Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 01:26
Behavioral task
behavioral1
Sample
6a84c52b5f767f1482ebe77d5fff82a0_NeikiAnalytics.exe
Resource
win7-20231129-en
5 signatures
150 seconds
General
-
Target
6a84c52b5f767f1482ebe77d5fff82a0_NeikiAnalytics.exe
-
Size
254KB
-
MD5
6a84c52b5f767f1482ebe77d5fff82a0
-
SHA1
c4403663e1b54092f258ae56ccee367587a8ad93
-
SHA256
6e5e192925feaed8246ba716e9bc72d2092c1311911dd24bce2b92cb618618d2
-
SHA512
52a554c2912b3a3a8ef4380cb9cece71811dee17085f037d011708c6f56a2d6307cfe516bbb924a7cc66c9afd242c2c1619d4b92b91885a3122093c5ca429273
-
SSDEEP
6144:kcm4FmowdHoSphraHcpOaKHpolTjZXvEQo9dfrS:y4wFHoS3eFaKHpKT9XvEhdfrS
Malware Config
Signatures
-
Detect Blackmoon payload 42 IoCs
resource yara_rule behavioral1/memory/2864-9-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2288-17-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2932-21-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2548-36-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2664-47-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2616-63-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2744-71-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1436-82-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2528-90-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2892-100-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2212-108-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1748-119-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/308-127-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1072-137-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1628-155-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1624-171-0x00000000002A0000-0x00000000002C7000-memory.dmp family_blackmoon behavioral1/memory/1624-170-0x00000000002A0000-0x00000000002C7000-memory.dmp family_blackmoon behavioral1/memory/2116-189-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/540-206-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/560-208-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/580-224-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1588-241-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1108-251-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2356-275-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2808-298-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1704-305-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2952-324-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2932-332-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2804-333-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2460-346-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2504-387-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1804-486-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1764-579-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/2472-659-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/892-672-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/1724-723-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/1672-805-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1704-882-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/320-963-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2612-1190-0x00000000001B0000-0x00000000001D7000-memory.dmp