Analysis
-
max time kernel
150s -
max time network
159s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 01:26
Behavioral task
behavioral1
Sample
6a84c52b5f767f1482ebe77d5fff82a0_NeikiAnalytics.exe
Resource
win7-20231129-en
5 signatures
150 seconds
General
-
Target
6a84c52b5f767f1482ebe77d5fff82a0_NeikiAnalytics.exe
-
Size
254KB
-
MD5
6a84c52b5f767f1482ebe77d5fff82a0
-
SHA1
c4403663e1b54092f258ae56ccee367587a8ad93
-
SHA256
6e5e192925feaed8246ba716e9bc72d2092c1311911dd24bce2b92cb618618d2
-
SHA512
52a554c2912b3a3a8ef4380cb9cece71811dee17085f037d011708c6f56a2d6307cfe516bbb924a7cc66c9afd242c2c1619d4b92b91885a3122093c5ca429273
-
SSDEEP
6144:kcm4FmowdHoSphraHcpOaKHpolTjZXvEQo9dfrS:y4wFHoS3eFaKHpKT9XvEhdfrS
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral2/memory/1348-5-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1524-11-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2688-14-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5216-23-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5836-30-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3184-32-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5024-38-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4968-48-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1564-54-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2856-60-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2012-66-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2408-72-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5116-78-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2008-91-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3328-90-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3784-106-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4700-108-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4912-113-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3852-133-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5768-139-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/880-144-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2460-150-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5160-164-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5356-181-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3908-153-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2964-189-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3248-193-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2696-197-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5396-223-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1528-225-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1424-229-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3132-236-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5784-239-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2244-244-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1376-263-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1852-279-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1296-283-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4508-300-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4820-304-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2224-305-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4844-312-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1348-325-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