Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 01:25
Behavioral task
behavioral1
Sample
6a58833123f7831e8ed5c7cccecaca40_NeikiAnalytics.exe
Resource
win7-20240419-en
5 signatures
150 seconds
General
-
Target
6a58833123f7831e8ed5c7cccecaca40_NeikiAnalytics.exe
-
Size
363KB
-
MD5
6a58833123f7831e8ed5c7cccecaca40
-
SHA1
414dc1c5eedabd5bf1a48df79ca4fffc1f93f8d3
-
SHA256
6a074ff0d9ef136ecf4db7cffb2a49d77f633d376f2e470bdaae6986b334c306
-
SHA512
fe949deb08d8383d73660e0f753367eccae889cdcf51d8476290355e7ef5d132f75b688afd5de16280c74b3dd411833e610bde42e9d122649e49c98b107843e2
-
SSDEEP
6144:9cm4FmowdHoSdSyEAxyx/ZrTTr4qIMgE8T:/4wFHoSQuxy3rTXIM18T
Malware Config
Signatures
-
Detect Blackmoon payload 41 IoCs
resource yara_rule behavioral1/memory/1704-1-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1740-16-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2416-19-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2052-37-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2840-46-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2308-56-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2748-61-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/2748-67-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2668-76-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2516-79-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/3032-94-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/352-102-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2708-113-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1236-131-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1636-149-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1632-147-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/852-174-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2872-177-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/984-193-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1488-203-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1080-206-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2036-271-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2292-289-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2804-335-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2544-374-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/3032-393-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1456-464-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2012-484-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1872-536-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1620-588-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2788-614-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1820-774-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2692-1031-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1180-1045-0x00000000002A0000-0x00000000002C7000-memory.dmp family_blackmoon behavioral1/memory/2864-1157-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/1608-1268-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/3004-1283-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/3004-1282-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/3004-1326-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/2312-1358-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/2924-1407-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 