Analysis
-
max time kernel
151s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 01:21
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
69a4746e4483f64c102f1531ddd50800_NeikiAnalytics.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
69a4746e4483f64c102f1531ddd50800_NeikiAnalytics.exe
-
Size
473KB
-
MD5
69a4746e4483f64c102f1531ddd50800
-
SHA1
e2da8274041c61cf4a3d5128bf0073af6aa60417
-
SHA256
e8d6ce5e804341cd88f88bba798d64bbbb74cfd2663291bbdd223c92a6edc630
-
SHA512
2ca96815c9d2103be8989f78b04ce4ed99f3106bfa5d64e551ac78f8dea1d45ea1b7a09828d1f4c32d2236ba21c2c66c362fcbd20ae66e8b755b8ae35b5411cc
-
SSDEEP
6144:lcm7ImGddXmNt251UriZFwT+aZKl7pg1xBo:H7Tc2NYHUrAwT+OKLSjo
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral1/memory/2432-12-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2212-9-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2432-22-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2432-19-0x0000000000220000-0x00000000002E4000-memory.dmp family_blackmoon behavioral1/memory/2944-33-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2944-29-0x0000000000330000-0x00000000003F4000-memory.dmp family_blackmoon behavioral1/memory/2584-36-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2584-43-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2484-44-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2484-52-0x0000000001E00000-0x0000000001EC4000-memory.dmp family_blackmoon behavioral1/memory/2704-57-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2484-54-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2568-65-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2704-63-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2360-75-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2568-73-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2360-82-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/1124-87-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2360-85-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2360-84-0x0000000001E50000-0x0000000001F14000-memory.dmp family_blackmoon behavioral1/memory/1124-96-0x0000000000220000-0x00000000002E4000-memory.dmp family_blackmoon behavioral1/memory/1124-97-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/1124-95-0x0000000000220000-0x00000000002E4000-memory.dmp family_blackmoon behavioral1/memory/1508-110-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/1876-109-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/1508-114-0x0000000001DB0000-0x0000000001E74000-memory.dmp family_blackmoon behavioral1/memory/1508-120-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2764-121-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2764-128-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2764-129-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/1856-138-0x0000000000220000-0x00000000002E4000-memory.dmp family_blackmoon behavioral1/memory/1856-139-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2032-144-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/1856-143-0x0000000000220000-0x00000000002E4000-memory.dmp family_blackmoon behavioral1/memory/824-152-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2032-150-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2032-149-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/1824-162-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/824-161-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/1824-171-0x0000000001D90000-0x0000000001E54000-memory.dmp family_blackmoon