5264-333-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/664-348-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/6016-359-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1164-375-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5728-376-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4916-429-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3448-443-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4736-449-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/680-451-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/452-481-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2276-496-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5176-513-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3244-517-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2604-523-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2484-530-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5576-546-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5252-583-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5252-587-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5244-597-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5560-649-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/680-702-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4240-728-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 1524 hhnbtn.exe 2688 1vpvp.exe 5216 xxxlxlx.exe 5836 bbbtnh.exe 3184 jvjvp.exe 5024 xfrlfxf.exe 4968 tnhnbn.exe 1564 vvpvj.exe 2856 tbthth.exe 2012 fxrllxx.exe 2408 fffxlfx.exe 5116 vddpj.exe 400 llxrrrr.exe 3328 nhnhbb.exe 2008 vvvdv.exe 1932 rllfrlx.exe 3784 ttnbnn.exe 4700 9jpdv.exe 4912 9rfxlfx.exe 5740 1dpjp.exe 316 frxxxrx.exe 3852 9hnbtt.exe 5768 7flffxr.exe 880 tnbhnh.exe 2460 5dvjd.exe 3908 5xxrffx.exe 860 htntbh.exe 5160 3jjvp.exe 888 dvdvv.exe 1192 rffxrrf.exe 5356 3djdj.exe 2964 vjvpd.exe 3248 xffrfxl.exe 2696 btbnhn.exe 5420 ddvjd.exe 3208 xlfxlxr.exe 3136 xrfrrll.exe 2956 nhtthh.exe 4560 dddvp.exe 1652 vjvjv.exe 3696 1frlfxl.exe 5396 rllrfrl.exe 1528 htnthh.exe 1424 1vvjd.exe 3132 xrlfrlf.exe 5784 nhnnhh.exe 5364 nntnbt.exe 2244 3lxllfr.exe 1764 fxrlffx.exe 3444 5tnbtn.exe 2604 pjjvp.exe 5056 rlrfxxr.exe 1376 hnttbh.exe 5164 hbtnbt.exe 1116 vpdpj.exe 2984 5ddpd.exe 4120 xfxrfxl.exe 1852 flrlxrr.exe 2364 bnnhbt.exe 1296 9djdd.exe 4200 fxxxxrr.exe 3176 fxxrrrr.exe 100 tnbbbt.exe 4508 7jjvp.exe -
resource yara_rule behavioral2/memory/1348-0-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000c000000023371-3.dat upx behavioral2/memory/1348-5-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0009000000023418-12.dat upx behavioral2/memory/1524-11-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2688-14-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002341f-13.dat upx behavioral2/memory/5216-23-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023420-24.dat upx behavioral2/files/0x0007000000023421-27.dat upx behavioral2/memory/5836-30-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3184-32-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023423-35.dat upx behavioral2/memory/5024-38-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023424-40.dat upx behavioral2/memory/4968-48-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023425-47.dat upx behavioral2/memory/1564-49-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023426-52.dat