Analysis
-
max time kernel
150s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 12:51
Behavioral task
behavioral1
Sample
c738084076be11dd9dabb3c6995fd400_NeikiAnalytics.exe
Resource
win7-20240508-en
5 signatures
150 seconds
General
-
Target
c738084076be11dd9dabb3c6995fd400_NeikiAnalytics.exe
-
Size
339KB
-
MD5
c738084076be11dd9dabb3c6995fd400
-
SHA1
fb473779e73e2df7b2e10059a4faed7d02a47c49
-
SHA256
f90223599c68033e7923e726c144b175e279ebf548020cf9b0c5705b43c4ff55
-
SHA512
d0929365e892f06fb7c53d20de42f08f7b741e65caf0f3da6dbf5afe65afcda8c1ff392914239bb72086855c027b100e9c001214832ea507efdffda2f51435eb
-
SSDEEP
3072:9hOmTsF93UYfwC6GIoutz5yLpcgDE4JBHNgu5ex1B2OkEv0KvmhNin:9cm4FmowdHoS4BtguSPKyHn
Malware Config
Signatures
-
Detect Blackmoon payload 39 IoCs
resource yara_rule behavioral1/memory/2436-9-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2120-11-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2120-18-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2360-28-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2136-37-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2760-47-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2640-56-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2544-66-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2460-74-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2504-84-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2208-92-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/3004-102-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2884-118-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2904-127-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1052-161-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2704-171-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2396-196-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/1748-205-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/784-223-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1016-248-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1976-257-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2440-260-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2056-284-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1560-305-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2660-344-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2504-375-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1936-388-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2848-401-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1808-432-0x00000000003A0000-0x00000000003C7000-memory.dmp family_blackmoon behavioral1/memory/1724-439-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1316-522-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1540-530-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/932-537-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2924-615-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2732-732-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1604-741-0x0000000000230000-0x0000000000257000-memory.dmp family_blackmoon behavioral1/memory/952-801-0x0000000000220000-0x0000000000247000-memory.dmp