Analysis
-
max time kernel
150s -
max time network
126s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 13:00
Behavioral task
behavioral1
Sample
c8acb8382a182af334c8e0c6a7743ce0_NeikiAnalytics.exe
Resource
win7-20231129-en
5 signatures
150 seconds
General
-
Target
c8acb8382a182af334c8e0c6a7743ce0_NeikiAnalytics.exe
-
Size
61KB
-
MD5
c8acb8382a182af334c8e0c6a7743ce0
-
SHA1
4b38f70c379bca1e5cd8ee03f85e30a15ba9070b
-
SHA256
781f3b0fed668a05bf0b9b75b130fafb6c8355894240908890090cee5354ee0c
-
SHA512
b7ccb7ee8643264ef5421a76b7a1ba43bfaebd53f513aefa08c17a029bcb337ff179ea9c6ede29d21854a31f00be782e0848a7f516c9511cd248d450f2b94226
-
SSDEEP
1536:zvQBeOGtrYS3srx93UBWfwC6Ggnouy8iT4+EMdpd:zhOmTsF93UYfwC6GIoutiTWMdpd
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral2/memory/4744-7-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/448-16-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1404-15-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1436-20-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5092-26-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3724-28-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1112-33-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4440-42-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/704-38-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3152-51-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/972-57-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3180-59-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2708-71-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2700-75-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4224-80-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4072-85-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1616-95-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3920-101-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1968-103-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3764-112-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3028-117-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4764-123-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4952-127-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2360-150-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4412-155-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1404-159-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5036-163-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4012-167-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1740-172-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/924-177-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3696-186-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1692-189-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1020-201-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3160-205-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/384-208-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4836-211-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2740-214-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/324-231-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2880-238-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1732-239-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3008-247-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1028-251-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4772-256-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5092-258-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2884-262-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2376-275-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4636-278-