upx behavioral2/memory/1564-54-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023427-61.dat upx behavioral2/memory/2856-60-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023428-64.dat upx behavioral2/memory/2012-66-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023429-70.dat upx behavioral2/memory/2408-72-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002342a-76.dat upx behavioral2/memory/5116-78-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002342b-82.dat upx behavioral2/files/0x000700000002342c-87.dat upx behavioral2/files/0x000700000002342d-93.dat upx behavioral2/memory/2008-91-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3328-90-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002342e-99.dat upx behavioral2/files/0x000700000002342f-103.dat upx behavioral2/memory/3784-106-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4700-108-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000800000002341c-110.dat upx behavioral2/memory/4912-113-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023430-117.dat upx behavioral2/files/0x0007000000023431-121.dat upx behavioral2/files/0x0007000000023432-127.dat upx behavioral2/memory/3852-133-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023434-131.dat upx behavioral2/files/0x0007000000023435-137.dat upx behavioral2/memory/5768-139-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023436-145.dat upx behavioral2/memory/880-144-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2460-150-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023437-151.dat upx behavioral2/files/0x0007000000023438-156.dat upx behavioral2/files/0x0007000000023439-162.dat upx behavioral2/memory/5160-164-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002343a-167.dat upx behavioral2/files/0x000700000002343b-173.dat upx behavioral2/files/0x000700000002343c-177.dat upx behavioral2/memory/5356-181-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002343d-184.dat upx behavioral2/memory/3908-153-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2964-189-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3248-193-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2696-197-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/5420-198-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/5396-223-0x0000000000400000-0x0000000000427000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1348 wrote to memory of 1524 1348 6a84c52b5f767f1482ebe77d5fff82a0_NeikiAnalytics.exe 83 PID 1348 wrote to memory of 1524 1348 6a84c52b5f767f1482ebe77d5fff82a0_NeikiAnalytics.exe 83 PID 1348 wrote to memory of 1524 1348 6a84c52b5f767f1482ebe77d5fff82a0_NeikiAnalytics.exe 83 PID 1524 wrote to memory of 2688 1524 hhnbtn.exe 84 PID 1524 wrote to memory of 2688 1524 hhnbtn.exe 84 PID 1524 wrote to memory of 2688 1524 hhnbtn.exe 84 PID 2688 wrote to memory of 5216 2688 1vpvp.exe 85 PID 2688 wrote to memory of 5216 2688 1vpvp.exe 85 PID 2688 wrote to memory of 5216 2688 1vpvp.exe 85 PID 5216 wrote to memory of 5836 5216 xxxlxlx.exe 86 PID 5216 wrote to memory of 5836 5216 xxxlxlx.exe 86 PID 5216 wrote to memory of 5836 5216 xxxlxlx.exe 86 PID 5836 wrote to memory of 3184 5836 bbbtnh.exe 87 PID 5836 wrote to memory of 3184 5836 bbbtnh.exe 87 PID 5836 wrote to memory of 3184 5836 bbbtnh.exe 87 PID 3184 wrote to