family_blackmoon behavioral1/memory/316-1015-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1696-1141-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 2120 1dpdd.exe 2360 ppjvp.exe 2136 rlxfllr.exe 2760 7tntbh.exe 2640 xxlrxxf.exe 2544 hnbttn.exe 2460 jpjpp.exe 2504 fflllff.exe 2208 dvjdp.exe 3004 vvpdj.exe 2728 nbnhnn.exe 2884 vpjpd.exe 2904 ffxlrxf.exe 2996 bhbhtt.exe 1300 3pppd.exe 2320 fxflllx.exe 1052 7ppdp.exe 2704 xrlrlrr.exe 1288 hhhbnt.exe 2068 7dppd.exe 2396 bbbbnt.exe 1748 nntthb.exe 2244 xrrxlrx.exe 784 nnbtbn.exe 1104 7dpvd.exe 1540 5llxlrx.exe 1016 pdjpd.exe 1976 5fxlxlx.exe 2440 pjddd.exe 1384 vjddp.exe 2056 7tnbnt.exe 888 rrrflxl.exe 2588 hhtnhb.exe 2112 1pvvv.exe 1560 3pjvp.exe 2356 rlfrrxf.exe 2284 bthnbt.exe 2612 dddjp.exe 2764 3vdvv.exe 2660 rfxlxlf.exe 2760 9bhbbb.exe 2832 3dppv.exe 2672 vppjj.exe 2564 5fxfrrr.exe 2796 7bthht.exe 2504 hbntbb.exe 2208 jdjpv.exe 1936 rlxxlfl.exe 2844 5ntbhn.exe 2848 tbbtth.exe 1060 vpddp.exe 1856 3xrxfff.exe 1256 fxlllfl.exe 1808 htbhtt.exe 1724 pjvdj.exe 2732 dpjvd.exe 1440 rlfxffr.exe 772 tnbnbt.exe 808 pjvdj.exe 1156 jdjjj.exe 624 frllllr.exe 1476 nnbhnt.exe 2952 pdjjv.exe 264 vpdjv.exe -
resource yara_rule behavioral1/memory/2436-0-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2436-9-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2120-11-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x000e00000001228a-10.dat upx behavioral1/files/0x0038000000014335-19.dat upx behavioral1/memory/2120-18-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x00070000000144c0-26.dat upx behavioral1/memory/2360-28-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2136-29-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2136-37-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0007000000014531-38.dat upx behavioral1/memory/2760-39-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x00070000000145be-46.dat upx behavioral1/memory/2760-47-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2640-48-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2640-56-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0007000000014691-57.dat upx behavioral1/files/0x0008000000014723-64.dat upx behavioral1/memory/2544-66-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0007000000015686-75.dat upx behavioral1/memory/2460-74-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000015693-82.dat upx behavioral1/memory/2504-84-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2208-92-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000015b6e-93.dat upx behavioral1/files/0x0006000000015bf4-99.dat upx behavioral1/memory/3004-102-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000015cb8-110.dat upx behavioral1/memory/2884-118-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000015cc7-117.dat upx behavioral1/files/0x0006000000015cdf-125.dat upx behavioral1/memory/2904-127-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000015ce8-134.dat upx behavioral1/files/0x0006000000015cf0-144.dat upx behavioral1/files/0x0006000000015d08-150.dat upx behavioral1/files/0x0006000000015d12-162.dat