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1480-285-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2428-306-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/324-323-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2468-346-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2996-363-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3160-374-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3892-387-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/552-426-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1460-458-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1708-498-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4408-538-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4408-540-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4972-543-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/412-624-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3572-745-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1596-750-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2376-886-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 1404 7jpjd.exe 448 rfllfxx.exe 1436 lfxxrxr.exe 5092 ttthht.exe 3724 vppjd.exe 1112 lrxrlxr.exe 704 rlxxffr.exe 4440 thntbb.exe 3152 dvppp.exe 972 9ppjd.exe 3180 fflflll.exe 2028 bbbttn.exe 2708 5bhhhh.exe 2700 3jpjd.exe 4224 dpvpj.exe 4072 xlfxxrx.exe 2228 httttt.exe 1616 1jjdd.exe 3920 pvvpj.exe 1968 lfxxrrr.exe 1888 bnbnhh.exe 3764 bhtttt.exe 3028 pvddv.exe 4764 9jvpv.exe 4952 rlfxrrr.exe 5016 rflfxfx.exe 4900 tbthnb.exe 4872 htnnhh.exe 4652 pddvp.exe 2360 rrxrfff.exe 4412 ffllfff.exe 1404 flxxrrr.exe 2788 thtnnt.exe 5036 ddvvp.exe 4012 jjvjp.exe 764 rrlfxxx.exe 1740 tnbtnt.exe 704 dvvvj.exe 924 pvvpj.exe 4304 xrlxlxx.exe 4636 hnnhtt.exe 2340 htbhbt.exe 3696 1pjjj.exe 1692 7jvvp.exe 1776 flrlxxx.exe 3168 nhbbbb.exe 2212 jdddd.exe 2700 vdddp.exe 4436 fxfxrxf.exe 1020 lfrxfff.exe 3160 hntttb.exe 384 nhhnnt.exe 4836 dpvdd.exe 2740 rrlrllf.exe 3836 9lfffll.exe 4680 bbbnhh.exe 3892 1nnnhh.exe 3432 jpjdv.exe 3720 5pppj.exe 3292 lfrlllf.exe 3028 bttttn.exe 324 vjvvv.exe 2600 frrlffx.exe 4912 3rlfxrl.exe -
resource yara_rule behavioral2/memory/4744-0-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00090000000235db-3.dat upx behavioral2/memory/4744-7-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1404-4-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000235e2-13.dat upx behavioral2/memory/448-16-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1404-15-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00080000000235de-10.dat upx behavioral2/memory/1436-20-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000235e3-19.dat upx behavioral2/files/0x00070000000235e5-24.dat upx behavioral2/memory/5092-26-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3724-28-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000235e6-31.dat upx behavioral2/memory/1112-33-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000235e7-35.dat upx behavioral2/files/0x00070000000235e8-41.dat upx behavioral2/memory/4440-42-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000235e9-45.dat upx behavioral2/memory/3152-47-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/704-38-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000235ea-50.dat upx behavioral2/memory/3152-51-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/972-57-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000235eb-56.dat upx behavioral2/memory/3180-59-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000235ec-61.dat upx behavioral2/files/0x00070000000235ed-65.dat upx behavioral2/files/0x00070000000235ee-69.dat upx