behavioral1/memory/1644-174-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/1824-173-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/916-184-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/1644-183-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/916-192-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2052-196-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2052-202-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/476-208-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2052-203-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/476-215-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/476-213-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/372-225-0x0000000001D20000-0x0000000001DE4000-memory.dmp family_blackmoon behavioral1/memory/2844-229-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/372-227-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/2844-236-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/1308-238-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/1308-247-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/964-256-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/964-255-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/1784-258-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/1784-266-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/1988-271-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/552-279-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon behavioral1/memory/1988-278-0x0000000000400000-0x00000000004C4000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 2432 xrpjd.exe 2944 rtxxd.exe 2584 vjftnh.exe 2484 lxdxt.exe 2704 vvvvdfb.exe 2568 dlxfrj.exe 2360 btntdb.exe 1124 tvfhphn.exe 1876 lbdhjb.exe 1508 ptvdtff.exe 2764 rfjnptv.exe 1856 hphdl.exe 2032 hdjxvd.exe 824 dhdbddh.exe 1824 xnvlhpl.exe 1644 rnvtp.exe 916 fxfrtp.exe 2052 fhxxt.exe 476 dfvvnd.exe 372 vdnph.exe 2844 vbxlxjn.exe 1308 npfvb.exe 964 rdxrh.exe 1784 xvlfh.exe 1988 tbhfjr.exe 552 hvtxnpx.exe 1940 vpbhlxj.exe 2772 tnhxp.exe 2232 dfldn.exe 2112 bpvtd.exe 1596 tlbnjnd.exe 2916 dpvjp.exe 2580 thldrl.exe 2544 hxfxrvj.exe 2456 dbjnxtf.exe 2660 xxnbfht.exe 2664 hhrvbnt.exe 2776 vpdlhvl.exe 2616 tvndb.exe 1476 hphtfb.exe 1100 ltnjv.exe 2448 xjnbrrj.exe 2656 lntfhjd.exe 1864 dvhvp.exe 2040 jtxfnd.exe 2308 htxdftt.exe 1460 jlvfbr.exe 1132 drxjfh.exe 488 pjxjp.exe 1428 rrtrv.exe 1192 ttttvxl.exe 880 vtprd.exe 932 bfphvrl.exe 1948 vrhlrhd.exe 1204 fplffp.exe 2144 vpbjdjh.exe 2284 pbhrr.exe 476 vfjxtd.exe 2860 ptdrft.exe 560 lhpbp.exe 2148 fhxbl.exe 668 pdthlnx.exe 2004 xxppj.exe 1612 nvthtlb.exe -
resource yara_rule behavioral1/memory/2212-0-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2432-12-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2212-9-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2432-22-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2432-19-0x0000000000220000-0x00000000002E4000-memory.dmp upx behavioral1/memory/2944-33-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2584-36-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2584-43-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2484-52-0x0000000001E00000-0x0000000001EC4000-memory.dmp upx behavioral1/memory/2704-57-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2484-54-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2568-65-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2704-63-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2360-75-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2568-73-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2360-85-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2360-84-0x0000000001E50000-0x0000000001F14000-memory.dmp