upx behavioral1/memory/1052-161-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0038000000014349-169.dat upx behavioral1/memory/2704-171-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000015d24-178.dat upx behavioral1/files/0x0006000000015d3b-186.dat upx behavioral1/files/0x0006000000015d53-193.dat upx behavioral1/files/0x0006000000015d73-203.dat upx behavioral1/memory/1748-205-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000015d7b-214.dat upx behavioral1/files/0x0006000000015d83-221.dat upx behavioral1/memory/784-223-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000015d90-231.dat upx behavioral1/files/0x0006000000015d9f-240.dat upx behavioral1/files/0x0006000000015dca-249.dat upx behavioral1/memory/1016-248-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1976-257-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2440-260-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000015e1d-259.dat upx behavioral1/files/0x0006000000015f73-267.dat upx behavioral1/files/0x0006000000015fef-276.dat upx behavioral1/memory/2056-284-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x000600000001611e-285.dat upx behavioral1/memory/1560-305-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2764-330-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2660-344-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2504-375-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1936-388-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2848-401-0x0000000000400000-0x0000000000427000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2436 wrote to memory of 2120 2436 c738084076be11dd9dabb3c6995fd400_NeikiAnalytics.exe 28 PID 2436 wrote to memory of 2120 2436 c738084076be11dd9dabb3c6995fd400_NeikiAnalytics.exe 28 PID 2436 wrote to memory of 2120 2436 c738084076be11dd9dabb3c6995fd400_NeikiAnalytics.exe 28 PID 2436 wrote to memory of 2120 2436 c738084076be11dd9dabb3c6995fd400_NeikiAnalytics.exe 28 PID 2120 wrote to memory of 2360 2120 1dpdd.exe 29 PID 2120 wrote to memory of 2360 2120 1dpdd.exe 29 PID 2120 wrote to memory of 2360 2120 1dpdd.exe 29 PID 2120 wrote to memory of 2360 2120 1dpdd.exe 29 PID 2360 wrote to memory of 2136 2360 ppjvp.exe 30 PID 2360 wrote to memory of 2136 2360 ppjvp.exe 30 PID 2360 wrote to memory of 2136 2360 ppjvp.exe 30 PID 2360 wrote to memory of 2136 2360 ppjvp.exe 30 PID 2136 wrote to memory of 2760 2136 rlxfllr.exe 31 PID 2136 wrote to memory of 2760 2136 rlxfllr.exe 31 PID 2136 wrote to memory of 2760 2136 rlxfllr.exe 31 PID 2136 wrote to memory of 2760 2136 rlxfllr.exe 31 PID 2760 wrote to memory of 2640 2760 7tntbh.exe 32 PID 2760 wrote to memory of 2640 2760 7tntbh.exe 32 PID 2760 wrote to memory of 2640 2760 7tntbh.exe 32 PID 2760 wrote to memory of 2640 2760 7tntbh.exe 32 PID 2640 wrote to memory of 2544 2640 xxlrxxf.exe 33 PID 2640 wrote to memory of 2544 2640 xxlrxxf.exe 33 PID 2640 wrote to memory of 2544 2640 xxlrxxf.exe 33 PID 2640 wrote to memory of 2544 2640 xxlrxxf.exe 33 PID 2544 wrote to memory of 2460 2544 hnbttn.exe 34 PID 2544 wrote to memory of 2460 2544 hnbttn.exe 34 PID 2544 wrote