behavioral2/memory/2708-71-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2700-75-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000235ef-74.dat upx behavioral2/files/0x00070000000235f0-79.dat upx behavioral2/memory/4224-80-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000235f1-84.dat upx behavioral2/memory/4072-85-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000235f2-89.dat upx behavioral2/memory/1616-91-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1616-95-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000235f3-94.dat upx behavioral2/files/0x00070000000235f4-99.dat upx behavioral2/memory/3920-101-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1968-103-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000235f5-105.dat upx behavioral2/files/0x00070000000235f6-109.dat upx behavioral2/memory/3764-112-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000235f7-114.dat upx behavioral2/memory/3028-117-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000235f8-120.dat upx behavioral2/files/0x00070000000235f9-124.dat upx behavioral2/memory/4764-123-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4952-127-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x00070000000235fa-129.dat upx behavioral2/files/0x00070000000235fb-133.dat upx behavioral2/files/0x00070000000235fc-137.dat upx behavioral2/files/0x00070000000235fd-141.dat upx behavioral2/files/0x00070000000235fe-146.dat upx behavioral2/files/0x00070000000235ff-151.dat upx behavioral2/memory/2360-150-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4412-155-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023600-156.dat upx behavioral2/memory/1404-159-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/5036-163-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4012-167-0x0000000000400000-0x0000000000427000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4744 wrote to memory of 1404 4744 c8acb8382a182af334c8e0c6a7743ce0_NeikiAnalytics.exe 92 PID 4744 wrote to memory of 1404 4744 c8acb8382a182af334c8e0c6a7743ce0_NeikiAnalytics.exe 92 PID 4744 wrote to memory of 1404 4744 c8acb8382a182af334c8e0c6a7743ce0_NeikiAnalytics.exe 92 PID 1404 wrote to memory of 448 1404 7jpjd.exe 93 PID 1404 wrote to memory of 448 1404 7jpjd.exe 93 PID 1404 wrote to memory of 448 1404 7jpjd.exe 93 PID 448 wrote to memory of 1436 448 rfllfxx.exe 94 PID 448 wrote to memory of 1436 448 rfllfxx.exe 94 PID 448 wrote to memory of 1436 448 rfllfxx.exe 94 PID 1436 wrote to memory of 5092 1436 lfxxrxr.exe 95 PID 1436 wrote to memory of 5092 1436 lfxxrxr.exe 95 PID 1436 wrote to memory of 5092 1436 lfxxrxr.exe 95 PID 5092 wrote to memory of 3724 5092 ttthht.exe 96 PID 5092 wrote to memory of 3724 5092 ttthht.exe 96 PID 5092 wrote to memory of 3724 5092 ttthht.exe 96 PID 3724 wrote to memory of 1112 3724 vppjd.exe 97 PID 3724 wrote to memory of 1112 3724 vppjd.exe 97 PID 3724 wrote to memory of 1112 3724 vppjd.exe 97 PID 1112 wrote to memory of 704 1112 lrxrlxr.exe 98 PID 1112 wrote to memory of 704 1112 lrxrlxr.exe 98 PID 1112 wrote to memory of 704 1112 lrxrlxr.exe 98 PID 704 wrote to memory of 4440 704 rlxxffr.exe 99 PID 704 wrote to memory of 4440 704 rlxxffr.exe 99 PID 704 wrote to memory of 4440 704 rlxxffr.exe 99 PID 4440 wrote to memory of 3152 4440 thntbb.exe 100 PID 4440 wrote to memory of 3152 4440 thntbb.exe 100 PID 4440 wrote to memory of 3152 4440 thntbb.exe 100 PID 3152 wrote to memory of 972 3152 dvppp.exe 101 PID 3152 wrote to memory of 972 3152 dvppp.exe 101 PID 3152 wrote to memory of 972 3152 dvppp.exe 101 PID 972 wrote to memory of 3180 972 9ppjd.exe 103 PID 972 wrote to memory of 3180 972 