memory of 5024 3184 jvjvp.exe 88 PID 3184 wrote to memory of 5024 3184 jvjvp.exe 88 PID 3184 wrote to memory of 5024 3184 jvjvp.exe 88 PID 5024 wrote to memory of 4968 5024 xfrlfxf.exe 89 PID 5024 wrote to memory of 4968 5024 xfrlfxf.exe 89 PID 5024 wrote to memory of 4968 5024 xfrlfxf.exe 89 PID 4968 wrote to memory of 1564 4968 tnhnbn.exe 90 PID 4968 wrote to memory of 1564 4968 tnhnbn.exe 90 PID 4968 wrote to memory of 1564 4968 tnhnbn.exe 90 PID 1564 wrote to memory of 2856 1564 vvpvj.exe 91 PID 1564 wrote to memory of 2856 1564 vvpvj.exe 91 PID 1564 wrote to memory of 2856 1564 vvpvj.exe 91 PID 2856 wrote to memory of 2012 2856 tbthth.exe 92 PID 2856 wrote to memory of 2012 2856 tbthth.exe 92 PID 2856 wrote to memory of 2012 2856 tbthth.exe 92 PID 2012 wrote to memory of 2408 2012 fxrllxx.exe 93 PID 2012 wrote to memory of 2408 2012 fxrllxx.exe 93 PID 2012 wrote to memory of 2408 2012 fxrllxx.exe 93 PID 2408 wrote to memory of 5116 2408 fffxlfx.exe 94 PID 2408 wrote to memory of 5116 2408 fffxlfx.exe 94 PID 2408 wrote to memory of 5116 2408 fffxlfx.exe 94 PID 5116 wrote to memory of 400 5116 vddpj.exe 95 PID 5116 wrote to memory of 400 5116 vddpj.exe 95 PID 5116 wrote to memory of 400 5116 vddpj.exe 95 PID 400 wrote to memory of 3328 400 llxrrrr.exe 96 PID 400 wrote to memory of 3328 400 llxrrrr.exe 96 PID 400 wrote to memory of 3328 400 llxrrrr.exe 96 PID 3328 wrote to memory of 2008 3328 nhnhbb.exe 97 PID 3328 wrote to memory of 2008 3328 nhnhbb.exe 97 PID 3328 wrote to memory of 2008 3328 nhnhbb.exe 97 PID 2008 wrote to memory of 1932 2008 vvvdv.exe 98 PID 2008 wrote to memory of 1932 2008 vvvdv.exe 98 PID 2008 wrote to memory of 1932 2008 vvvdv.exe 98 PID 1932 wrote to memory of 3784 1932 rllfrlx.exe 99 PID 1932 wrote to memory of 3784 1932 rllfrlx.exe 99 PID 1932 wrote to memory of 3784 1932 rllfrlx.exe 99 PID 3784 wrote to memory of 4700 3784 ttnbnn.exe 100 PID 3784 wrote to memory of 4700 3784 ttnbnn.exe 100 PID 3784 wrote to memory of 4700 3784 ttnbnn.exe 100 PID 4700 wrote to memory of 4912 4700 9jpdv.exe 101 PID 4700 wrote to memory of 4912 4700 9jpdv.exe 101 PID 4700 wrote to memory of 4912 4700 9jpdv.exe 101 PID 4912 wrote to memory of 5740 4912 9rfxlfx.exe 103 PID 4912 wrote to memory of 5740 4912 9rfxlfx.exe 103 PID 4912 wrote to memory of 5740 4912 9rfxlfx.exe 103 PID 5740 wrote to memory of 316 5740 1dpjp.exe 104 PID 5740 wrote to memory of 316 5740 1dpjp.exe 104 PID 5740 wrote to memory of 316 5740 1dpjp.exe 104 PID 316 wrote to memory of 3852 316 frxxxrx.exe 105
Processes
-
C:\Users\Admin\AppData\Local\Temp\6a84c52b5f767f1482ebe77d5fff82a0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\6a84c52b5f767f1482ebe77d5fff82a0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1348 -
\??\c:\hhnbtn.exec:\hhnbtn.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1524 -
\??\c:\1vpvp.exec:\1vpvp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2688 -
\??\c:\xxxlxlx.exec:\xxxlxlx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5216 -
\??\c:\bbbtnh.exec:\bbbtnh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5836 -
\??\c:\jvjvp.exec:\jvjvp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3184 -
\??\c:\xfrlfxf.exec:\xfrlfxf.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5024 -
\??\c:\tnhnbn.exec:\tnhnbn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4968 -
