772-268-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2716-269-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2716-277-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1944-294-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2184-303-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2456-335-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2372-370-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1188-401-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2348-414-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1580-434-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1580-441-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1568-456-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2704-476-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2208-489-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2312-508-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/3056-515-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/3056-522-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2268-597-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1856-604-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2368-654-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2372-667-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2392-687-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/540-745-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1912-770-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1796-839-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1964-854-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2292-889-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2576-920-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2500-934-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2532-959-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1280-978-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2608-985-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2432-993-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2000 wrote to memory of 1896 2000 67d6f69a040c9096573aba3748954a90_NeikiAnalytics.exe 28 PID 2000 wrote to memory of 1896 2000 67d6f69a040c9096573aba3748954a90_NeikiAnalytics.exe 28 PID 2000 wrote to memory of 1896 2000 67d6f69a040c9096573aba3748954a90_NeikiAnalytics.exe 28 PID 2000 wrote to memory of 1896 2000 67d6f69a040c9096573aba3748954a90_NeikiAnalytics.exe 28 PID 1896 wrote to memory of 2456 1896 btnhbt.exe 29 PID 1896 wrote to memory of 2456 1896 btnhbt.exe 29 PID 1896 wrote to memory of 2456 1896 btnhbt.exe 29 PID 1896 wrote to memory of 2456 1896 btnhbt.exe 29 PID 2456 wrote to memory of 2516 2456 vvvdj.exe 30 PID 2456 wrote to memory of 2516 2456 vvvdj.exe 30 PID 2456 wrote to memory of 2516 2456 vvvdj.exe 30 PID 2456 wrote to memory of 2516 2456 vvvdj.exe 30 PID 2516 wrote to memory of 2520 2516 hhnntb.exe 31 PID 2516 wrote to memory of 2520 2516 hhnntb.exe 31 PID 2516 wrote to memory of 2520 2516 hhnntb.exe 31 PID 2516 wrote to memory of 2520 2516 hhnntb.exe 31 PID 2520 wrote to memory of 2088 2520 ddvjp.exe 32 PID 2520 wrote to memory of 2088 2520 ddvjp.exe 32 PID 2520 wrote to memory of 2088 2520 ddvjp.exe 32 PID 2520 wrote to memory of 2088 2520 ddvjp.exe 