family_blackmoon behavioral1/memory/1084-1248-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/112-1383-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 2288 3dppp.exe 2932 lrlllfl.exe 2548 nbntbb.exe 2664 vvpvd.exe 2816 btbtbn.exe 2616 ppjdv.exe 2744 lllfxff.exe 1436 rlfxlrl.exe 2528 ntntnb.exe 2892 pppdv.exe 2212 rlflrfr.exe 1748 tthtbh.exe 308 pjjpj.exe 1072 lllflfx.exe 1096 tntbnh.exe 900 pjvdj.exe 1628 fxrrxlx.exe 1624 nhtbth.exe 2780 vvppv.exe 2116 pvddj.exe 2420 fffrlxl.exe 540 nhnnbh.exe 560 vjpvj.exe 580 lxffrlr.exe 328 tttbnb.exe 1588 vjpvd.exe 1108 frflrrf.exe 1848 1nhhnn.exe 2144 5jpdd.exe 2356 fxffffx.exe 656 bbtbbh.exe 2408 3dvdd.exe 1172 llfllff.exe 2808 hnhntb.exe 1704 1dppj.exe 2260 xxrxflf.exe 2952 tnhtht.exe 2932 ntnttb.exe 2804 pjddp.exe 2460 rflflff.exe 2284 fflrxfr.exe 2788 3htbhh.exe 2736 pvjpj.exe 2448 9ppdv.exe 2628 xxlfrxl.exe 2504 fxfrfrr.exe 3052 btbnnt.exe 3012 ddpdv.exe 2212 3vddp.exe 2352 xfrxlrl.exe 764 hbbhtb.exe 308 tnhtnn.exe 2164 vvvvv.exe 944 ddpdp.exe 1200 fffrrxl.exe 1636 9flfflx.exe 1580 hhhhbh.exe 2784 1nhtbn.exe 2988 vjjjp.exe 2124 pppvj.exe 2108 frlxlrl.exe 1804 hhbnbb.exe 780 ttntbb.exe 1600 vvpvv.exe -
resource yara_rule behavioral1/memory/2864-0-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2864-3-0x00000000001B0000-0x00000000001D7000-memory.dmp upx behavioral1/files/0x000d00000001342b-6.dat upx behavioral1/memory/2864-9-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2288-17-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2932-21-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x000a000000013a21-19.dat upx behavioral1/files/0x00080000000141c0-29.dat upx behavioral1/memory/2548-28-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x00070000000141e6-37.dat upx behavioral1/memory/2548-36-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2664-38-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2664-47-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x00070000000142b0-45.dat upx behavioral1/files/0x000a0000000142c4-54.dat upx behavioral1/files/0x0008000000014390-62.dat upx behavioral1/memory/2616-63-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x000a0000000143ec-72.dat upx behavioral1/memory/2744-71-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1436-73-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1436-82-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x000700000001447e-79.dat upx behavioral1/memory/2528-90-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x000700000001448a-91.dat upx behavioral1/files/0x00070000000144ac-97.dat upx behavioral1/memory/2892-100-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2212-108-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000014539-109.dat upx behavioral1/memory/1748-119-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000014667-118.dat upx behavioral1/memory/308-127-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x00060000000146a2-128.dat upx behavioral1/files/0x00060000000146b8-135.dat upx