1740 dvjpd.exe 2416 3rlrxff.exe 2052 vpjvj.exe 2840 bthbbb.exe 2308 pjvpv.exe 2748 9bnnbh.exe 2668 vvvvj.exe 2516 xfxlxfx.exe 3032 3thhtb.exe 352 fxlxrxf.exe 2708 hbnttb.exe 2868 1rrrfll.exe 1536 3nhthn.exe 1236 3vddd.exe 1632 9rllrrx.exe 1636 dvjjp.exe 2560 9pjvp.exe 852 btnthn.exe 2872 3dvdp.exe 984 fxllxxf.exe 1488 tnbhth.exe 1080 hbntbh.exe 2468 jdpvj.exe 2360 1xllrrf.exe 1548 ttntbb.exe 1872 5dpdj.exe 1292 lxllrlr.exe 1148 jjvjp.exe 2036 jdppv.exe 608 tnbhnn.exe 2292 dvppv.exe 308 hhtbnn.exe 1764 hbbhtb.exe 2584 1lllflr.exe 1744 btnthb.exe 2900 9pjdj.exe 2768 dpvpp.exe 2804 rlflxff.exe 2628 ttntnh.exe 2636 jdvvd.exe 2764 vdvpj.exe 3016 bntnnh.exe 2748 ppdjv.exe 2544 vvvdp.exe 2192 xrrxffl.exe 3012 tnbbnn.exe 3032 djdjd.exe 496 dvpdd.exe 2844 rlflflr.exe 1308 hhhntt.exe 1876 jjpjj.exe 1804 ffrfxrf.exe 288 bttnnb.exe 1640 vvpdv.exe 1528 rffflxx.exe 2432 3rrxflr.exe 2372 bhntbn.exe 1456 vvvdd.exe 1920 xxlrffr.exe 1028 nhhtht.exe 1484 5pjpj.exe 2012 jvpvp.exe 2336 1llrxfl.exe 1080 hnhbtt.exe -
resource yara_rule behavioral1/memory/1704-1-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x000c000000012279-7.dat upx behavioral1/memory/1740-8-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1740-16-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2416-19-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0037000000015b72-18.dat upx behavioral1/files/0x0008000000015ca9-25.dat upx behavioral1/memory/2052-27-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2052-31-0x0000000000220000-0x0000000000247000-memory.dmp upx behavioral1/files/0x0008000000015cc2-34.dat upx behavioral1/memory/2840-38-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2052-37-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2840-46-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0007000000015cd8-47.dat upx behavioral1/files/0x0007000000015ce1-53.dat upx behavioral1/memory/2748-57-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2308-56-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2748-67-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0007000000015ced-66.dat upx behavioral1/files/0x0008000000016591-77.dat upx behavioral1/memory/2668-76-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2516-79-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x00070000000167e8-84.dat upx behavioral1/memory/3032-94-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000016a3a-93.dat upx behavioral1/memory/352-102-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000016c3a-104.dat upx behavioral1/memory/2708-113-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000016c57-111.dat upx behavioral1/files/0x0006000000016c5b-121.dat upx behavioral1/files/0x0006000000016ca1-129.dat upx behavioral1/memory/1236-131-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000016ccd-138.dat upx behavioral1/files/0x0006000000016cf2-145.dat upx