32 PID 2088 wrote to memory of 2384 2088 9fxlxrr.exe 33 PID 2088 wrote to memory of 2384 2088 9fxlxrr.exe 33 PID 2088 wrote to memory of 2384 2088 9fxlxrr.exe 33 PID 2088 wrote to memory of 2384 2088 9fxlxrr.exe 33 PID 2384 wrote to memory of 2360 2384 jjddp.exe 34 PID 2384 wrote to memory of 2360 2384 jjddp.exe 34 PID 2384 wrote to memory of 2360 2384 jjddp.exe 34 PID 2384 wrote to memory of 2360 2384 jjddp.exe 34 PID 2360 wrote to memory of 2436 2360 xlflflx.exe 35 PID 2360 wrote to memory of 2436 2360 xlflflx.exe 35 PID 2360 wrote to memory of 2436 2360 xlflflx.exe 35 PID 2360 wrote to memory of 2436 2360 xlflflx.exe 35 PID 2436 wrote to memory of 3012 2436 bttbtb.exe 36 PID 2436 wrote to memory of 3012 2436 bttbtb.exe 36 PID 2436 wrote to memory of 3012 2436 bttbtb.exe 36 PID 2436 wrote to memory of 3012 2436 bttbtb.exe 36 PID 3012 wrote to memory of 2244 3012 jdvdp.exe 37 PID 3012 wrote to memory of 2244 3012 jdvdp.exe 37 PID 3012 wrote to memory of 2244 3012 jdvdp.exe 37 PID 3012 wrote to memory of 2244 3012 jdvdp.exe 37 PID 2244 wrote to memory of 1664 2244 rffrxlf.exe 38 PID 2244 wrote to memory of 1664 2244 rffrxlf.exe 38 PID 2244 wrote to memory of 1664 2244 rffrxlf.exe 38 PID 2244 wrote to memory of 1664 2244 rffrxlf.exe 38 PID 1664 wrote to memory of 2656 1664 5jdjp.exe 39 PID 1664 wrote to memory of 2656 1664 5jdjp.exe 39 PID 1664 wrote to memory of 2656 1664 5jdjp.exe 39 PID 1664 wrote to memory of 2656 1664 5jdjp.exe 39 PID 2656 wrote to memory of 2112 2656 rrrxllf.exe 40 PID 2656 wrote to memory of 2112 2656 rrrxllf.exe 40 PID 2656 wrote to memory of 2112 2656 rrrxllf.exe 40 PID 2656 wrote to memory of 2112 2656 rrrxllf.exe 40 PID 2112 wrote to memory of 1528 2112 tnhhtb.exe 41 PID 2112 wrote to memory of 1528 2112 tnhhtb.exe 41 PID 2112 wrote to memory of 1528 2112 tnhhtb.exe 41 PID 2112 wrote to memory of 1528 2112 tnhhtb.exe 41 PID 1528 wrote to memory of 2100 1528 ddvvp.exe 42 PID 1528 wrote to memory of 2100 1528 ddvvp.exe 42 PID 1528 wrote to memory of 2100 1528 ddvvp.exe 42 PID 1528 wrote to memory of 2100 1528 ddvvp.exe 42 PID 2100 wrote to memory of 1644 2100 flfxlrr.exe 43 PID 2100 wrote to memory of 1644 2100 flfxlrr.exe 43 PID 2100 wrote to memory of 1644 2100 flfxlrr.exe 43 PID 2100 wrote to memory of 1644 2100 flfxlrr.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\67d6f69a040c9096573aba3748954a90_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\67d6f69a040c9096573aba3748954a90_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2000 -
\??\c:\btnhbt.exec:\btnhbt.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1896 -
\??\c:\vvvdj.exec:\vvvdj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2456 -
\??\c:\hhnntb.exec:\hhnntb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2516 -
\??\c:\ddvjp.exec:\ddvjp.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2520 -
\??\c:\9fxlxrr.exec:\9fxlxrr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2088 -
\??\c:\jjddp.exec:\jjddp.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2384 -
\??\c:\xlflflx.exec:\xlflflx.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2360 -
\??\c:\bttbtb.exec:\bttbtb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2436 -