upx behavioral1/memory/1124-97-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/1876-99-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/1876-109-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/1508-120-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2764-121-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2764-129-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/1856-139-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2032-144-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/824-152-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2032-150-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2032-149-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/1824-162-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/824-161-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/1644-174-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/1824-173-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/916-184-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/1644-183-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/916-192-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2052-196-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/476-208-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2052-203-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/476-215-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2844-229-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/372-227-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2844-236-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/1308-238-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/1308-247-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/964-248-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/964-256-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/964-255-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/1784-258-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/1784-266-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/1988-271-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/552-279-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/1988-278-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/1940-292-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/552-287-0x00000000004D0000-0x0000000000594000-memory.dmp upx behavioral1/memory/552-289-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/1940-299-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/1940-298-0x0000000000320000-0x00000000003E4000-memory.dmp upx behavioral1/memory/2772-311-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2232-313-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2112-323-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/1596-333-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2580-352-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2916-350-0x0000000000400000-0x00000000004C4000-memory.dmp upx behavioral1/memory/2916-342-0x0000000000400000-0x00000000004C4000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2212 wrote to memory of 2432 2212 69a4746e4483f64c102f1531ddd50800_NeikiAnalytics.exe 28 PID 2212 wrote to memory of 2432 2212 69a4746e4483f64c102f1531ddd50800_NeikiAnalytics.exe 28 PID 2212 wrote to memory of 2432 2212 69a4746e4483f64c102f1531ddd50800_NeikiAnalytics.exe 28 PID 2212 wrote to memory of 