behavioral1/memory/1636-149-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1632-147-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000016d01-156.dat upx behavioral1/files/0x0006000000016d10-163.dat upx behavioral1/memory/852-165-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0037000000015bb5-175.dat upx behavioral1/memory/852-174-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2872-177-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000016d19-186.dat upx behavioral1/memory/984-185-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000016d21-194.dat upx behavioral1/memory/1488-195-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/984-193-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1488-203-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000016d2d-204.dat upx behavioral1/memory/1080-206-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000016d36-213.dat upx behavioral1/files/0x0006000000016d3e-220.dat upx behavioral1/files/0x0006000000016d46-229.dat upx behavioral1/files/0x0006000000016d4f-237.dat upx behavioral1/memory/1872-238-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000016d57-246.dat upx behavioral1/files/0x0006000000016d5f-254.dat upx behavioral1/memory/1148-255-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000016d73-263.dat upx behavioral1/files/0x0006000000016d79-272.dat upx behavioral1/memory/2036-271-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000016d7d-280.dat upx behavioral1/files/0x0006000000016fa9-288.dat upx behavioral1/memory/2292-289-0x0000000000400000-0x0000000000427000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1704 wrote to memory of 1740 1704 6a58833123f7831e8ed5c7cccecaca40_NeikiAnalytics.exe 28 PID 1704 wrote to memory of 1740 1704 6a58833123f7831e8ed5c7cccecaca40_NeikiAnalytics.exe 28 PID 1704 wrote to memory of 1740 1704 6a58833123f7831e8ed5c7cccecaca40_NeikiAnalytics.exe 28 PID 1704 wrote to memory of 1740 1704 6a58833123f7831e8ed5c7cccecaca40_NeikiAnalytics.exe 28 PID 1740 wrote to memory of 2416 1740 dvjpd.exe 29 PID 1740 wrote to memory of 2416 1740 dvjpd.exe 29 PID 1740 wrote to memory of 2416 1740 dvjpd.exe 29 PID 1740 wrote to memory of 2416 1740 dvjpd.exe 29 PID 2416 wrote to memory of 2052 2416 3rlrxff.exe 30 PID 2416 wrote to memory of 2052 2416 3rlrxff.exe 30 PID 2416 wrote to memory of 2052 2416 3rlrxff.exe 30 PID 2416 wrote to memory of 2052 2416 3rlrxff.exe 30 PID 2052 wrote to memory of 2840 2052 vpjvj.exe 31 PID 2052 wrote to memory of 2840 2052 vpjvj.exe 31 PID 2052 wrote to memory of 2840 2052 vpjvj.exe 31 PID 2052 wrote to memory of 2840 2052 vpjvj.exe 31 PID 2840 wrote to memory of 2308 2840 bthbbb.exe 32 PID 2840 wrote to memory of 2308 2840 bthbbb.exe 32 PID 2840 wrote to memory of 2308 2840 bthbbb.exe 32 PID 2840 wrote to memory of 2308 2840 bthbbb.exe 32 PID 2308 wrote to memory of 2748 2308 pjvpv.exe 33 PID 2308 wrote to memory of 2748 2308 pjvpv.exe 33 PID 2308 wrote to memory of 2748 2308 pjvpv.exe 33 PID 2308 wrote to memory of 2748 2308 pjvpv.exe 33 PID 2748 wrote to memory of 2668 2748 9bnnbh.exe 34 PID 2748 wrote to memory of 2668 2748 9bnnbh.exe 34 PID 2748 wrote to