\??\c:\vvpvj.exec:\vvpvj.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1564 -
\??\c:\tbthth.exec:\tbthth.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2856 -
\??\c:\fxrllxx.exec:\fxrllxx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2012 -
\??\c:\fffxlfx.exec:\fffxlfx.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2408 -
\??\c:\vddpj.exec:\vddpj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5116 -
\??\c:\llxrrrr.exec:\llxrrrr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:400 -
\??\c:\nhnhbb.exec:\nhnhbb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3328 -
\??\c:\vvvdv.exec:\vvvdv.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2008 -
\??\c:\rllfrlx.exec:\rllfrlx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1932 -
\??\c:\ttnbnn.exec:\ttnbnn.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3784 -
\??\c:\9jpdv.exec:\9jpdv.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4700 -
\??\c:\9rfxlfx.exec:\9rfxlfx.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4912 -
\??\c:\1dpjp.exec:\1dpjp.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5740 -
\??\c:\frxxxrx.exec:\frxxxrx.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:316 -
\??\c:\9hnbtt.exec:\9hnbtt.exe23⤵
- Executes dropped EXE
PID:3852 -
\??\c:\7flffxr.exec:\7flffxr.exe24⤵
- Executes dropped EXE
PID:5768 -
\??\c:\tnbhnh.exec:\tnbhnh.exe25⤵
- Executes dropped EXE
PID:880 -
\??\c:\5dvjd.exec:\5dvjd.exe26⤵
- Executes dropped EXE
PID:2460 -
\??\c:\5xxrffx.exec:\5xxrffx.exe27⤵
- Executes dropped EXE
PID:3908 -
\??\c:\htntbh.exec:\htntbh.exe28⤵
- Executes dropped EXE
PID:860 -
\??\c:\3jjvp.exec:\3jjvp.exe29⤵
- Executes dropped EXE
PID:5160 -
\??\c:\dvdvv.exec:\dvdvv.exe30⤵
- Executes dropped EXE
PID:888 -
\??\c:\rffxrrf.exec:\rffxrrf.exe31⤵
- Executes dropped EXE
PID:1192 -
\??\c:\3djdj.exec:\3djdj.exe32⤵
- Executes dropped EXE
PID:5356 -
\??\c:\vjvpd.exec:\vjvpd.exe33⤵
- Executes dropped EXE
PID:2964 -
\??\c:\xffrfxl.exec:\xffrfxl.exe34⤵
- Executes dropped EXE
PID:3248 -
\??\c:\btbnhn.exec:\btbnhn.exe35⤵
- Executes dropped EXE
PID:2696 -
\??\c:\ddvjd.exec:\ddvjd.exe36⤵
- Executes dropped EXE
PID:5420 -
\??\c:\xlfxlxr.exec:\xlfxlxr.exe37⤵
- Executes dropped EXE
PID:3208 -
\??\c:\xrfrrll.exec:\xrfrrll.exe38⤵
- Executes dropped EXE
PID:3136 -
\??\c:\nhtthh.exec:\nhtthh.exe39⤵
- Executes dropped EXE
PID:2956 -
\??\c:\dddvp.exec:\dddvp.exe40⤵
- Executes dropped EXE
PID:4560 -
\??\c:\vjvjv.exec:\vjvjv.exe41⤵
- Executes dropped EXE
PID:1652 -
\??\c:\1frlfxl.exec:\1frlfxl.exe42⤵
- Executes dropped EXE
PID:3696 -
\??\c:\rllrfrl.exec:\rllrfrl.exe43⤵
- Executes dropped EXE
PID:5396 -
\??\c:\htnthh.exec:\htnthh.exe44⤵
- Executes dropped EXE
PID:1528 -
\??\c:\1vvjd.exec:\1vvjd.exe45⤵
- Executes dropped EXE
PID:1424 -
\??\c:\xrlfrlf.exec:\xrlfrlf.exe46⤵
- Executes dropped EXE
PID:3132 -
\??\c:\nhnnhh.exec:\nhnnhh.exe47⤵
- Executes dropped EXE
PID:5784 -
\??\c:\nntnbt.exec:\nntnbt.exe48⤵
- Executes dropped EXE
PID:5364 -
\??\c:\3lxllfr.exec:\3lxllfr.exe49⤵
- Executes dropped EXE
PID:2244 -
\??\c:\fxrlffx.exec:\fxrlffx.exe50⤵
- Executes dropped EXE
PID:1764 -
\??\c:\5tnbtn.exec:\5tnbtn.exe51⤵
- Executes dropped EXE
PID:3444 -
\??\c:\pjjvp.exec:\pjjvp.exe52⤵
- Executes dropped EXE
PID:2604 -
\??\c:\rlrfxxr.exec:\rlrfxxr.exe53⤵
- Executes dropped EXE
PID:5056 -
\??\c:\hnttbh.exec:\hnttbh.exe54⤵