2432 2212 69a4746e4483f64c102f1531ddd50800_NeikiAnalytics.exe 28 PID 2432 wrote to memory of 2944 2432 xrpjd.exe 29 PID 2432 wrote to memory of 2944 2432 xrpjd.exe 29 PID 2432 wrote to memory of 2944 2432 xrpjd.exe 29 PID 2432 wrote to memory of 2944 2432 xrpjd.exe 29 PID 2944 wrote to memory of 2584 2944 rtxxd.exe 30 PID 2944 wrote to memory of 2584 2944 rtxxd.exe 30 PID 2944 wrote to memory of 2584 2944 rtxxd.exe 30 PID 2944 wrote to memory of 2584 2944 rtxxd.exe 30 PID 2584 wrote to memory of 2484 2584 vjftnh.exe 31 PID 2584 wrote to memory of 2484 2584 vjftnh.exe 31 PID 2584 wrote to memory of 2484 2584 vjftnh.exe 31 PID 2584 wrote to memory of 2484 2584 vjftnh.exe 31 PID 2484 wrote to memory of 2704 2484 lxdxt.exe 32 PID 2484 wrote to memory of 2704 2484 lxdxt.exe 32 PID 2484 wrote to memory of 2704 2484 lxdxt.exe 32 PID 2484 wrote to memory of 2704 2484 lxdxt.exe 32 PID 2704 wrote to memory of 2568 2704 vvvvdfb.exe 33 PID 2704 wrote to memory of 2568 2704 vvvvdfb.exe 33 PID 2704 wrote to memory of 2568 2704 vvvvdfb.exe 33 PID 2704 wrote to memory of 2568 2704 vvvvdfb.exe 33 PID 2568 wrote to memory of 2360 2568 dlxfrj.exe 34 PID 2568 wrote to memory of 2360 2568 dlxfrj.exe 34 PID 2568 wrote to memory of 2360 2568 dlxfrj.exe 34 PID 2568 wrote to memory of 2360 2568 dlxfrj.exe 34 PID 2360 wrote to memory of 1124 2360 btntdb.exe 35 PID 2360 wrote to memory of 1124 2360 btntdb.exe 35 PID 2360 wrote to memory of 1124 2360 btntdb.exe 35 PID 2360 wrote to memory of 1124 2360 btntdb.exe 35 PID 1124 wrote to memory of 1876 1124 tvfhphn.exe 36 PID 1124 wrote to memory of 1876 1124 tvfhphn.exe 36 PID 1124 wrote to memory of 1876 1124 tvfhphn.exe 36 PID 1124 wrote to memory of 1876 1124 tvfhphn.exe 36 PID 1876 wrote to memory of 1508 1876 lbdhjb.exe 37 PID 1876 wrote to memory of 1508 1876 lbdhjb.exe 37 PID 1876 wrote to memory of 1508 1876 lbdhjb.exe 37 PID 1876 wrote to memory of 1508 1876 lbdhjb.exe 37 PID 1508 wrote to memory of 2764 1508 ptvdtff.exe 38 PID 1508 wrote to memory of 2764 1508 ptvdtff.exe 38 PID 1508 wrote to memory of 2764 1508 ptvdtff.exe 38 PID 1508 wrote to memory of 2764 1508 ptvdtff.exe 38 PID 2764 wrote to memory of 1856 2764 rfjnptv.exe 39 PID 2764 wrote to memory of 1856 2764 rfjnptv.exe 39 PID 2764 wrote to memory of 1856 2764 rfjnptv.exe 39 PID 2764 wrote to memory of 1856 2764 rfjnptv.exe 39 PID 1856 wrote to memory of 2032 1856 hphdl.exe 40 PID 1856 wrote to memory of 2032 1856 hphdl.exe 40 PID 1856 wrote to memory of 2032 1856 hphdl.exe 40 PID 1856 wrote to memory of 2032 1856 hphdl.exe 40 PID 2032 wrote to memory of 824 2032 hdjxvd.exe 41 PID 2032 wrote to memory of 824 2032 hdjxvd.exe 41 PID 2032 wrote to memory of 824 2032 hdjxvd.exe 41 PID 2032 wrote to memory of 824 2032 hdjxvd.exe 41 PID 824 wrote to memory of 1824 824 dhdbddh.exe 42 PID 824 wrote to memory of 1824 824 dhdbddh.exe 42 PID 824 wrote to memory of 1824 824 dhdbddh.exe 42 PID 824 wrote to memory of 1824 824 dhdbddh.exe 42 PID 1824 wrote to memory of 1644 1824 xnvlhpl.exe 43 PID 1824 wrote to memory of 1644 1824 xnvlhpl.exe 43 PID 1824 wrote to memory of 1644 1824 xnvlhpl.exe 43 PID 1824 wrote to memory of 1644 1824 xnvlhpl.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\69a4746e4483f64c102f1531ddd50800_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\69a4746e4483f64c102f1531ddd50800_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2212 -
\??\c:\xrpjd.exec:\xrpjd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2432 -