memory of 2668 2748 9bnnbh.exe 34 PID 2748 wrote to memory of 2668 2748 9bnnbh.exe 34 PID 2668 wrote to memory of 2516 2668 vvvvj.exe 35 PID 2668 wrote to memory of 2516 2668 vvvvj.exe 35 PID 2668 wrote to memory of 2516 2668 vvvvj.exe 35 PID 2668 wrote to memory of 2516 2668 vvvvj.exe 35 PID 2516 wrote to memory of 3032 2516 xfxlxfx.exe 36 PID 2516 wrote to memory of 3032 2516 xfxlxfx.exe 36 PID 2516 wrote to memory of 3032 2516 xfxlxfx.exe 36 PID 2516 wrote to memory of 3032 2516 xfxlxfx.exe 36 PID 3032 wrote to memory of 352 3032 3thhtb.exe 37 PID 3032 wrote to memory of 352 3032 3thhtb.exe 37 PID 3032 wrote to memory of 352 3032 3thhtb.exe 37 PID 3032 wrote to memory of 352 3032 3thhtb.exe 37 PID 352 wrote to memory of 2708 352 fxlxrxf.exe 38 PID 352 wrote to memory of 2708 352 fxlxrxf.exe 38 PID 352 wrote to memory of 2708 352 fxlxrxf.exe 38 PID 352 wrote to memory of 2708 352 fxlxrxf.exe 38 PID 2708 wrote to memory of 2868 2708 hbnttb.exe 39 PID 2708 wrote to memory of 2868 2708 hbnttb.exe 39 PID 2708 wrote to memory of 2868 2708 hbnttb.exe 39 PID 2708 wrote to memory of 2868 2708 hbnttb.exe 39 PID 2868 wrote to memory of 1536 2868 1rrrfll.exe 40 PID 2868 wrote to memory of 1536 2868 1rrrfll.exe 40 PID 2868 wrote to memory of 1536 2868 1rrrfll.exe 40 PID 2868 wrote to memory of 1536 2868 1rrrfll.exe 40 PID 1536 wrote to memory of 1236 1536 3nhthn.exe 41 PID 1536 wrote to memory of 1236 1536 3nhthn.exe 41 PID 1536 wrote to memory of 1236 1536 3nhthn.exe 41 PID 1536 wrote to memory of 1236 1536 3nhthn.exe 41 PID 1236 wrote to memory of 1632 1236 3vddd.exe 42 PID 1236 wrote to memory of 1632 1236 3vddd.exe 42 PID 1236 wrote to memory of 1632 1236 3vddd.exe 42 PID 1236 wrote to memory of 1632 1236 3vddd.exe 42 PID 1632 wrote to memory of 1636 1632 9rllrrx.exe 43 PID 1632 wrote to memory of 1636 1632 9rllrrx.exe 43 PID 1632 wrote to memory of 1636 1632 9rllrrx.exe 43 PID 1632 wrote to memory of 1636 1632 9rllrrx.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\6a58833123f7831e8ed5c7cccecaca40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\6a58833123f7831e8ed5c7cccecaca40_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1704 -
\??\c:\dvjpd.exec:\dvjpd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1740 -
\??\c:\3rlrxff.exec:\3rlrxff.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2416 -
\??\c:\vpjvj.exec:\vpjvj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2052 -
\??\c:\bthbbb.exec:\bthbbb.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2840 -
\??\c:\pjvpv.exec:\pjvpv.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2308 -
\??\c:\9bnnbh.exec:\9bnnbh.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2748 -
\??\c:\vvvvj.exec:\vvvvj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2668 -
\??\c:\xfxlxfx.exec:\xfxlxfx.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2516 -
\??\c:\3thhtb.exec:\3thhtb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3032 -
\??\c:\fxlxrxf.exec:\fxlxrxf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:352 -
\??\c:\hbnttb.exec:\hbnttb.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2708 -