to memory of 2460 2544 hnbttn.exe 34 PID 2544 wrote to memory of 2460 2544 hnbttn.exe 34 PID 2460 wrote to memory of 2504 2460 jpjpp.exe 35 PID 2460 wrote to memory of 2504 2460 jpjpp.exe 35 PID 2460 wrote to memory of 2504 2460 jpjpp.exe 35 PID 2460 wrote to memory of 2504 2460 jpjpp.exe 35 PID 2504 wrote to memory of 2208 2504 fflllff.exe 36 PID 2504 wrote to memory of 2208 2504 fflllff.exe 36 PID 2504 wrote to memory of 2208 2504 fflllff.exe 36 PID 2504 wrote to memory of 2208 2504 fflllff.exe 36 PID 2208 wrote to memory of 3004 2208 dvjdp.exe 37 PID 2208 wrote to memory of 3004 2208 dvjdp.exe 37 PID 2208 wrote to memory of 3004 2208 dvjdp.exe 37 PID 2208 wrote to memory of 3004 2208 dvjdp.exe 37 PID 3004 wrote to memory of 2728 3004 vvpdj.exe 38 PID 3004 wrote to memory of 2728 3004 vvpdj.exe 38 PID 3004 wrote to memory of 2728 3004 vvpdj.exe 38 PID 3004 wrote to memory of 2728 3004 vvpdj.exe 38 PID 2728 wrote to memory of 2884 2728 nbnhnn.exe 39 PID 2728 wrote to memory of 2884 2728 nbnhnn.exe 39 PID 2728 wrote to memory of 2884 2728 nbnhnn.exe 39 PID 2728 wrote to memory of 2884 2728 nbnhnn.exe 39 PID 2884 wrote to memory of 2904 2884 vpjpd.exe 40 PID 2884 wrote to memory of 2904 2884 vpjpd.exe 40 PID 2884 wrote to memory of 2904 2884 vpjpd.exe 40 PID 2884 wrote to memory of 2904 2884 vpjpd.exe 40 PID 2904 wrote to memory of 2996 2904 ffxlrxf.exe 41 PID 2904 wrote to memory of 2996 2904 ffxlrxf.exe 41 PID 2904 wrote to memory of 2996 2904 ffxlrxf.exe 41 PID 2904 wrote to memory of 2996 2904 ffxlrxf.exe 41 PID 2996 wrote to memory of 1300 2996 bhbhtt.exe 42 PID 2996 wrote to memory of 1300 2996 bhbhtt.exe 42 PID 2996 wrote to memory of 1300 2996 bhbhtt.exe 42 PID 2996 wrote to memory of 1300 2996 bhbhtt.exe 42 PID 1300 wrote to memory of 2320 1300 3pppd.exe 43 PID 1300 wrote to memory of 2320 1300 3pppd.exe 43 PID 1300 wrote to memory of 2320 1300 3pppd.exe 43 PID 1300 wrote to memory of 2320 1300 3pppd.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\c738084076be11dd9dabb3c6995fd400_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\c738084076be11dd9dabb3c6995fd400_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2436 -
\??\c:\1dpdd.exec:\1dpdd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2120 -
\??\c:\ppjvp.exec:\ppjvp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2360 -
\??\c:\rlxfllr.exec:\rlxfllr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2136 -
\??\c:\7tntbh.exec:\7tntbh.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2760 -
\??\c:\xxlrxxf.exec:\xxlrxxf.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2640 -
\??\c:\hnbttn.exec:\hnbttn.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2544 -
\??\c:\jpjpp.exec:\jpjpp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2460 -
\??\c:\fflllff.exec:\fflllff.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2504 -
\??\c:\dvjdp.exec:\dvjdp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2208 -
\??\c:\vvpdj.exec:\vvpdj.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3004 -
\??\c:\nbnhnn.exec:\nbnhnn.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2728 -