- Executes dropped EXE
PID:1376 -
\??\c:\hbtnbt.exec:\hbtnbt.exe55⤵
- Executes dropped EXE
PID:5164 -
\??\c:\vpdpj.exec:\vpdpj.exe56⤵
- Executes dropped EXE
PID:1116 -
\??\c:\5ddpd.exec:\5ddpd.exe57⤵
- Executes dropped EXE
PID:2984 -
\??\c:\xfxrfxl.exec:\xfxrfxl.exe58⤵
- Executes dropped EXE
PID:4120 -
\??\c:\flrlxrr.exec:\flrlxrr.exe59⤵
- Executes dropped EXE
PID:1852 -
\??\c:\bnnhbt.exec:\bnnhbt.exe60⤵
- Executes dropped EXE
PID:2364 -
\??\c:\9djdd.exec:\9djdd.exe61⤵
- Executes dropped EXE
PID:1296 -
\??\c:\fxxxxrr.exec:\fxxxxrr.exe62⤵
- Executes dropped EXE
PID:4200 -
\??\c:\fxxrrrr.exec:\fxxrrrr.exe63⤵
- Executes dropped EXE
PID:3176 -
\??\c:\tnbbbt.exec:\tnbbbt.exe64⤵
- Executes dropped EXE
PID:100 -
\??\c:\7jjvp.exec:\7jjvp.exe65⤵
- Executes dropped EXE
PID:4508 -
\??\c:\dvjjv.exec:\dvjjv.exe66⤵PID:4820
-
\??\c:\lfxllff.exec:\lfxllff.exe67⤵PID:2224
-
\??\c:\rrrrxff.exec:\rrrrxff.exe68⤵PID:2240
-
\??\c:\bttnbt.exec:\bttnbt.exe69⤵PID:4844
-
\??\c:\vpdpd.exec:\vpdpd.exe70⤵PID:4464
-
\??\c:\1jjdv.exec:\1jjdv.exe71⤵PID:4468
-
\??\c:\xlrlrll.exec:\xlrlrll.exe72⤵PID:1348
-
\??\c:\htbtnh.exec:\htbtnh.exe73⤵PID:2352
-
\??\c:\vjdpj.exec:\vjdpj.exe74⤵PID:1640
-
\??\c:\pdjpd.exec:\pdjpd.exe75⤵PID:5264
-
\??\c:\lxxlxrl.exec:\lxxlxrl.exe76⤵PID:448
-
\??\c:\nhhtth.exec:\nhhtth.exe77⤵PID:5680
-
\??\c:\5jjdp.exec:\5jjdp.exe78⤵PID:5024
-
\??\c:\flrfrrl.exec:\flrfrrl.exe79⤵PID:664
-
\??\c:\fxxlxrl.exec:\fxxlxrl.exe80⤵PID:3808
-
\??\c:\thnhhb.exec:\thnhhb.exe81⤵PID:4204
-
\??\c:\pjvpd.exec:\pjvpd.exe82⤵PID:2652
-
\??\c:\pjjdd.exec:\pjjdd.exe83⤵PID:6016
-
\??\c:\fflfrlr.exec:\fflfrlr.exe84⤵PID:3616
-
\??\c:\bbnbht.exec:\bbnbht.exe85⤵PID:4216
-
\??\c:\pppdv.exec:\pppdv.exe86⤵PID:2452
-
\??\c:\dpdvj.exec:\dpdvj.exe87⤵PID:1164
-
\??\c:\rffxrlf.exec:\rffxrlf.exe88⤵PID:5728
-
\??\c:\nbnbbt.exec:\nbnbbt.exe89⤵PID:5608
-
\??\c:\pvvjp.exec:\pvvjp.exe90⤵PID:2388
-
\??\c:\rxrffxl.exec:\rxrffxl.exe91⤵PID:5640
-
\??\c:\xflxxrl.exec:\xflxxrl.exe92⤵PID:4168
-
\??\c:\7ttnbt.exec:\7ttnbt.exe93⤵PID:4780
-
\??\c:\jvddd.exec:\jvddd.exe94⤵PID:1096
-
\??\c:\djjvp.exec:\djjvp.exe95⤵PID:5560
-
\??\c:\lffrfxx.exec:\lffrfxx.exe96⤵PID:5484
-
\??\c:\7frlxxl.exec:\7frlxxl.exe97⤵PID:5460
-
\??\c:\btnhhh.exec:\btnhhh.exe98⤵PID:5312
-
\??\c:\3ppjd.exec:\3ppjd.exe99⤵PID:4052
-
\??\c:\djdvp.exec:\djdvp.exe100⤵PID:2488
-
\??\c:\rlfrlxr.exec:\rlfrlxr.exe101⤵PID:3108
-
\??\c:\rlfxfxl.exec:\rlfxfxl.exe102⤵PID:4372
-
\??\c:\bhtbnn.exec:\bhtbnn.exe103⤵PID:4596
-
\??\c:\7pvjv.exec:\7pvjv.exe104⤵PID:4132
-
\??\c:\vpdpp.exec:\vpdpp.exe105⤵PID:4916
-
\??\c:\5xlfxrl.exec:\5xlfxrl.exe106⤵PID:952
-
\??\c:\5ffxllx.exec:\5ffxllx.exe107⤵PID:972
-
\??\c:\nntnbb.exec:\nntnbb.exe108⤵PID:3448
-
\??\c:\3dvdv.exec:\3dvdv.exe109⤵PID:1192
-
\??\c:\tnbnbb.exec:\tnbnbb.exe110⤵PID:4736
-
\??\c:\1djvj.exec:\1djvj.exe111⤵PID:680
-
\??\c:\vvddj.exec:\vvddj.exe112⤵PID:3400
-
\??\c:\frxrxrr.exec:\frxrxrr.exe113⤵PID:2924
-
\??\c:\bhhbht.exec:\bhhbht.exe114⤵PID:2696
-
\??\c:\vvpjd.exec:\vvpjd.exe115⤵PID:924
-
\??\c:\5xfrlxx.exec:\5xfrlxx.exe116⤵PID:1004
-
\??\c:\xrrfrlf.exec:\xrrfrlf.exe117⤵PID:4344
-
\??\c:\bttnhh.exec:\bttnhh.exe118⤵PID:5136
-
\??\c:\vppvp.exec:\vppvp.exe119⤵PID:5064
-
\??\c:\rflfrlf.exec:\rflfrlf.exe120⤵PID:452
-
\??\c:\bnthbn.exec:\bnthbn.exe121⤵PID:1788
-
\??\c:\5nhbth.exec:\5nhbth.exe122⤵PID:2312
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-