behavioral1/memory/1072-137-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x00060000000146c0-145.dat upx behavioral1/files/0x00060000000147ea-152.dat upx behavioral1/memory/1628-155-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000014825-162.dat upx behavioral1/files/0x00060000000149f5-172.dat upx behavioral1/memory/1624-170-0x00000000002A0000-0x00000000002C7000-memory.dmp upx behavioral1/files/0x0006000000014abe-180.dat upx behavioral1/files/0x0006000000014af6-186.dat upx behavioral1/memory/2116-189-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000014b31-197.dat upx behavioral1/files/0x0006000000014b70-203.dat upx behavioral1/memory/540-206-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/560-208-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000014de9-215.dat upx behavioral1/memory/580-224-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0009000000014120-223.dat upx behavioral1/memory/328-225-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000014ef8-233.dat upx behavioral1/files/0x0006000000015018-242.dat upx behavioral1/memory/1588-241-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1108-251-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x00060000000155ed-250.dat upx behavioral1/files/0x00060000000155f3-259.dat upx behavioral1/files/0x00060000000155f7-267.dat upx behavioral1/memory/2356-275-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000015605-276.dat upx behavioral1/files/0x0006000000015616-284.dat upx behavioral1/memory/2808-298-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1704-305-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2952-324-0x0000000000400000-0x0000000000427000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2864 wrote to memory of 2288 2864 6a84c52b5f767f1482ebe77d5fff82a0_NeikiAnalytics.exe 28 PID 2864 wrote to memory of 2288 2864 6a84c52b5f767f1482ebe77d5fff82a0_NeikiAnalytics.exe 28 PID 2864 wrote to memory of 2288 2864 6a84c52b5f767f1482ebe77d5fff82a0_NeikiAnalytics.exe 28 PID 2864 wrote to memory of 2288 2864 6a84c52b5f767f1482ebe77d5fff82a0_NeikiAnalytics.exe 28 PID 2288 wrote to memory of 2932 2288 3dppp.exe 29 PID 2288 wrote to memory of 2932 2288 3dppp.exe 29 PID 2288 wrote to memory of 2932 2288 3dppp.exe 29 PID 2288 wrote to memory of 2932 2288 3dppp.exe 29 PID 2932 wrote to memory of 2548 2932 lrlllfl.exe 30 PID 2932 wrote to memory of 2548 2932 lrlllfl.exe 30 PID 2932 wrote to memory of 2548 2932 lrlllfl.exe 30 PID 2932 wrote to memory of 2548 2932 lrlllfl.exe 30 PID 2548 wrote to memory of 2664 2548 nbntbb.exe 31 PID 2548 wrote to memory of 2664 2548 nbntbb.exe 31 PID 2548 wrote to memory of 2664 2548 nbntbb.exe 31 PID 2548 wrote to memory of 2664 2548 nbntbb.exe 31 PID 2664 wrote to memory of 2816 2664 vvpvd.exe 32 PID 2664 wrote to memory of 2816 2664 vvpvd.exe 32 PID 2664 wrote to memory of 2816 2664 vvpvd.exe 32 PID 2664 wrote to memory of 2816 2664 vvpvd.exe 32 PID 2816 wrote to memory of 2616 2816 btbtbn.exe 33 PID 2816 wrote to memory of 2616 2816 btbtbn.exe 33 PID 2816 wrote to memory of 2616 2816 btbtbn.exe 33 PID 2816 wrote to memory of 2616 2816 btbtbn.exe 33 PID 2616 wrote to