Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 13:00
Behavioral task
behavioral1
Sample
c8acb8382a182af334c8e0c6a7743ce0_NeikiAnalytics.exe
Resource
win7-20231129-en
5 signatures
150 seconds
General
-
Target
c8acb8382a182af334c8e0c6a7743ce0_NeikiAnalytics.exe
-
Size
61KB
-
MD5
c8acb8382a182af334c8e0c6a7743ce0
-
SHA1
4b38f70c379bca1e5cd8ee03f85e30a15ba9070b
-
SHA256
781f3b0fed668a05bf0b9b75b130fafb6c8355894240908890090cee5354ee0c
-
SHA512
b7ccb7ee8643264ef5421a76b7a1ba43bfaebd53f513aefa08c17a029bcb337ff179ea9c6ede29d21854a31f00be782e0848a7f516c9511cd248d450f2b94226
-
SSDEEP
1536:zvQBeOGtrYS3srx93UBWfwC6Ggnouy8iT4+EMdpd:zhOmTsF93UYfwC6GIoutiTWMdpd
Malware Config
Signatures
-
Detect Blackmoon payload 38 IoCs
resource yara_rule behavioral1/memory/2044-7-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2328-10-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2564-24-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2600-32-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2732-40-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2148-43-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2508-57-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2608-65-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2548-74-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/3056-88-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2364-91-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1968-113-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2460-126-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2448-135-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2004-150-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1440-158-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2116-185-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2116-191-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1444-201-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1060-214-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/3060-223-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2284-270-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/320-276-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/772-287-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2396-299-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2600-327-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2508-348-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1716-398-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1468-428-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2788-440-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1836-515-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/328-526-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2576-597-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2792-953-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2940-6221-0x0000000076C70000-0x0000000076D6A000-memory.dmp family_blackmoon behavioral1/memory/2940-7035-0x0000000076C70000-0x0000000076D6A000-memory.dmp family_blackmoon behavioral1/memory/2940-8926-0x0000000076D70000-0x0000000076E8F000-memory.dmp family_blackmoon