9ppjd.exe 103 PID 972 wrote to memory of 3180 972 9ppjd.exe 103 PID 3180 wrote to memory of 2028 3180 fflflll.exe 104 PID 3180 wrote to memory of 2028 3180 fflflll.exe 104 PID 3180 wrote to memory of 2028 3180 fflflll.exe 104 PID 2028 wrote to memory of 2708 2028 bbbttn.exe 105 PID 2028 wrote to memory of 2708 2028 bbbttn.exe 105 PID 2028 wrote to memory of 2708 2028 bbbttn.exe 105 PID 2708 wrote to memory of 2700 2708 5bhhhh.exe 106 PID 2708 wrote to memory of 2700 2708 5bhhhh.exe 106 PID 2708 wrote to memory of 2700 2708 5bhhhh.exe 106 PID 2700 wrote to memory of 4224 2700 3jpjd.exe 107 PID 2700 wrote to memory of 4224 2700 3jpjd.exe 107 PID 2700 wrote to memory of 4224 2700 3jpjd.exe 107 PID 4224 wrote to memory of 4072 4224 dpvpj.exe 108 PID 4224 wrote to memory of 4072 4224 dpvpj.exe 108 PID 4224 wrote to memory of 4072 4224 dpvpj.exe 108 PID 4072 wrote to memory of 2228 4072 xlfxxrx.exe 109 PID 4072 wrote to memory of 2228 4072 xlfxxrx.exe 109 PID 4072 wrote to memory of 2228 4072 xlfxxrx.exe 109 PID 2228 wrote to memory of 1616 2228 httttt.exe 110 PID 2228 wrote to memory of 1616 2228 httttt.exe 110 PID 2228 wrote to memory of 1616 2228 httttt.exe 110 PID 1616 wrote to memory of 3920 1616 1jjdd.exe 111 PID 1616 wrote to memory of 3920 1616 1jjdd.exe 111 PID 1616 wrote to memory of 3920 1616 1jjdd.exe 111 PID 3920 wrote to memory of 1968 3920 pvvpj.exe 113 PID 3920 wrote to memory of 1968 3920 pvvpj.exe 113 PID 3920 wrote to memory of 1968 3920 pvvpj.exe 113 PID 1968 wrote to memory of 1888 1968 lfxxrrr.exe 114 PID 1968 wrote to memory of 1888 1968 lfxxrrr.exe 114 PID 1968 wrote to memory of 1888 1968 lfxxrrr.exe 114 PID 1888 wrote to memory of 3764 1888 bnbnhh.exe 115
Processes
-
C:\Users\Admin\AppData\Local\Temp\c8acb8382a182af334c8e0c6a7743ce0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\c8acb8382a182af334c8e0c6a7743ce0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4744 -
\??\c:\7jpjd.exec:\7jpjd.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1404 -
\??\c:\rfllfxx.exec:\rfllfxx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:448 -
\??\c:\lfxxrxr.exec:\lfxxrxr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1436 -
\??\c:\ttthht.exec:\ttthht.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5092 -
\??\c:\vppjd.exec:\vppjd.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3724 -
\??\c:\lrxrlxr.exec:\lrxrlxr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1112 -
\??\c:\rlxxffr.exec:\rlxxffr.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:704 -
\??\c:\thntbb.exec:\thntbb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4440 -
\??\c:\dvppp.exec:\dvppp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3152 -
\??\c:\9ppjd.exec:\9ppjd.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:972 -
\??\c:\fflflll.exec:\fflflll.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3180 -
\??\c:\bbbttn.exec:\bbbttn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2028 -
\??\c:\5bhhhh.exec:\5bhhhh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2708 -
\??\c:\3jpjd.exec:\3jpjd.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2700 -
\??\c:\dpvpj.exec:\dpvpj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4224 -
\??\c:\xlfxxrx.exec:\xlfxxrx.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4072 -
\??\c:\httttt.exec:\httttt.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2228 -
\??\c:\1jjdd.exec:\1jjdd.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1616 -
\??\c:\pvvpj.exec:\pvvpj.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3920 -
\??\c:\lfxxrrr.exec:\lfxxrrr.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1968 -