\??\c:\jdvdp.exec:\jdvdp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3012 -
\??\c:\rffrxlf.exec:\rffrxlf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2244 -
\??\c:\5jdjp.exec:\5jdjp.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1664 -
\??\c:\rrrxllf.exec:\rrrxllf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2656 -
\??\c:\tnhhtb.exec:\tnhhtb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2112 -
\??\c:\ddvvp.exec:\ddvvp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1528 -
\??\c:\flfxlrr.exec:\flfxlrr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2100 -
\??\c:\vjjpp.exec:\vjjpp.exe17⤵
- Executes dropped EXE
PID:1644 -
\??\c:\frlxlrx.exec:\frlxlrx.exe18⤵
- Executes dropped EXE
PID:840 -
\??\c:\tbhnbb.exec:\tbhnbb.exe19⤵
- Executes dropped EXE
PID:2704 -
\??\c:\vjppp.exec:\vjppp.exe20⤵
- Executes dropped EXE
PID:1912 -
\??\c:\rlxlxxf.exec:\rlxlxxf.exe21⤵
- Executes dropped EXE
PID:3048 -
\??\c:\tnbhtb.exec:\tnbhtb.exe22⤵
- Executes dropped EXE
PID:1576 -
\??\c:\vpjpd.exec:\vpjpd.exe23⤵
- Executes dropped EXE
PID:2596 -
\??\c:\lxflrrf.exec:\lxflrrf.exe24⤵
- Executes dropped EXE
PID:1456 -
\??\c:\dvjpd.exec:\dvjpd.exe25⤵
- Executes dropped EXE
PID:712 -
\??\c:\rlxflrf.exec:\rlxflrf.exe26⤵
- Executes dropped EXE
PID:496 -
\??\c:\bttttt.exec:\bttttt.exe27⤵
- Executes dropped EXE
PID:1488 -
\??\c:\vjdjv.exec:\vjdjv.exe28⤵
- Executes dropped EXE
PID:936 -
\??\c:\xlxrlxx.exec:\xlxrlxx.exe29⤵
- Executes dropped EXE
PID:772 -
\??\c:\hnnhtb.exec:\hnnhtb.exe30⤵
- Executes dropped EXE
PID:2716 -
\??\c:\vpjpd.exec:\vpjpd.exe31⤵
- Executes dropped EXE
PID:1740 -
\??\c:\7xrfrfx.exec:\7xrfrfx.exe32⤵
- Executes dropped EXE
PID:1944 -
\??\c:\3bnbht.exec:\3bnbht.exe33⤵
- Executes dropped EXE
PID:2184 -
\??\c:\7fxlxxl.exec:\7fxlxxl.exe34⤵
- Executes dropped EXE
PID:1864 -
\??\c:\bththn.exec:\bththn.exe35⤵
- Executes dropped EXE
PID:2000 -
\??\c:\vvpdp.exec:\vvpdp.exe36⤵
- Executes dropped EXE
PID:1508 -
\??\c:\rlxxrlf.exec:\rlxxrlf.exe37⤵
- Executes dropped EXE
PID:1732 -
\??\c:\ttbbhh.exec:\ttbbhh.exe38⤵
- Executes dropped EXE
PID:2824 -
\??\c:\pjdpv.exec:\pjdpv.exe39⤵
- Executes dropped EXE
PID:2456 -
\??\c:\jjdjd.exec:\jjdjd.exe40⤵
- Executes dropped EXE
PID:2724 -
\??\c:\5rlxlxl.exec:\5rlxlxl.exe41⤵
- Executes dropped EXE
PID:2524 -
\??\c:\tttnnt.exec:\tttnnt.exe42⤵
- Executes dropped EXE
PID:2588 -
\??\c:\jdddj.exec:\jdddj.exe43⤵
- Executes dropped EXE
PID:2388 -
\??\c:\frlrxlr.exec:\frlrxlr.exe44⤵
- Executes dropped EXE
PID:2372 -
\??\c:\ttntbh.exec:\ttntbh.exe45⤵
- Executes dropped EXE
PID:2488 -
\??\c:\vdddp.exec:\vdddp.exe46⤵
- Executes dropped EXE
PID:2392 -
\??\c:\pjdvj.exec:\pjdvj.exe47⤵
- Executes dropped EXE
PID:2336 -
\??\c:\xlxxflf.exec:\xlxxflf.exe48⤵
- Executes dropped EXE
PID:1188 -
\??\c:\1thnhh.exec:\1thnhh.exe49⤵
- Executes dropped EXE
PID:864 -
\??\c:\nbnntb.exec:\nbnntb.exe50⤵
- Executes dropped EXE
PID:2348 -
\??\c:\1pdpj.exec:\1pdpj.exe51⤵
- Executes dropped EXE
PID:2672 -
\??\c:\lfxxxrr.exec:\lfxxxrr.exe52⤵
- Executes dropped EXE
PID:2660 -
\??\c:\3nhbhb.exec:\3nhbhb.exe53⤵
- Executes dropped EXE
PID:2144 -
\??\c:\1pdpj.exec:\1pdpj.exe54⤵
- Executes dropped EXE
PID:1580 -
\??\c:\pdppp.exec:\pdppp.exe55⤵
- Executes dropped EXE
PID:1228 -
\??\c:\1xxffrl.exec:\1xxffrl.exe56⤵