behavioral1/memory/2940-10013-0x0000000076D70000-0x0000000076E8F000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 2328 hnhnnb.exe 2564 5btthh.exe 2600 llfxlxl.exe 2732 9nhntt.exe 2148 bbhhnb.exe 2508 pvvpv.exe 2608 jvddv.exe 2472 llfxrxl.exe 2548 hhbnbh.exe 3056 tnbbtb.exe 2364 pppjv.exe 1416 vdjpj.exe 1900 ffrfrfr.exe 1968 fxxlfrx.exe 2460 7bbbnn.exe 2448 pvdpj.exe 2708 jvdjv.exe 2004 5lxlrrx.exe 1440 xxrlrlx.exe 2796 tnnbbb.exe 1884 dvjpp.exe 2456 1jjjd.exe 2116 xxlxrlf.exe 268 fxfllrx.exe 1444 5bbtbh.exe 1060 9nbhnh.exe 3060 3dvpj.exe 2188 fxrfflr.exe 984 1bntht.exe 1680 tnhhtn.exe 1080 jjdpj.exe 1180 ddpdv.exe 3016 1xlxfrx.exe 2284 lfxfrrx.exe 320 btnbth.exe 2032 bthhtt.exe 772 3pvpj.exe 2948 jjdvd.exe 2396 3rlxxfl.exe 1584 fxrxlrx.exe 2380 tnhtbt.exe 1320 nbhntn.exe 2688 vppdv.exe 2600 nthhbb.exe 2772 hbnttt.exe 3064 vdpjj.exe 2744 dvpjp.exe 2508 frflrlx.exe 2468 xfllflr.exe 2544 3bbhbn.exe 2872 bbhbnh.exe 2180 dpdvv.exe 1924 vpppd.exe 1592 fxrrrfl.exe 952 7xfffxx.exe 956 nbhbbb.exe 1716 btbntt.exe 2704 pjjpv.exe 1636 ppvpv.exe 1912 xxllrfl.exe 1120 7btntt.exe 2708 7hbtbn.exe 1468 vpdjp.exe 2788 pjvjp.exe -
resource yara_rule behavioral1/memory/2044-0-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2044-7-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2328-10-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x000c0000000155f7-8.dat upx behavioral1/files/0x0008000000015c6b-15.dat upx behavioral1/memory/2564-16-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0008000000015c9f-23.dat upx behavioral1/memory/2564-24-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2600-32-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0007000000015cb6-31.dat upx behavioral1/memory/2732-40-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0007000000015cce-39.dat upx behavioral1/memory/2148-43-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x000a000000015cee-48.dat upx behavioral1/memory/2508-49-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x000a000000015cf6-55.dat upx behavioral1/memory/2508-57-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2608-65-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0009000000015d07-64.dat upx behavioral1/files/0x0007000000015d0f-72.dat upx behavioral1/memory/2548-74-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0007000000015d1a-80.dat upx behavioral1/memory/3056-88-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0007000000015d27-87.dat upx behavioral1/memory/2364-91-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000015d31-96.dat upx behavioral1/files/0x0006000000015d98-103.dat upx behavioral1/memory/1900-104-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000015df1-111.dat upx behavioral1/memory/1968-113-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000015f01-119.dat upx behavioral1/memory/2460-126-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000015f7a-127.dat upx behavioral1/memory/2448-135-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x00060000000160af-134.dat upx behavioral1/files/0x0006000000016176-142.dat upx behavioral1/files/0x0006000000016287-148.dat