\??\c:\rtxxd.exec:\rtxxd.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2944 -
\??\c:\vjftnh.exec:\vjftnh.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2584 -
\??\c:\lxdxt.exec:\lxdxt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2484 -
\??\c:\vvvvdfb.exec:\vvvvdfb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2704 -
\??\c:\dlxfrj.exec:\dlxfrj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2568 -
\??\c:\btntdb.exec:\btntdb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2360 -
\??\c:\tvfhphn.exec:\tvfhphn.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1124 -
\??\c:\lbdhjb.exec:\lbdhjb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1876 -
\??\c:\ptvdtff.exec:\ptvdtff.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1508 -
\??\c:\rfjnptv.exec:\rfjnptv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2764 -
\??\c:\hphdl.exec:\hphdl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1856 -
\??\c:\hdjxvd.exec:\hdjxvd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2032 -
\??\c:\dhdbddh.exec:\dhdbddh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:824 -
\??\c:\xnvlhpl.exec:\xnvlhpl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1824 -
\??\c:\rnvtp.exec:\rnvtp.exe17⤵
- Executes dropped EXE
PID:1644 -
\??\c:\fxfrtp.exec:\fxfrtp.exe18⤵
- Executes dropped EXE
PID:916 -
\??\c:\fhxxt.exec:\fhxxt.exe19⤵
- Executes dropped EXE
PID:2052 -
\??\c:\dfvvnd.exec:\dfvvnd.exe20⤵
- Executes dropped EXE
PID:476 -
\??\c:\vdnph.exec:\vdnph.exe21⤵
- Executes dropped EXE
PID:372 -
\??\c:\vbxlxjn.exec:\vbxlxjn.exe22⤵
- Executes dropped EXE
PID:2844 -
\??\c:\npfvb.exec:\npfvb.exe23⤵
- Executes dropped EXE
PID:1308 -
\??\c:\rdxrh.exec:\rdxrh.exe24⤵
- Executes dropped EXE
PID:964 -
\??\c:\xvlfh.exec:\xvlfh.exe25⤵
- Executes dropped EXE
PID:1784 -
\??\c:\tbhfjr.exec:\tbhfjr.exe26⤵
- Executes dropped EXE
PID:1988 -
\??\c:\hvtxnpx.exec:\hvtxnpx.exe27⤵
- Executes dropped EXE
PID:552 -
\??\c:\vpbhlxj.exec:\vpbhlxj.exe28⤵
- Executes dropped EXE
PID:1940 -
\??\c:\tnhxp.exec:\tnhxp.exe29⤵
- Executes dropped EXE
PID:2772 -
\??\c:\dfldn.exec:\dfldn.exe30⤵
- Executes dropped EXE
PID:2232 -
\??\c:\bpvtd.exec:\bpvtd.exe31⤵
- Executes dropped EXE
PID:2112 -
\??\c:\tlbnjnd.exec:\tlbnjnd.exe32⤵
- Executes dropped EXE
PID:1596 -
\??\c:\dpvjp.exec:\dpvjp.exe33⤵
- Executes dropped EXE
PID:2916 -
\??\c:\thldrl.exec:\thldrl.exe34⤵
- Executes dropped EXE
PID:2580 -
\??\c:\hxfxrvj.exec:\hxfxrvj.exe35⤵
- Executes dropped EXE
PID:2544 -
\??\c:\dbjnxtf.exec:\dbjnxtf.exe36⤵
- Executes dropped EXE
PID:2456 -
\??\c:\xxnbfht.exec:\xxnbfht.exe37⤵
- Executes dropped EXE
PID:2660 -
\??\c:\hhrvbnt.exec:\hhrvbnt.exe38⤵
- Executes dropped EXE
PID:2664 -
\??\c:\vpdlhvl.exec:\vpdlhvl.exe39⤵
- Executes dropped EXE
PID:2776 -
\??\c:\tvndb.exec:\tvndb.exe40⤵
- Executes dropped EXE
PID:2616 -
\??\c:\hphtfb.exec:\hphtfb.exe41⤵
- Executes dropped EXE
PID:1476 -
\??\c:\ltnjv.exec:\ltnjv.exe42⤵
- Executes dropped EXE
PID:1100 -
\??\c:\xjnbrrj.exec:\xjnbrrj.exe43⤵
- Executes dropped EXE
PID:2448 -
\??\c:\lntfhjd.exec:\lntfhjd.exe44⤵
- Executes dropped EXE
PID:2656 -
\??\c:\dvhvp.exec:\dvhvp.exe45⤵
- Executes dropped EXE
PID:1864 -
\??\c:\jtxfnd.exec:\jtxfnd.exe46⤵
- Executes dropped EXE
PID:2040 -
\??\c:\htxdftt.exec:\htxdftt.exe47⤵
- Executes dropped EXE
PID:2308 -
\??\c:\jlvfbr.exec:\jlvfbr.exe48⤵
- Executes dropped EXE
PID:1460 -
\??\c:\drxjfh.exec:\drxjfh.exe49⤵
- Executes dropped EXE
PID:1132 -
\??\c:\pjxjp.exec:\pjxjp.exe50⤵
- Executes dropped EXE
PID:488 -
\??\c:\rrtrv.exec:\rrtrv.exe51⤵
- Executes dropped EXE