\??\c:\vpjpd.exec:\vpjpd.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2884 -
\??\c:\ffxlrxf.exec:\ffxlrxf.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2904 -
\??\c:\bhbhtt.exec:\bhbhtt.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2996 -
\??\c:\3pppd.exec:\3pppd.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1300 -
\??\c:\fxflllx.exec:\fxflllx.exe17⤵
- Executes dropped EXE
PID:2320 -
\??\c:\7ppdp.exec:\7ppdp.exe18⤵
- Executes dropped EXE
PID:1052 -
\??\c:\xrlrlrr.exec:\xrlrlrr.exe19⤵
- Executes dropped EXE
PID:2704 -
\??\c:\hhhbnt.exec:\hhhbnt.exe20⤵
- Executes dropped EXE
PID:1288 -
\??\c:\7dppd.exec:\7dppd.exe21⤵
- Executes dropped EXE
PID:2068 -
\??\c:\bbbbnt.exec:\bbbbnt.exe22⤵
- Executes dropped EXE
PID:2396 -
\??\c:\nntthb.exec:\nntthb.exe23⤵
- Executes dropped EXE
PID:1748 -
\??\c:\xrrxlrx.exec:\xrrxlrx.exe24⤵
- Executes dropped EXE
PID:2244 -
\??\c:\nnbtbn.exec:\nnbtbn.exe25⤵
- Executes dropped EXE
PID:784 -
\??\c:\7dpvd.exec:\7dpvd.exe26⤵
- Executes dropped EXE
PID:1104 -
\??\c:\5llxlrx.exec:\5llxlrx.exe27⤵
- Executes dropped EXE
PID:1540 -
\??\c:\pdjpd.exec:\pdjpd.exe28⤵
- Executes dropped EXE
PID:1016 -
\??\c:\5fxlxlx.exec:\5fxlxlx.exe29⤵
- Executes dropped EXE
PID:1976 -
\??\c:\pjddd.exec:\pjddd.exe30⤵
- Executes dropped EXE
PID:2440 -
\??\c:\vjddp.exec:\vjddp.exe31⤵
- Executes dropped EXE
PID:1384 -
\??\c:\7tnbnt.exec:\7tnbnt.exe32⤵
- Executes dropped EXE
PID:2056 -
\??\c:\rrrflxl.exec:\rrrflxl.exe33⤵
- Executes dropped EXE
PID:888 -
\??\c:\hhtnhb.exec:\hhtnhb.exe34⤵
- Executes dropped EXE
PID:2588 -
\??\c:\1pvvv.exec:\1pvvv.exe35⤵
- Executes dropped EXE
PID:2112 -
\??\c:\3pjvp.exec:\3pjvp.exe36⤵
- Executes dropped EXE
PID:1560 -
\??\c:\rlfrrxf.exec:\rlfrrxf.exe37⤵
- Executes dropped EXE
PID:2356 -
\??\c:\bthnbt.exec:\bthnbt.exe38⤵
- Executes dropped EXE
PID:2284 -
\??\c:\dddjp.exec:\dddjp.exe39⤵
- Executes dropped EXE
PID:2612 -
\??\c:\3vdvv.exec:\3vdvv.exe40⤵
- Executes dropped EXE
PID:2764 -
\??\c:\rfxlxlf.exec:\rfxlxlf.exe41⤵
- Executes dropped EXE
PID:2660 -
\??\c:\9bhbbb.exec:\9bhbbb.exe42⤵
- Executes dropped EXE
PID:2760 -
\??\c:\3dppv.exec:\3dppv.exe43⤵
- Executes dropped EXE
PID:2832 -
\??\c:\vppjj.exec:\vppjj.exe44⤵
- Executes dropped EXE
PID:2672 -
\??\c:\5fxfrrr.exec:\5fxfrrr.exe45⤵
- Executes dropped EXE
PID:2564 -
\??\c:\7bthht.exec:\7bthht.exe46⤵
- Executes dropped EXE
PID:2796 -
\??\c:\hbntbb.exec:\hbntbb.exe47⤵
- Executes dropped EXE
PID:2504 -
\??\c:\jdjpv.exec:\jdjpv.exe48⤵
- Executes dropped EXE
PID:2208 -
\??\c:\rlxxlfl.exec:\rlxxlfl.exe49⤵
- Executes dropped EXE
PID:1936 -
\??\c:\5ntbhn.exec:\5ntbhn.exe50⤵
- Executes dropped EXE
PID:2844 -
\??\c:\tbbtth.exec:\tbbtth.exe51⤵
- Executes dropped EXE
PID:2848 -
\??\c:\vpddp.exec:\vpddp.exe52⤵
- Executes dropped EXE
PID:1060 -
\??\c:\3xrxfff.exec:\3xrxfff.exe53⤵
- Executes dropped EXE
PID:1856 -
\??\c:\fxlllfl.exec:\fxlllfl.exe54⤵
- Executes dropped EXE
PID:1256 -
\??\c:\htbhtt.exec:\htbhtt.exe55⤵
- Executes dropped EXE
PID:1808 -
\??\c:\pjvdj.exec:\pjvdj.exe56⤵
- Executes dropped EXE
PID:1724 -
\??\c:\dpjvd.exec:\dpjvd.exe57⤵
- Executes dropped EXE