upx behavioral1/memory/1440-151-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2004-150-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000016448-159.dat upx behavioral1/memory/1440-158-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2796-166-0x0000000000220000-0x0000000000247000-memory.dmp upx behavioral1/files/0x000600000001650c-167.dat upx behavioral1/files/0x00060000000165ae-174.dat upx behavioral1/memory/2456-181-0x00000000003C0000-0x00000000003E7000-memory.dmp upx behavioral1/files/0x00060000000167d5-183.dat upx behavioral1/memory/2116-185-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000016a29-192.dat upx behavioral1/memory/2116-191-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000016be2-199.dat upx behavioral1/memory/1444-201-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000016bfb-207.dat upx behavioral1/memory/1060-214-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000016c04-215.dat upx behavioral1/memory/3060-216-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/3060-223-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000016c51-224.dat upx behavioral1/memory/2796-225-0x0000000000220000-0x0000000000247000-memory.dmp upx behavioral1/files/0x0006000000016c7c-232.dat upx behavioral1/files/0x0006000000016ca5-239.dat upx behavioral1/files/0x0006000000016cb6-246.dat upx behavioral1/files/0x0006000000016cbe-253.dat upx behavioral1/memory/2284-270-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/320-276-0x0000000000400000-0x0000000000427000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2044 wrote to memory of 2328 2044 c8acb8382a182af334c8e0c6a7743ce0_NeikiAnalytics.exe 28 PID 2044 wrote to memory of 2328 2044 c8acb8382a182af334c8e0c6a7743ce0_NeikiAnalytics.exe 28 PID 2044 wrote to memory of 2328 2044 c8acb8382a182af334c8e0c6a7743ce0_NeikiAnalytics.exe 28 PID 2044 wrote to memory of 2328 2044 c8acb8382a182af334c8e0c6a7743ce0_NeikiAnalytics.exe 28 PID 2328 wrote to memory of 2564 2328 hnhnnb.exe 29 PID 2328 wrote to memory of 2564 2328 hnhnnb.exe 29 PID 2328 wrote to memory of 2564 2328 hnhnnb.exe 29 PID 2328 wrote to memory of 2564 2328 hnhnnb.exe 29 PID 2564 wrote to memory of 2600 2564 5btthh.exe 30 PID 2564 wrote to memory of 2600 2564 5btthh.exe 30 PID 2564 wrote to memory of 2600 2564 5btthh.exe 30 PID 2564 wrote to memory of 2600 2564 5btthh.exe 30 PID 2600 wrote to memory of 2732 2600 llfxlxl.exe 31 PID 2600 wrote to memory of 2732 2600 llfxlxl.exe 31 PID 2600 wrote to memory of 2732 2600 llfxlxl.exe 31 PID 2600 wrote to memory of 2732 2600 llfxlxl.exe 31 PID 2732 wrote to memory of 2148 2732 9nhntt.exe 32 PID 2732 wrote to memory of 2148 2732 9nhntt.exe 32 PID 2732 wrote to memory of 2148 2732 9nhntt.exe 32 PID 2732 wrote to memory of 2148 2732 9nhntt.exe 32 PID 2148 wrote to memory of 2508 2148 bbhhnb.exe 33 PID 2148 wrote to memory of 2508 2148 bbhhnb.exe 33 PID 2148 wrote to memory of 2508 2148 bbhhnb.exe 33 PID 2148 wrote to memory of 2508 2148 bbhhnb.exe 33 PID 2508 wrote to memory of 2608 2508 pvvpv.exe 34 PID 2508 wrote to memory of 2608 2508 pvvpv.exe 34 PID 2508 wrote to memory