memory of 2744 2616 ppjdv.exe 34 PID 2616 wrote to memory of 2744 2616 ppjdv.exe 34 PID 2616 wrote to memory of 2744 2616 ppjdv.exe 34 PID 2616 wrote to memory of 2744 2616 ppjdv.exe 34 PID 2744 wrote to memory of 1436 2744 lllfxff.exe 35 PID 2744 wrote to memory of 1436 2744 lllfxff.exe 35 PID 2744 wrote to memory of 1436 2744 lllfxff.exe 35 PID 2744 wrote to memory of 1436 2744 lllfxff.exe 35 PID 1436 wrote to memory of 2528 1436 rlfxlrl.exe 36 PID 1436 wrote to memory of 2528 1436 rlfxlrl.exe 36 PID 1436 wrote to memory of 2528 1436 rlfxlrl.exe 36 PID 1436 wrote to memory of 2528 1436 rlfxlrl.exe 36 PID 2528 wrote to memory of 2892 2528 ntntnb.exe 37 PID 2528 wrote to memory of 2892 2528 ntntnb.exe 37 PID 2528 wrote to memory of 2892 2528 ntntnb.exe 37 PID 2528 wrote to memory of 2892 2528 ntntnb.exe 37 PID 2892 wrote to memory of 2212 2892 pppdv.exe 38 PID 2892 wrote to memory of 2212 2892 pppdv.exe 38 PID 2892 wrote to memory of 2212 2892 pppdv.exe 38 PID 2892 wrote to memory of 2212 2892 pppdv.exe 38 PID 2212 wrote to memory of 1748 2212 rlflrfr.exe 39 PID 2212 wrote to memory of 1748 2212 rlflrfr.exe 39 PID 2212 wrote to memory of 1748 2212 rlflrfr.exe 39 PID 2212 wrote to memory of 1748 2212 rlflrfr.exe 39 PID 1748 wrote to memory of 308 1748 tthtbh.exe 40 PID 1748 wrote to memory of 308 1748 tthtbh.exe 40 PID 1748 wrote to memory of 308 1748 tthtbh.exe 40 PID 1748 wrote to memory of 308 1748 tthtbh.exe 40 PID 308 wrote to memory of 1072 308 pjjpj.exe 41 PID 308 wrote to memory of 1072 308 pjjpj.exe 41 PID 308 wrote to memory of 1072 308 pjjpj.exe 41 PID 308 wrote to memory of 1072 308 pjjpj.exe 41 PID 1072 wrote to memory of 1096 1072 lllflfx.exe 42 PID 1072 wrote to memory of 1096 1072 lllflfx.exe 42 PID 1072 wrote to memory of 1096 1072 lllflfx.exe 42 PID 1072 wrote to memory of 1096 1072 lllflfx.exe 42 PID 1096 wrote to memory of 900 1096 tntbnh.exe 43 PID 1096 wrote to memory of 900 1096 tntbnh.exe 43 PID 1096 wrote to memory of 900 1096 tntbnh.exe 43 PID 1096 wrote to memory of 900 1096 tntbnh.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\6a84c52b5f767f1482ebe77d5fff82a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\6a84c52b5f767f1482ebe77d5fff82a0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2864 -
\??\c:\3dppp.exec:\3dppp.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2288 -
\??\c:\lrlllfl.exec:\lrlllfl.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2932 -
\??\c:\nbntbb.exec:\nbntbb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2548 -
\??\c:\vvpvd.exec:\vvpvd.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2664 -
\??\c:\btbtbn.exec:\btbtbn.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2816 -
\??\c:\ppjdv.exec:\ppjdv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2616 -
\??\c:\lllfxff.exec:\lllfxff.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2744 -
\??\c:\rlfxlrl.exec:\rlfxlrl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1436 -
\??\c:\ntntnb.exec:\ntntnb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2528 -
\??\c:\pppdv.exec:\pppdv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2892 -