PID:2732 -
\??\c:\rlfxffr.exec:\rlfxffr.exe58⤵
- Executes dropped EXE
PID:1440 -
\??\c:\tnbnbt.exec:\tnbnbt.exe59⤵
- Executes dropped EXE
PID:772 -
\??\c:\pjvdj.exec:\pjvdj.exe60⤵
- Executes dropped EXE
PID:808 -
\??\c:\jdjjj.exec:\jdjjj.exe61⤵
- Executes dropped EXE
PID:1156 -
\??\c:\frllllr.exec:\frllllr.exe62⤵
- Executes dropped EXE
PID:624 -
\??\c:\nnbhnt.exec:\nnbhnt.exe63⤵
- Executes dropped EXE
PID:1476 -
\??\c:\pdjjv.exec:\pdjjv.exe64⤵
- Executes dropped EXE
PID:2952 -
\??\c:\vpdjv.exec:\vpdjv.exe65⤵
- Executes dropped EXE
PID:264 -
\??\c:\rlfxflf.exec:\rlfxflf.exe66⤵PID:2188
-
\??\c:\tnnhhh.exec:\tnnhhh.exe67⤵PID:1480
-
\??\c:\9hhbbt.exec:\9hhbbt.exe68⤵PID:1784
-
\??\c:\jvpjv.exec:\jvpjv.exe69⤵PID:1316
-
\??\c:\lxrlrrx.exec:\lxrlrrx.exe70⤵PID:1540
-
\??\c:\7lflrrr.exec:\7lflrrr.exe71⤵PID:1852
-
\??\c:\bntthb.exec:\bntthb.exe72⤵PID:932
-
\??\c:\9dvdj.exec:\9dvdj.exe73⤵PID:1772
-
\??\c:\xrxrrrr.exec:\xrxrrrr.exe74⤵PID:1788
-
\??\c:\fxllrrr.exec:\fxllrrr.exe75⤵PID:608
-
\??\c:\7tnbbh.exec:\7tnbbh.exe76⤵PID:2260
-
\??\c:\hbnbhh.exec:\hbnbhh.exe77⤵PID:1736
-
\??\c:\3pdvd.exec:\3pdvd.exe78⤵PID:2592
-
\??\c:\5dppp.exec:\5dppp.exe79⤵PID:1584
-
\??\c:\lffrxxl.exec:\lffrxxl.exe80⤵PID:1580
-
\??\c:\hbntbb.exec:\hbntbb.exe81⤵PID:2688
-
\??\c:\htnntb.exec:\htnntb.exe82⤵PID:2372
-
\??\c:\jdvvd.exec:\jdvvd.exe83⤵PID:2600
-
\??\c:\lflllrx.exec:\lflllrx.exe84⤵PID:2924
-
\??\c:\fxxxfff.exec:\fxxxfff.exe85⤵PID:2764
-
\??\c:\3bnhnh.exec:\3bnhnh.exe86⤵PID:2660
-
\??\c:\dpdjj.exec:\dpdjj.exe87⤵PID:2668
-
\??\c:\ddvjj.exec:\ddvjj.exe88⤵PID:2892
-
\??\c:\rrrfxxf.exec:\rrrfxxf.exe89⤵PID:2692
-
\??\c:\7lfflfl.exec:\7lfflfl.exe90⤵PID:2508
-
\??\c:\7nnthn.exec:\7nnthn.exe91⤵PID:2796
-
\??\c:\jdjpj.exec:\jdjpj.exe92⤵PID:3024
-
\??\c:\pjjjj.exec:\pjjjj.exe93⤵PID:2208
-
\??\c:\frxxrxx.exec:\frxxrxx.exe94⤵PID:2740
-
\??\c:\hbhntn.exec:\hbhntn.exe95⤵PID:2896
-
\??\c:\pjpvj.exec:\pjpvj.exe96⤵PID:2848
-
\??\c:\dpdvv.exec:\dpdvv.exe97⤵PID:2904
-
\??\c:\rlrrrrx.exec:\rlrrrrx.exe98⤵PID:1856
-
\??\c:\3fxfxxf.exec:\3fxfxxf.exe99⤵PID:880
-
\??\c:\nbnttn.exec:\nbnttn.exe100⤵PID:1924
-
\??\c:\jvppp.exec:\jvppp.exe101⤵PID:2320
-
\??\c:\dvjpd.exec:\dvjpd.exe102⤵PID:2732
-
\??\c:\lrxxrrr.exec:\lrxxrrr.exe103⤵PID:1280
-
\??\c:\tnbntn.exec:\tnbntn.exe104⤵PID:1604
-
\??\c:\vpvpd.exec:\vpvpd.exe105⤵PID:1744
-
\??\c:\pdjdp.exec:\pdjdp.exe106⤵PID:2068
-
\??\c:\1rrxxrf.exec:\1rrxxrf.exe107⤵PID:2396
-
\??\c:\rlxfrxf.exec:\rlxfrxf.exe108⤵PID:2296
-
\??\c:\bnnhhh.exec:\bnnhhh.exe109⤵PID:536
-
\??\c:\pjjjj.exec:\pjjjj.exe110⤵PID:668
-
\??\c:\dvjpd.exec:\dvjpd.exe111⤵PID:1312
-
\??\c:\3llfllr.exec:\3llfllr.exe112⤵PID:1480
-
\??\c:\rfrrlxl.exec:\rfrrlxl.exe113⤵PID:952
-
\??\c:\tnhtbh.exec:\tnhtbh.exe114⤵PID:2000
-
\??\c:\jddjj.exec:\jddjj.exe115⤵PID:1028
-
\??\c:\rxfflrf.exec:\rxfflrf.exe116⤵PID:1016
-
\??\c:\rlxlrxf.exec:\rlxlrxf.exe117⤵PID:1956
-
\??\c:\9thbtt.exec:\9thbtt.exe118⤵PID:2044
-
\??\c:\vjvvp.exec:\vjvvp.exe119⤵PID:2316
-
\??\c:\dpjdj.exec:\dpjdj.exe120⤵PID:1616
-
\??\c:\rxxrlll.exec:\rxxrlll.exe121⤵PID:3060
-
\??\c:\hbthhn.exec:\hbthhn.exe122⤵PID:1736
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-