of 2608 2508 pvvpv.exe 34 PID 2508 wrote to memory of 2608 2508 pvvpv.exe 34 PID 2608 wrote to memory of 2472 2608 jvddv.exe 35 PID 2608 wrote to memory of 2472 2608 jvddv.exe 35 PID 2608 wrote to memory of 2472 2608 jvddv.exe 35 PID 2608 wrote to memory of 2472 2608 jvddv.exe 35 PID 2472 wrote to memory of 2548 2472 llfxrxl.exe 36 PID 2472 wrote to memory of 2548 2472 llfxrxl.exe 36 PID 2472 wrote to memory of 2548 2472 llfxrxl.exe 36 PID 2472 wrote to memory of 2548 2472 llfxrxl.exe 36 PID 2548 wrote to memory of 3056 2548 hhbnbh.exe 37 PID 2548 wrote to memory of 3056 2548 hhbnbh.exe 37 PID 2548 wrote to memory of 3056 2548 hhbnbh.exe 37 PID 2548 wrote to memory of 3056 2548 hhbnbh.exe 37 PID 3056 wrote to memory of 2364 3056 tnbbtb.exe 38 PID 3056 wrote to memory of 2364 3056 tnbbtb.exe 38 PID 3056 wrote to memory of 2364 3056 tnbbtb.exe 38 PID 3056 wrote to memory of 2364 3056 tnbbtb.exe 38 PID 2364 wrote to memory of 1416 2364 pppjv.exe 39 PID 2364 wrote to memory of 1416 2364 pppjv.exe 39 PID 2364 wrote to memory of 1416 2364 pppjv.exe 39 PID 2364 wrote to memory of 1416 2364 pppjv.exe 39 PID 1416 wrote to memory of 1900 1416 vdjpj.exe 40 PID 1416 wrote to memory of 1900 1416 vdjpj.exe 40 PID 1416 wrote to memory of 1900 1416 vdjpj.exe 40 PID 1416 wrote to memory of 1900 1416 vdjpj.exe 40 PID 1900 wrote to memory of 1968 1900 ffrfrfr.exe 41 PID 1900 wrote to memory of 1968 1900 ffrfrfr.exe 41 PID 1900 wrote to memory of 1968 1900 ffrfrfr.exe 41 PID 1900 wrote to memory of 1968 1900 ffrfrfr.exe 41 PID 1968 wrote to memory of 2460 1968 fxxlfrx.exe 42 PID 1968 wrote to memory of 2460 1968 fxxlfrx.exe 42 PID 1968 wrote to memory of 2460 1968 fxxlfrx.exe 42 PID 1968 wrote to memory of 2460 1968 fxxlfrx.exe 42 PID 2460 wrote to memory of 2448 2460 7bbbnn.exe 43 PID 2460 wrote to memory of 2448 2460 7bbbnn.exe 43 PID 2460 wrote to memory of 2448 2460 7bbbnn.exe 43 PID 2460 wrote to memory of 2448 2460 7bbbnn.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\c8acb8382a182af334c8e0c6a7743ce0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\c8acb8382a182af334c8e0c6a7743ce0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2044 -
\??\c:\hnhnnb.exec:\hnhnnb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2328 -
\??\c:\5btthh.exec:\5btthh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2564 -
\??\c:\llfxlxl.exec:\llfxlxl.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2600 -
\??\c:\9nhntt.exec:\9nhntt.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2732 -
\??\c:\bbhhnb.exec:\bbhhnb.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2148 -
\??\c:\pvvpv.exec:\pvvpv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2508 -
\??\c:\jvddv.exec:\jvddv.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2608 -
\??\c:\llfxrxl.exec:\llfxrxl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2472 -
\??\c:\hhbnbh.exec:\hhbnbh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2548 -
\??\c:\tnbbtb.exec:\tnbbtb.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3056 -
\??\c:\pppjv.exec:\pppjv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2364 -