\??\c:\rlflrfr.exec:\rlflrfr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2212 -
\??\c:\tthtbh.exec:\tthtbh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1748 -
\??\c:\pjjpj.exec:\pjjpj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:308 -
\??\c:\lllflfx.exec:\lllflfx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1072 -
\??\c:\tntbnh.exec:\tntbnh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1096 -
\??\c:\pjvdj.exec:\pjvdj.exe17⤵
- Executes dropped EXE
PID:900 -
\??\c:\fxrrxlx.exec:\fxrrxlx.exe18⤵
- Executes dropped EXE
PID:1628 -
\??\c:\nhtbth.exec:\nhtbth.exe19⤵
- Executes dropped EXE
PID:1624 -
\??\c:\vvppv.exec:\vvppv.exe20⤵
- Executes dropped EXE
PID:2780 -
\??\c:\pvddj.exec:\pvddj.exe21⤵
- Executes dropped EXE
PID:2116 -
\??\c:\fffrlxl.exec:\fffrlxl.exe22⤵
- Executes dropped EXE
PID:2420 -
\??\c:\nhnnbh.exec:\nhnnbh.exe23⤵
- Executes dropped EXE
PID:540 -
\??\c:\vjpvj.exec:\vjpvj.exe24⤵
- Executes dropped EXE
PID:560 -
\??\c:\lxffrlr.exec:\lxffrlr.exe25⤵
- Executes dropped EXE
PID:580 -
\??\c:\tttbnb.exec:\tttbnb.exe26⤵
- Executes dropped EXE
PID:328 -
\??\c:\vjpvd.exec:\vjpvd.exe27⤵
- Executes dropped EXE
PID:1588 -
\??\c:\frflrrf.exec:\frflrrf.exe28⤵
- Executes dropped EXE
PID:1108 -
\??\c:\1nhhnn.exec:\1nhhnn.exe29⤵
- Executes dropped EXE
PID:1848 -
\??\c:\5jpdd.exec:\5jpdd.exe30⤵
- Executes dropped EXE
PID:2144 -
\??\c:\fxffffx.exec:\fxffffx.exe31⤵
- Executes dropped EXE
PID:2356 -
\??\c:\bbtbbh.exec:\bbtbbh.exe32⤵
- Executes dropped EXE
PID:656 -
\??\c:\3dvdd.exec:\3dvdd.exe33⤵
- Executes dropped EXE
PID:2408 -
\??\c:\llfllff.exec:\llfllff.exe34⤵
- Executes dropped EXE
PID:1172 -
\??\c:\hnhntb.exec:\hnhntb.exe35⤵
- Executes dropped EXE
PID:2808 -
\??\c:\1dppj.exec:\1dppj.exe36⤵
- Executes dropped EXE
PID:1704 -
\??\c:\xxrxflf.exec:\xxrxflf.exe37⤵
- Executes dropped EXE
PID:2260 -
\??\c:\tnhtht.exec:\tnhtht.exe38⤵
- Executes dropped EXE
PID:2952 -
\??\c:\ntnttb.exec:\ntnttb.exe39⤵
- Executes dropped EXE
PID:2932 -
\??\c:\pjddp.exec:\pjddp.exe40⤵
- Executes dropped EXE
PID:2804 -
\??\c:\rflflff.exec:\rflflff.exe41⤵
- Executes dropped EXE
PID:2460 -
\??\c:\fflrxfr.exec:\fflrxfr.exe42⤵
- Executes dropped EXE
PID:2284 -
\??\c:\3htbhh.exec:\3htbhh.exe43⤵
- Executes dropped EXE
PID:2788 -
\??\c:\pvjpj.exec:\pvjpj.exe44⤵
- Executes dropped EXE
PID:2736 -
\??\c:\9ppdv.exec:\9ppdv.exe45⤵
- Executes dropped EXE
PID:2448 -
\??\c:\xxlfrxl.exec:\xxlfrxl.exe46⤵
- Executes dropped EXE
PID:2628 -
\??\c:\fxfrfrr.exec:\fxfrfrr.exe47⤵
- Executes dropped EXE
PID:2504 -
\??\c:\btbnnt.exec:\btbnnt.exe48⤵
- Executes dropped EXE
PID:3052 -
\??\c:\ddpdv.exec:\ddpdv.exe49⤵
- Executes dropped EXE
PID:3012 -
\??\c:\3vddp.exec:\3vddp.exe50⤵
- Executes dropped EXE
PID:2212 -
\??\c:\xfrxlrl.exec:\xfrxlrl.exe51⤵
- Executes dropped EXE
PID:2352 -
\??\c:\hbbhtb.exec:\hbbhtb.exe52⤵
- Executes dropped EXE
PID:764 -
\??\c:\tnhtnn.exec:\tnhtnn.exe53⤵
- Executes dropped EXE
PID:308 -
\??\c:\vvvvv.exec:\vvvvv.exe54⤵
- Executes dropped EXE
PID:2164 -
\??\c:\ddpdp.exec:\ddpdp.exe55⤵
- Executes dropped EXE
PID:944 -
\??\c:\fffrrxl.exec:\fffrrxl.exe56⤵
- Executes dropped EXE
PID:1200 -
\??\c:\9flfflx.exec:\9flfflx.exe57⤵