PID:1428 -
\??\c:\ttttvxl.exec:\ttttvxl.exe52⤵
- Executes dropped EXE
PID:1192 -
\??\c:\vtprd.exec:\vtprd.exe53⤵
- Executes dropped EXE
PID:880 -
\??\c:\bfphvrl.exec:\bfphvrl.exe54⤵
- Executes dropped EXE
PID:932 -
\??\c:\vrhlrhd.exec:\vrhlrhd.exe55⤵
- Executes dropped EXE
PID:1948 -
\??\c:\fplffp.exec:\fplffp.exe56⤵
- Executes dropped EXE
PID:1204 -
\??\c:\vpbjdjh.exec:\vpbjdjh.exe57⤵
- Executes dropped EXE
PID:2144 -
\??\c:\pbhrr.exec:\pbhrr.exe58⤵
- Executes dropped EXE
PID:2284 -
\??\c:\vfjxtd.exec:\vfjxtd.exe59⤵
- Executes dropped EXE
PID:476 -
\??\c:\ptdrft.exec:\ptdrft.exe60⤵
- Executes dropped EXE
PID:2860 -
\??\c:\lhpbp.exec:\lhpbp.exe61⤵
- Executes dropped EXE
PID:560 -
\??\c:\fhxbl.exec:\fhxbl.exe62⤵
- Executes dropped EXE
PID:2148 -
\??\c:\pdthlnx.exec:\pdthlnx.exe63⤵
- Executes dropped EXE
PID:668 -
\??\c:\xxppj.exec:\xxppj.exe64⤵
- Executes dropped EXE
PID:2004 -
\??\c:\nvthtlb.exec:\nvthtlb.exe65⤵
- Executes dropped EXE
PID:1612 -
\??\c:\jtfhx.exec:\jtfhx.exe66⤵PID:1780
-
\??\c:\fnpphr.exec:\fnpphr.exe67⤵PID:2252
-
\??\c:\xxpttdp.exec:\xxpttdp.exe68⤵PID:888
-
\??\c:\vxpttd.exec:\vxpttd.exe69⤵PID:1520
-
\??\c:\vxfflx.exec:\vxfflx.exe70⤵PID:552
-
\??\c:\dnttd.exec:\dnttd.exe71⤵PID:2296
-
\??\c:\lhnvl.exec:\lhnvl.exe72⤵PID:2348
-
\??\c:\hjlfj.exec:\hjlfj.exe73⤵PID:860
-
\??\c:\jxxpxx.exec:\jxxpxx.exe74⤵PID:2280
-
\??\c:\vrhvlvr.exec:\vrhvlvr.exe75⤵PID:1588
-
\??\c:\bpxtlxj.exec:\bpxtlxj.exe76⤵PID:2200
-
\??\c:\tvvrr.exec:\tvvrr.exe77⤵PID:3024
-
\??\c:\xtprpn.exec:\xtprpn.exe78⤵PID:2552
-
\??\c:\vthlf.exec:\vthlf.exe79⤵PID:1944
-
\??\c:\thnfrr.exec:\thnfrr.exe80⤵PID:1692
-
\??\c:\ptphvrn.exec:\ptphvrn.exe81⤵PID:2612
-
\??\c:\vpttdx.exec:\vpttdx.exe82⤵PID:2604
-
\??\c:\xhhprvb.exec:\xhhprvb.exe83⤵PID:2160
-
\??\c:\hrdvl.exec:\hrdvl.exe84⤵PID:2456
-
\??\c:\prxnlv.exec:\prxnlv.exe85⤵PID:2576
-
\??\c:\lnnhfd.exec:\lnnhfd.exe86⤵PID:2568
-
\??\c:\rvtnt.exec:\rvtnt.exe87⤵PID:2364
-
\??\c:\phhnt.exec:\phhnt.exe88⤵PID:2784
-
\??\c:\xxvxh.exec:\xxvxh.exe89⤵PID:2616
-
\??\c:\dhrthj.exec:\dhrthj.exe90⤵PID:1124
-
\??\c:\bprtdbl.exec:\bprtdbl.exe91⤵PID:1760
-
\??\c:\fdhfvp.exec:\fdhfvp.exe92⤵PID:1700
-
\??\c:\rjxljn.exec:\rjxljn.exe93⤵PID:2448
-
\??\c:\nxdlv.exec:\nxdlv.exe94⤵PID:2692
-
\??\c:\xtltxpx.exec:\xtltxpx.exe95⤵PID:1672
-
\??\c:\hvnht.exec:\hvnht.exe96⤵PID:1652
-
\??\c:\rdfjtr.exec:\rdfjtr.exe97⤵PID:1452
-
\??\c:\drbhl.exec:\drbhl.exe98⤵PID:2152
-
\??\c:\djhrlh.exec:\djhrlh.exe99⤵PID:1816
-
\??\c:\rfjnttv.exec:\rfjnttv.exe100⤵PID:820
-
\??\c:\pjpxxf.exec:\pjpxxf.exe101⤵PID:2016
-
\??\c:\xpppft.exec:\xpppft.exe102⤵PID:1168
-
\??\c:\rxptrbh.exec:\rxptrbh.exe103⤵PID:2408
-
\??\c:\tvdnpt.exec:\tvdnpt.exe104⤵PID:936
-
\??\c:\pnjfp.exec:\pnjfp.exe105⤵PID:1344
-
\??\c:\flhxnhh.exec:\flhxnhh.exe106⤵PID:2276
-
\??\c:\vlljrf.exec:\vlljrf.exe107⤵PID:2728
-
\??\c:\xvpthbv.exec:\xvpthbv.exe108⤵PID:772
-
\??\c:\xjpbn.exec:\xjpbn.exe109⤵PID:2848
-
\??\c:\vxhxlx.exec:\vxhxlx.exe110⤵PID:2984
-
\??\c:\vnfbn.exec:\vnfbn.exe111⤵PID:3008
-
\??\c:\dpllhdp.exec:\dpllhdp.exe112⤵PID:3016
-
\??\c:\xrjvtnr.exec:\xrjvtnr.exe113⤵PID:2268
-
\??\c:\ntvlv.exec:\ntvlv.exe114⤵PID:1000
-
\??\c:\nxjdhxp.exec:\nxjdhxp.exe115⤵PID:1872
-
\??\c:\rvlrlvj.exec:\rvlrlvj.exe116⤵PID:964
-
\??\c:\lhjjj.exec:\lhjjj.exe117⤵PID:744
-
\??\c:\jdfjt.exec:\jdfjt.exe118⤵PID:748
-
\??\c:\jlvxf.exec:\jlvxf.exe119⤵PID:1536
-
\??\c:\ntdfjn.exec:\ntdfjn.exe120⤵PID:1484
-
\??\c:\frxdp.exec:\frxdp.exe121⤵PID:2124
-
\??\c:\lddnlrt.exec:\lddnlrt.exe122⤵PID:2316
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-