\??\c:\vdjpj.exec:\vdjpj.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1416 -
\??\c:\ffrfrfr.exec:\ffrfrfr.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1900 -
\??\c:\fxxlfrx.exec:\fxxlfrx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1968 -
\??\c:\7bbbnn.exec:\7bbbnn.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2460 -
\??\c:\pvdpj.exec:\pvdpj.exe17⤵
- Executes dropped EXE
PID:2448 -
\??\c:\jvdjv.exec:\jvdjv.exe18⤵
- Executes dropped EXE
PID:2708 -
\??\c:\5lxlrrx.exec:\5lxlrrx.exe19⤵
- Executes dropped EXE
PID:2004 -
\??\c:\xxrlrlx.exec:\xxrlrlx.exe20⤵
- Executes dropped EXE
PID:1440 -
\??\c:\tnnbbb.exec:\tnnbbb.exe21⤵
- Executes dropped EXE
PID:2796 -
\??\c:\dvjpp.exec:\dvjpp.exe22⤵
- Executes dropped EXE
PID:1884 -
\??\c:\1jjjd.exec:\1jjjd.exe23⤵
- Executes dropped EXE
PID:2456 -
\??\c:\xxlxrlf.exec:\xxlxrlf.exe24⤵
- Executes dropped EXE
PID:2116 -
\??\c:\fxfllrx.exec:\fxfllrx.exe25⤵
- Executes dropped EXE
PID:268 -
\??\c:\5bbtbh.exec:\5bbtbh.exe26⤵
- Executes dropped EXE
PID:1444 -
\??\c:\9nbhnh.exec:\9nbhnh.exe27⤵
- Executes dropped EXE
PID:1060 -
\??\c:\3dvpj.exec:\3dvpj.exe28⤵
- Executes dropped EXE
PID:3060 -
\??\c:\fxrfflr.exec:\fxrfflr.exe29⤵
- Executes dropped EXE
PID:2188 -
\??\c:\1bntht.exec:\1bntht.exe30⤵
- Executes dropped EXE
PID:984 -
\??\c:\tnhhtn.exec:\tnhhtn.exe31⤵
- Executes dropped EXE
PID:1680 -
\??\c:\jjdpj.exec:\jjdpj.exe32⤵
- Executes dropped EXE
PID:1080 -
\??\c:\ddpdv.exec:\ddpdv.exe33⤵
- Executes dropped EXE
PID:1180 -
\??\c:\1xlxfrx.exec:\1xlxfrx.exe34⤵
- Executes dropped EXE
PID:3016 -
\??\c:\lfxfrrx.exec:\lfxfrrx.exe35⤵
- Executes dropped EXE
PID:2284 -
\??\c:\btnbth.exec:\btnbth.exe36⤵
- Executes dropped EXE
PID:320 -
\??\c:\bthhtt.exec:\bthhtt.exe37⤵
- Executes dropped EXE
PID:2032 -
\??\c:\3pvpj.exec:\3pvpj.exe38⤵
- Executes dropped EXE
PID:772 -
\??\c:\jjdvd.exec:\jjdvd.exe39⤵
- Executes dropped EXE
PID:2948 -
\??\c:\3rlxxfl.exec:\3rlxxfl.exe40⤵
- Executes dropped EXE
PID:2396 -
\??\c:\fxrxlrx.exec:\fxrxlrx.exe41⤵
- Executes dropped EXE
PID:1584 -
\??\c:\tnhtbt.exec:\tnhtbt.exe42⤵
- Executes dropped EXE
PID:2380 -
\??\c:\nbhntn.exec:\nbhntn.exe43⤵
- Executes dropped EXE
PID:1320 -
\??\c:\vppdv.exec:\vppdv.exe44⤵
- Executes dropped EXE
PID:2688 -
\??\c:\nthhbb.exec:\nthhbb.exe45⤵
- Executes dropped EXE
PID:2600 -
\??\c:\hbnttt.exec:\hbnttt.exe46⤵
- Executes dropped EXE
PID:2772 -
\??\c:\vdpjj.exec:\vdpjj.exe47⤵
- Executes dropped EXE
PID:3064 -
\??\c:\dvpjp.exec:\dvpjp.exe48⤵
- Executes dropped EXE
PID:2744 -
\??\c:\frflrlx.exec:\frflrlx.exe49⤵
- Executes dropped EXE
PID:2508 -
\??\c:\xfllflr.exec:\xfllflr.exe50⤵
- Executes dropped EXE
PID:2468 -
\??\c:\3bbhbn.exec:\3bbhbn.exe51⤵
- Executes dropped EXE
PID:2544 -
\??\c:\bbhbnh.exec:\bbhbnh.exe52⤵
- Executes dropped EXE
PID:2872 -
\??\c:\dpdvv.exec:\dpdvv.exe53⤵
- Executes dropped EXE
PID:2180 -
\??\c:\vpppd.exec:\vpppd.exe54⤵
- Executes dropped EXE
PID:1924 -
\??\c:\fxrrrfl.exec:\fxrrrfl.exe55⤵
- Executes dropped EXE
PID:1592 -
\??\c:\7xfffxx.exec:\7xfffxx.exe56⤵
- Executes dropped EXE
PID:952 -
\??\c:\nbhbbb.exec:\nbhbbb.exe57⤵
- Executes dropped EXE