- Executes dropped EXE
PID:1636 -
\??\c:\hhhhbh.exec:\hhhhbh.exe58⤵
- Executes dropped EXE
PID:1580 -
\??\c:\1nhtbn.exec:\1nhtbn.exe59⤵
- Executes dropped EXE
PID:2784 -
\??\c:\vjjjp.exec:\vjjjp.exe60⤵
- Executes dropped EXE
PID:2988 -
\??\c:\pppvj.exec:\pppvj.exe61⤵
- Executes dropped EXE
PID:2124 -
\??\c:\frlxlrl.exec:\frlxlrl.exe62⤵
- Executes dropped EXE
PID:2108 -
\??\c:\hhbnbb.exec:\hhbnbb.exe63⤵
- Executes dropped EXE
PID:1804 -
\??\c:\ttntbb.exec:\ttntbb.exe64⤵
- Executes dropped EXE
PID:780 -
\??\c:\vvpvv.exec:\vvpvv.exe65⤵
- Executes dropped EXE
PID:1600 -
\??\c:\xrrrlff.exec:\xrrrlff.exe66⤵PID:1464
-
\??\c:\lxrxfxl.exec:\lxrxfxl.exe67⤵PID:1112
-
\??\c:\nhbtth.exec:\nhbtth.exe68⤵PID:356
-
\??\c:\1bhtht.exec:\1bhtht.exe69⤵PID:712
-
\??\c:\pjjpv.exec:\pjjpv.exe70⤵PID:1620
-
\??\c:\jjdjp.exec:\jjdjp.exe71⤵PID:1732
-
\??\c:\ffrxlrf.exec:\ffrxlrf.exe72⤵PID:1832
-
\??\c:\llxfrrl.exec:\llxfrrl.exe73⤵PID:1848
-
\??\c:\bbthbb.exec:\bbthbb.exe74⤵PID:1552
-
\??\c:\hhnbnb.exec:\hhnbnb.exe75⤵PID:2312
-
\??\c:\pjvdp.exec:\pjvdp.exe76⤵PID:2848
-
\??\c:\lffxxlr.exec:\lffxxlr.exe77⤵PID:3004
-
\??\c:\5xrfrfl.exec:\5xrfrfl.exe78⤵PID:1764
-
\??\c:\nbbtnn.exec:\nbbtnn.exe79⤵PID:1692
-
\??\c:\1djpj.exec:\1djpj.exe80⤵PID:2364
-
\??\c:\5rxlffl.exec:\5rxlffl.exe81⤵PID:1704
-
\??\c:\fxlrllf.exec:\fxlrllf.exe82⤵PID:1604
-
\??\c:\hthntb.exec:\hthntb.exe83⤵PID:2224
-
\??\c:\bnbttt.exec:\bnbttt.exe84⤵PID:2748
-
\??\c:\dvpvd.exec:\dvpvd.exe85⤵PID:2676
-
\??\c:\dvvdj.exec:\dvvdj.exe86⤵PID:2664
-
\??\c:\3rrfrff.exec:\3rrfrff.exe87⤵PID:2384
-
\??\c:\hnnhht.exec:\hnnhht.exe88⤵PID:2572
-
\??\c:\3bbhnb.exec:\3bbhnb.exe89⤵PID:2712
-
\??\c:\dddjp.exec:\dddjp.exe90⤵PID:2468
-
\??\c:\vpdjv.exec:\vpdjv.exe91⤵PID:2472
-
\??\c:\rrlxllr.exec:\rrlxllr.exe92⤵PID:2576
-
\??\c:\tntnnh.exec:\tntnnh.exe93⤵PID:892
-
\??\c:\bbnbhb.exec:\bbnbhb.exe94⤵PID:2000
-
\??\c:\jvvdj.exec:\jvvdj.exe95⤵PID:1972
-
\??\c:\dvpjv.exec:\dvpjv.exe96⤵PID:1988
-
\??\c:\lfxxfll.exec:\lfxxfll.exe97⤵PID:1880
-
\??\c:\ttnnbn.exec:\ttnnbn.exe98⤵PID:1896
-
\??\c:\7nhnbb.exec:\7nhnbb.exe99⤵PID:2012
-
\??\c:\9vvjd.exec:\9vvjd.exe100⤵PID:2244
-
\??\c:\ddvdp.exec:\ddvdp.exe101⤵PID:1724
-
\??\c:\llxxllx.exec:\llxxllx.exe102⤵PID:1200
-
\??\c:\rrrlrxl.exec:\rrrlrxl.exe103⤵PID:1636
-
\??\c:\tthbtb.exec:\tthbtb.exe104⤵PID:1680
-
\??\c:\7hbbbb.exec:\7hbbbb.exe105⤵PID:1684
-
\??\c:\jjpdd.exec:\jjpdd.exe106⤵PID:2328
-
\??\c:\9xrflrx.exec:\9xrflrx.exe107⤵PID:2552
-
\??\c:\rflxlxf.exec:\rflxlxf.exe108⤵PID:2096
-
\??\c:\ttthtn.exec:\ttthtn.exe109⤵PID:1804
-
\??\c:\bbnnnn.exec:\bbnnnn.exe110⤵PID:780
-
\??\c:\3vppd.exec:\3vppd.exe111⤵PID:560
-
\??\c:\3fxxxfl.exec:\3fxxxfl.exe112⤵PID:1492
-
\??\c:\lffxrxl.exec:\lffxrxl.exe113⤵PID:2204
-
\??\c:\bbbtbn.exec:\bbbtbn.exe114⤵PID:356
-
\??\c:\dpddp.exec:\dpddp.exe115⤵PID:1672
-
\??\c:\jjdpv.exec:\jjdpv.exe116⤵PID:1108
-
\??\c:\7rlfxxr.exec:\7rlfxxr.exe117⤵PID:960
-
\??\c:\frxlxfl.exec:\frxlxfl.exe118⤵PID:2280
-
\??\c:\nnhhhn.exec:\nnhhhn.exe119⤵PID:3016
-
\??\c:\7hbbhn.exec:\7hbbhn.exe120⤵PID:1508
-
\??\c:\9dddd.exec:\9dddd.exe121⤵PID:656
-
\??\c:\rlflrrl.exec:\rlflrrl.exe122⤵PID:1336
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-