\??\c:\1rrrfll.exec:\1rrrfll.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2868 -
\??\c:\3nhthn.exec:\3nhthn.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1536 -
\??\c:\3vddd.exec:\3vddd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1236 -
\??\c:\9rllrrx.exec:\9rllrrx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1632 -
\??\c:\dvjjp.exec:\dvjjp.exe17⤵
- Executes dropped EXE
PID:1636 -
\??\c:\9pjvp.exec:\9pjvp.exe18⤵
- Executes dropped EXE
PID:2560 -
\??\c:\btnthn.exec:\btnthn.exe19⤵
- Executes dropped EXE
PID:852 -
\??\c:\3dvdp.exec:\3dvdp.exe20⤵
- Executes dropped EXE
PID:2872 -
\??\c:\fxllxxf.exec:\fxllxxf.exe21⤵
- Executes dropped EXE
PID:984 -
\??\c:\tnbhth.exec:\tnbhth.exe22⤵
- Executes dropped EXE
PID:1488 -
\??\c:\hbntbh.exec:\hbntbh.exe23⤵
- Executes dropped EXE
PID:1080 -
\??\c:\jdpvj.exec:\jdpvj.exe24⤵
- Executes dropped EXE
PID:2468 -
\??\c:\1xllrrf.exec:\1xllrrf.exe25⤵
- Executes dropped EXE
PID:2360 -
\??\c:\ttntbb.exec:\ttntbb.exe26⤵
- Executes dropped EXE
PID:1548 -
\??\c:\5dpdj.exec:\5dpdj.exe27⤵
- Executes dropped EXE
PID:1872 -
\??\c:\lxllrlr.exec:\lxllrlr.exe28⤵
- Executes dropped EXE
PID:1292 -
\??\c:\jjvjp.exec:\jjvjp.exe29⤵
- Executes dropped EXE
PID:1148 -
\??\c:\jdppv.exec:\jdppv.exe30⤵
- Executes dropped EXE
PID:2036 -
\??\c:\tnbhnn.exec:\tnbhnn.exe31⤵
- Executes dropped EXE
PID:608 -
\??\c:\dvppv.exec:\dvppv.exe32⤵
- Executes dropped EXE
PID:2292 -
\??\c:\hhtbnn.exec:\hhtbnn.exe33⤵
- Executes dropped EXE
PID:308 -
\??\c:\hbbhtb.exec:\hbbhtb.exe34⤵
- Executes dropped EXE
PID:1764 -
\??\c:\1lllflr.exec:\1lllflr.exe35⤵
- Executes dropped EXE
PID:2584 -
\??\c:\btnthb.exec:\btnthb.exe36⤵
- Executes dropped EXE
PID:1744 -
\??\c:\9pjdj.exec:\9pjdj.exe37⤵
- Executes dropped EXE
PID:2900 -
\??\c:\dpvpp.exec:\dpvpp.exe38⤵
- Executes dropped EXE
PID:2768 -
\??\c:\rlflxff.exec:\rlflxff.exe39⤵
- Executes dropped EXE
PID:2804 -
\??\c:\ttntnh.exec:\ttntnh.exe40⤵
- Executes dropped EXE
PID:2628 -
\??\c:\jdvvd.exec:\jdvvd.exe41⤵
- Executes dropped EXE
PID:2636 -
\??\c:\vdvpj.exec:\vdvpj.exe42⤵
- Executes dropped EXE
PID:2764 -
\??\c:\bntnnh.exec:\bntnnh.exe43⤵
- Executes dropped EXE
PID:3016 -
\??\c:\ppdjv.exec:\ppdjv.exe44⤵
- Executes dropped EXE
PID:2748 -
\??\c:\vvvdp.exec:\vvvdp.exe45⤵
- Executes dropped EXE
PID:2544 -
\??\c:\xrrxffl.exec:\xrrxffl.exe46⤵
- Executes dropped EXE
PID:2192 -
\??\c:\tnbbnn.exec:\tnbbnn.exe47⤵
- Executes dropped EXE
PID:3012 -
\??\c:\djdjd.exec:\djdjd.exe48⤵
- Executes dropped EXE
PID:3032 -
\??\c:\dvpdd.exec:\dvpdd.exe49⤵
- Executes dropped EXE
PID:496 -
\??\c:\rlflflr.exec:\rlflflr.exe50⤵
- Executes dropped EXE
PID:2844 -
\??\c:\hhhntt.exec:\hhhntt.exe51⤵
- Executes dropped EXE
PID:1308 -
\??\c:\jjpjj.exec:\jjpjj.exe52⤵
- Executes dropped EXE
PID:1876 -
\??\c:\ffrfxrf.exec:\ffrfxrf.exe53⤵
- Executes dropped EXE
PID:1804 -
\??\c:\bttnnb.exec:\bttnnb.exe54⤵
- Executes dropped EXE
PID:288 -
\??\c:\vvpdv.exec:\vvpdv.exe55⤵
- Executes dropped EXE
PID:1640 -
\??\c:\rffflxx.exec:\rffflxx.exe56⤵
- Executes dropped EXE
PID:1528 -
\??\c:\3rrxflr.exec:\3rrxflr.exe57⤵
- Executes dropped EXE
PID:2432 -