PID:956 -
\??\c:\btbntt.exec:\btbntt.exe58⤵
- Executes dropped EXE
PID:1716 -
\??\c:\pjjpv.exec:\pjjpv.exe59⤵
- Executes dropped EXE
PID:2704 -
\??\c:\ppvpv.exec:\ppvpv.exe60⤵
- Executes dropped EXE
PID:1636 -
\??\c:\xxllrfl.exec:\xxllrfl.exe61⤵
- Executes dropped EXE
PID:1912 -
\??\c:\7btntt.exec:\7btntt.exe62⤵
- Executes dropped EXE
PID:1120 -
\??\c:\7hbtbn.exec:\7hbtbn.exe63⤵
- Executes dropped EXE
PID:2708 -
\??\c:\vpdjp.exec:\vpdjp.exe64⤵
- Executes dropped EXE
PID:1468 -
\??\c:\pjvjp.exec:\pjvjp.exe65⤵
- Executes dropped EXE
PID:2788 -
\??\c:\rfxrxll.exec:\rfxrxll.exe66⤵PID:2016
-
\??\c:\nhtthh.exec:\nhtthh.exe67⤵PID:2052
-
\??\c:\9btttt.exec:\9btttt.exe68⤵PID:2696
-
\??\c:\ddpvd.exec:\ddpvd.exe69⤵PID:324
-
\??\c:\pdjdd.exec:\pdjdd.exe70⤵PID:2024
-
\??\c:\xlrxfxx.exec:\xlrxfxx.exe71⤵PID:1244
-
\??\c:\fxlfllx.exec:\fxlfllx.exe72⤵PID:1520
-
\??\c:\1nnnhn.exec:\1nnnhn.exe73⤵PID:556
-
\??\c:\ddpvd.exec:\ddpvd.exe74⤵PID:2440
-
\??\c:\dpdjj.exec:\dpdjj.exe75⤵PID:1256
-
\??\c:\7xlfflx.exec:\7xlfflx.exe76⤵PID:1528
-
\??\c:\1rflxff.exec:\1rflxff.exe77⤵PID:1964
-
\??\c:\7htntt.exec:\7htntt.exe78⤵PID:1568
-
\??\c:\hnbttn.exec:\hnbttn.exe79⤵PID:1428
-
\??\c:\5vppp.exec:\5vppp.exe80⤵PID:1836
-
\??\c:\1pjjj.exec:\1pjjj.exe81⤵PID:376
-
\??\c:\lxrxffl.exec:\lxrxffl.exe82⤵PID:328
-
\??\c:\fxrxfxx.exec:\fxrxfxx.exe83⤵PID:1788
-
\??\c:\hnnbbn.exec:\hnnbbn.exe84⤵PID:3008
-
\??\c:\ppjdv.exec:\ppjdv.exe85⤵PID:1064
-
\??\c:\jdpdv.exec:\jdpdv.exe86⤵PID:892
-
\??\c:\rffrxxl.exec:\rffrxxl.exe87⤵PID:3020
-
\??\c:\9lffxxl.exec:\9lffxxl.exe88⤵PID:1996
-
\??\c:\nbntbb.exec:\nbntbb.exe89⤵PID:2344
-
\??\c:\nnhbnt.exec:\nnhbnt.exe90⤵PID:1844
-
\??\c:\jpvjv.exec:\jpvjv.exe91⤵PID:1612
-
\??\c:\dvdvp.exec:\dvdvp.exe92⤵PID:2388
-
\??\c:\frfrlrr.exec:\frfrlrr.exe93⤵PID:2672
-
\??\c:\9frxrlx.exec:\9frxrlx.exe94⤵PID:2576
-
\??\c:\btbhnn.exec:\btbhnn.exe95⤵PID:2892
-
\??\c:\1jvpv.exec:\1jvpv.exe96⤵PID:2736
-
\??\c:\7dpvd.exec:\7dpvd.exe97⤵PID:2588
-
\??\c:\5jvjj.exec:\5jvjj.exe98⤵PID:2572
-
\??\c:\rrxrxrx.exec:\rrxrxrx.exe99⤵PID:2512
-
\??\c:\tbbttn.exec:\tbbttn.exe100⤵PID:2608
-
\??\c:\9thhnt.exec:\9thhnt.exe101⤵PID:2476
-
\??\c:\vpddd.exec:\vpddd.exe102⤵PID:2176
-
\??\c:\9dpvj.exec:\9dpvj.exe103⤵PID:3000
-
\??\c:\fffrxfl.exec:\fffrxfl.exe104⤵PID:2180
-
\??\c:\9rfrflx.exec:\9rfrflx.exe105⤵PID:2156
-
\??\c:\rrlxllf.exec:\rrlxllf.exe106⤵PID:2356
-
\??\c:\hbbtbb.exec:\hbbtbb.exe107⤵PID:1944
-
\??\c:\tnhtbb.exec:\tnhtbb.exe108⤵PID:1904
-
\??\c:\1dvjv.exec:\1dvjv.exe109⤵PID:1700
-
\??\c:\9pjpv.exec:\9pjpv.exe110⤵PID:1928
-
\??\c:\3lxrflr.exec:\3lxrflr.exe111⤵PID:2792
-
\??\c:\9xrrlrf.exec:\9xrrlrf.exe112⤵PID:2656
-
\??\c:\fxffxxf.exec:\fxffxxf.exe113⤵PID:1544
-
\??\c:\1ttnbn.exec:\1ttnbn.exe114⤵PID:1324
-
\??\c:\nhnhnt.exec:\nhnhnt.exe115⤵PID:1932
-
\??\c:\jdpdj.exec:\jdpdj.exe116⤵PID:2864
-
\??\c:\jddjd.exec:\jddjd.exe117⤵PID:2828
-
\??\c:\5rlrffl.exec:\5rlrffl.exe118⤵PID:2064
-
\??\c:\9fxlxrf.exec:\9fxlxrf.exe119⤵PID:2052
-
\??\c:\9ntbhh.exec:\9ntbhh.exe120⤵PID:2916
-
\??\c:\pdjjd.exec:\pdjjd.exe121⤵PID:2920
-
\??\c:\5pvjj.exec:\5pvjj.exe122⤵PID:600
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-