- Executes dropped EXE
PID:1568 -
\??\c:\nnhnbt.exec:\nnhnbt.exe57⤵
- Executes dropped EXE
PID:1548 -
\??\c:\jdvpp.exec:\jdvpp.exe58⤵
- Executes dropped EXE
PID:2464 -
\??\c:\pdpvv.exec:\pdpvv.exe59⤵
- Executes dropped EXE
PID:1128 -
\??\c:\rlrxlxl.exec:\rlrxlxl.exe60⤵
- Executes dropped EXE
PID:2704 -
\??\c:\hhbntt.exec:\hhbntt.exe61⤵
- Executes dropped EXE
PID:2224 -
\??\c:\vdvjv.exec:\vdvjv.exe62⤵
- Executes dropped EXE
PID:2208 -
\??\c:\7vpvv.exec:\7vpvv.exe63⤵
- Executes dropped EXE
PID:2344 -
\??\c:\9frxrff.exec:\9frxrff.exe64⤵
- Executes dropped EXE
PID:1576 -
\??\c:\ntbhbh.exec:\ntbhbh.exe65⤵
- Executes dropped EXE
PID:2312 -
\??\c:\5htbbb.exec:\5htbbb.exe66⤵PID:3056
-
\??\c:\5jppj.exec:\5jppj.exe67⤵PID:2880
-
\??\c:\fxxlfll.exec:\fxxlfll.exe68⤵PID:2300
-
\??\c:\7ffxxfx.exec:\7ffxxfx.exe69⤵PID:880
-
\??\c:\hbnhbt.exec:\hbnhbt.exe70⤵PID:1488
-
\??\c:\7dvjp.exec:\7dvjp.exe71⤵PID:2744
-
\??\c:\lrrlxrx.exec:\lrrlxrx.exe72⤵PID:960
-
\??\c:\lxrflll.exec:\lxrflll.exe73⤵PID:772
-
\??\c:\nbhnnt.exec:\nbhnnt.exe74⤵PID:2004
-
\??\c:\vvjjv.exec:\vvjjv.exe75⤵PID:1940
-
\??\c:\pvvvj.exec:\pvvvj.exe76⤵PID:2692
-
\??\c:\lxrrxlr.exec:\lxrrxlr.exe77⤵PID:992
-
\??\c:\hnthbt.exec:\hnthbt.exe78⤵PID:916
-
\??\c:\nhtbnn.exec:\nhtbnn.exe79⤵PID:2268
-
\??\c:\pvjjp.exec:\pvjjp.exe80⤵PID:1856
-
\??\c:\9xlflfr.exec:\9xlflfr.exe81⤵PID:2936
-
\??\c:\lfrxrrx.exec:\lfrxrrx.exe82⤵PID:2872
-
\??\c:\bbntnh.exec:\bbntnh.exe83⤵PID:2580
-
\??\c:\htbnnt.exec:\htbnnt.exe84⤵PID:2508
-
\??\c:\pvpdd.exec:\pvpdd.exe85⤵PID:2568
-
\??\c:\3rrxflx.exec:\3rrxflx.exe86⤵PID:2624
-
\??\c:\rxxfxfx.exec:\rxxfxfx.exe87⤵PID:2096
-
\??\c:\btbbnh.exec:\btbbnh.exe88⤵PID:2368
-
\??\c:\pjvvp.exec:\pjvvp.exe89⤵PID:2380
-
\??\c:\rlfrflf.exec:\rlfrflf.exe90⤵PID:2372
-
\??\c:\frfflxl.exec:\frfflxl.exe91⤵PID:2436
-
\??\c:\nbtntn.exec:\nbtntn.exe92⤵PID:2392
-
\??\c:\ppvdp.exec:\ppvdp.exe93⤵PID:2816
-
\??\c:\pddvp.exec:\pddvp.exe94⤵PID:1248
-
\??\c:\1rflrfl.exec:\1rflrfl.exe95⤵PID:2592
-
\??\c:\rlxllff.exec:\rlxllff.exe96⤵PID:1632
-
\??\c:\bntntt.exec:\bntntt.exe97⤵PID:2148
-
\??\c:\ppjpp.exec:\ppjpp.exe98⤵PID:2660
-
\??\c:\dddvj.exec:\dddvj.exe99⤵PID:1324
-
\??\c:\rrlxrxx.exec:\rrlxrxx.exe100⤵PID:1792
-
\??\c:\nnhtbh.exec:\nnhtbh.exe101⤵PID:1584
-
\??\c:\tnbbtb.exec:\tnbbtb.exe102⤵PID:540
-
\??\c:\jpvvj.exec:\jpvvj.exe103⤵PID:1548
-
\??\c:\rlflfrl.exec:\rlflfrl.exe104⤵PID:1840
-
\??\c:\fxrxffx.exec:\fxrxffx.exe105⤵PID:1948
-
\??\c:\nhhnbn.exec:\nhhnbn.exe106⤵PID:1912
-
\??\c:\9hbntt.exec:\9hbntt.exe107⤵PID:2460
-
\??\c:\9pdpp.exec:\9pdpp.exe108⤵PID:2340
-
\??\c:\xlxxffl.exec:\xlxxffl.exe109⤵PID:640
-
\??\c:\rrrxrxl.exec:\rrrxrxl.exe110⤵PID:1480
-
\??\c:\ttttht.exec:\ttttht.exe111⤵PID:1444
-
\??\c:\hbnbnt.exec:\hbnbnt.exe112⤵PID:2752
-
\??\c:\ppddd.exec:\ppddd.exe113⤵PID:1108
-
\??\c:\9xrrrxr.exec:\9xrrrxr.exe114⤵PID:1888
-
\??\c:\7fxffrr.exec:\7fxffrr.exe115⤵PID:1604
-
\??\c:\nnhhbh.exec:\nnhhbh.exe116⤵PID:768
-
\??\c:\pvvdv.exec:\pvvdv.exe117⤵PID:1796
-
\??\c:\vpddv.exec:\vpddv.exe118⤵PID:2060
-
\??\c:\rxrfrrx.exec:\rxrfrrx.exe119⤵PID:1964
-
\??\c:\ttbhtn.exec:\ttbhtn.exe120⤵PID:2232
-
\??\c:\vvpjp.exec:\vvpjp.exe121⤵PID:1940
-
\??\c:\vvvpd.exec:\vvvpd.exe122⤵PID:2692
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-