\??\c:\bhntbn.exec:\bhntbn.exe58⤵
- Executes dropped EXE
PID:2372 -
\??\c:\vvvdd.exec:\vvvdd.exe59⤵
- Executes dropped EXE
PID:1456 -
\??\c:\xxlrffr.exec:\xxlrffr.exe60⤵
- Executes dropped EXE
PID:1920 -
\??\c:\nhhtht.exec:\nhhtht.exe61⤵
- Executes dropped EXE
PID:1028 -
\??\c:\5pjpj.exec:\5pjpj.exe62⤵
- Executes dropped EXE
PID:1484 -
\??\c:\jvpvp.exec:\jvpvp.exe63⤵
- Executes dropped EXE
PID:2012 -
\??\c:\1llrxfl.exec:\1llrxfl.exe64⤵
- Executes dropped EXE
PID:2336 -
\??\c:\hnhbtt.exec:\hnhbtt.exe65⤵
- Executes dropped EXE
PID:1080 -
\??\c:\3pdjj.exec:\3pdjj.exe66⤵PID:2312
-
\??\c:\dpdjp.exec:\dpdjp.exe67⤵PID:272
-
\??\c:\lfxlflf.exec:\lfxlflf.exe68⤵PID:956
-
\??\c:\tthntt.exec:\tthntt.exe69⤵PID:2956
-
\??\c:\vdpdd.exec:\vdpdd.exe70⤵PID:1872
-
\??\c:\rrrrfxl.exec:\rrrrfxl.exe71⤵PID:1660
-
\??\c:\rffrllx.exec:\rffrllx.exe72⤵PID:1600
-
\??\c:\nbtthh.exec:\nbtthh.exe73⤵PID:1552
-
\??\c:\vvppd.exec:\vvppd.exe74⤵PID:2948
-
\??\c:\1flfrrl.exec:\1flfrrl.exe75⤵PID:608
-
\??\c:\7rffrrx.exec:\7rffrrx.exe76⤵PID:2204
-
\??\c:\tnhnbh.exec:\tnhnbh.exe77⤵PID:760
-
\??\c:\jjdvp.exec:\jjdvp.exe78⤵PID:2240
-
\??\c:\lllrflf.exec:\lllrflf.exe79⤵PID:1620
-
\??\c:\hbtbth.exec:\hbtbth.exe80⤵PID:2596
-
\??\c:\vpppj.exec:\vpppj.exe81⤵PID:2632
-
\??\c:\7pjvd.exec:\7pjvd.exe82⤵PID:2788
-
\??\c:\7xlrxxf.exec:\7xlrxxf.exe83⤵PID:2052
-
\??\c:\1bhtbn.exec:\1bhtbn.exe84⤵PID:2272
-
\??\c:\btbhtb.exec:\btbhtb.exe85⤵PID:2284
-
\??\c:\djjpj.exec:\djjpj.exe86⤵PID:2752
-
\??\c:\3rllrrf.exec:\3rllrrf.exe87⤵PID:2528
-
\??\c:\hbntbh.exec:\hbntbh.exe88⤵PID:2512
-
\??\c:\5nbbnn.exec:\5nbbnn.exe89⤵PID:2520
-
\??\c:\ddvdp.exec:\ddvdp.exe90⤵PID:2300
-
\??\c:\9fxlflx.exec:\9fxlflx.exe91⤵PID:2996
-
\??\c:\llfxlrx.exec:\llfxlrx.exe92⤵PID:2716
-
\??\c:\7nbbtt.exec:\7nbbtt.exe93⤵PID:2824
-
\??\c:\pvppv.exec:\pvppv.exe94⤵PID:2884
-
\??\c:\xxxlrxr.exec:\xxxlrxr.exe95⤵PID:2180
-
\??\c:\flrfxff.exec:\flrfxff.exe96⤵PID:1608
-
\??\c:\hnbbbb.exec:\hnbbbb.exe97⤵PID:1800
-
\??\c:\9jppp.exec:\9jppp.exe98⤵PID:2196
-
\??\c:\lffrrfx.exec:\lffrrfx.exe99⤵PID:1632
-
\??\c:\lrxxrfr.exec:\lrxxrfr.exe100⤵PID:376
-
\??\c:\bhbnnt.exec:\bhbnnt.exe101⤵PID:2428
-
\??\c:\ddjpj.exec:\ddjpj.exe102⤵PID:1360
-
\??\c:\3frxlrx.exec:\3frxlrx.exe103⤵PID:1268
-
\??\c:\xrlxlrx.exec:\xrlxlrx.exe104⤵PID:2064
-
\??\c:\ttnbnn.exec:\ttnbnn.exe105⤵PID:592
-
\??\c:\jdvdd.exec:\jdvdd.exe106⤵PID:1860
-
\??\c:\dvjpd.exec:\dvjpd.exe107⤵PID:1820
-
\??\c:\llflffr.exec:\llflffr.exe108⤵PID:1132
-
\??\c:\ttnnbb.exec:\ttnnbb.exe109⤵PID:1160
-
\??\c:\9dpjp.exec:\9dpjp.exe110⤵PID:1324
-
\??\c:\lfrfxfr.exec:\lfrfxfr.exe111⤵PID:2360
-
\??\c:\5fxfffl.exec:\5fxfffl.exe112⤵PID:1096
-
\??\c:\3hnbhb.exec:\3hnbhb.exe113⤵PID:2252
-
\??\c:\ddvdj.exec:\ddvdj.exe114⤵PID:2480
-
\??\c:\xllrrff.exec:\xllrrff.exe115⤵PID:1872
-
\??\c:\rlxrrrx.exec:\rlxrrrx.exe116⤵PID:2448
-
\??\c:\btnbnt.exec:\btnbnt.exe117⤵PID:2068
-
\??\c:\vpdpj.exec:\vpdpj.exe118⤵PID:3040
-
\??\c:\rlxxffr.exec:\rlxxffr.exe119⤵PID:2948
-
\??\c:\nntbbh.exec:\nntbbh.exe120⤵PID:1184
-
\??\c:\dvvpd.exec:\dvvpd.exe121⤵PID:1124
-
\??\c:\flrlxlx.exec:\flrlxlx.exe122⤵PID:1736
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-