\??\c:\bnbnhh.exec:\bnbnhh.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1888 -
\??\c:\bhtttt.exec:\bhtttt.exe23⤵
- Executes dropped EXE
PID:3764 -
\??\c:\pvddv.exec:\pvddv.exe24⤵
- Executes dropped EXE
PID:3028 -
\??\c:\9jvpv.exec:\9jvpv.exe25⤵
- Executes dropped EXE
PID:4764 -
\??\c:\rlfxrrr.exec:\rlfxrrr.exe26⤵
- Executes dropped EXE
PID:4952 -
\??\c:\rflfxfx.exec:\rflfxfx.exe27⤵
- Executes dropped EXE
PID:5016 -
\??\c:\tbthnb.exec:\tbthnb.exe28⤵
- Executes dropped EXE
PID:4900 -
\??\c:\htnnhh.exec:\htnnhh.exe29⤵
- Executes dropped EXE
PID:4872 -
\??\c:\pddvp.exec:\pddvp.exe30⤵
- Executes dropped EXE
PID:4652 -
\??\c:\rrxrfff.exec:\rrxrfff.exe31⤵
- Executes dropped EXE
PID:2360 -
\??\c:\ffllfff.exec:\ffllfff.exe32⤵
- Executes dropped EXE
PID:4412 -
\??\c:\flxxrrr.exec:\flxxrrr.exe33⤵
- Executes dropped EXE
PID:1404 -
\??\c:\thtnnt.exec:\thtnnt.exe34⤵
- Executes dropped EXE
PID:2788 -
\??\c:\ddvvp.exec:\ddvvp.exe35⤵
- Executes dropped EXE
PID:5036 -
\??\c:\jjvjp.exec:\jjvjp.exe36⤵
- Executes dropped EXE
PID:4012 -
\??\c:\rrlfxxx.exec:\rrlfxxx.exe37⤵
- Executes dropped EXE
PID:764 -
\??\c:\tnbtnt.exec:\tnbtnt.exe38⤵
- Executes dropped EXE
PID:1740 -
\??\c:\dvvvj.exec:\dvvvj.exe39⤵
- Executes dropped EXE
PID:704 -
\??\c:\pvvpj.exec:\pvvpj.exe40⤵
- Executes dropped EXE
PID:924 -
\??\c:\xrlxlxx.exec:\xrlxlxx.exe41⤵
- Executes dropped EXE
PID:4304 -
\??\c:\hnnhtt.exec:\hnnhtt.exe42⤵
- Executes dropped EXE
PID:4636 -
\??\c:\htbhbt.exec:\htbhbt.exe43⤵
- Executes dropped EXE
PID:2340 -
\??\c:\1pjjj.exec:\1pjjj.exe44⤵
- Executes dropped EXE
PID:3696 -
\??\c:\7jvvp.exec:\7jvvp.exe45⤵
- Executes dropped EXE
PID:1692 -
\??\c:\flrlxxx.exec:\flrlxxx.exe46⤵
- Executes dropped EXE
PID:1776 -
\??\c:\nhbbbb.exec:\nhbbbb.exe47⤵
- Executes dropped EXE
PID:3168 -
\??\c:\jdddd.exec:\jdddd.exe48⤵
- Executes dropped EXE
PID:2212 -
\??\c:\vdddp.exec:\vdddp.exe49⤵
- Executes dropped EXE
PID:2700 -
\??\c:\fxfxrxf.exec:\fxfxrxf.exe50⤵
- Executes dropped EXE
PID:4436 -
\??\c:\lfrxfff.exec:\lfrxfff.exe51⤵
- Executes dropped EXE
PID:1020 -
\??\c:\hntttb.exec:\hntttb.exe52⤵
- Executes dropped EXE
PID:3160 -
\??\c:\nhhnnt.exec:\nhhnnt.exe53⤵
- Executes dropped EXE
PID:384 -
\??\c:\dpvdd.exec:\dpvdd.exe54⤵
- Executes dropped EXE
PID:4836 -
\??\c:\rrlrllf.exec:\rrlrllf.exe55⤵
- Executes dropped EXE
PID:2740 -
\??\c:\9lfffll.exec:\9lfffll.exe56⤵
- Executes dropped EXE
PID:3836 -
\??\c:\bbbnhh.exec:\bbbnhh.exe57⤵
- Executes dropped EXE
PID:4680 -
\??\c:\1nnnhh.exec:\1nnnhh.exe58⤵
- Executes dropped EXE
PID:3892 -
\??\c:\jpjdv.exec:\jpjdv.exe59⤵
- Executes dropped EXE
PID:3432 -
\??\c:\5pppj.exec:\5pppj.exe60⤵
- Executes dropped EXE
PID:3720 -
\??\c:\lfrlllf.exec:\lfrlllf.exe61⤵
- Executes dropped EXE
PID:3292 -
\??\c:\bttttn.exec:\bttttn.exe62⤵
- Executes dropped EXE
PID:3028 -
\??\c:\vjvvv.exec:\vjvvv.exe63⤵
- Executes dropped EXE
PID:324 -
\??\c:\frrlffx.exec:\frrlffx.exe64⤵
- Executes dropped EXE
PID:2600 -
\??\c:\3rlfxrl.exec:\3rlfxrl.exe65⤵
- Executes dropped EXE
PID:4912 -
\??\c:\tnhtnn.exec:\tnhtnn.exe66⤵PID:2880
-
\??\c:\hnnnnn.exec:\hnnnnn.exe67⤵PID:1892
-
\??\c:\vjdvp.exec:\vjdvp.exe68⤵PID:1732
-
\??\c:\xrrlrlr.exec:\xrrlrlr.exe69⤵PID:4160
-
\??\c:\xlrllrl.exec:\xlrllrl.exe70⤵PID:2384
-
\??\c:\nbhhbb.exec:\nbhhbb.exe71⤵PID:3008
-
\??\c:\5nnnnn.exec:\5nnnnn.exe72⤵PID:1028
-
\??\c:\jddjp.exec:\jddjp.exe73⤵PID:4768
-
\??\c:\ddpjd.exec:\ddpjd.exe74⤵PID:4772
-
\??\c:\rlfxlrl.exec:\rlfxlrl.exe75⤵PID:5092
-
\??\c:\btbhnn.exec:\btbhnn.exe76⤵PID:2884
-
\??\c:\3tbnbb.exec:\3tbnbb.exe77⤵PID:5032
-
\??\c:\jdpvp.exec:\jdpvp.exe78⤵PID:1192
-
\??\c:\xfrrllf.exec:\xfrrllf.exe79⤵PID:1216
-
\??\c:\rxfrlrr.exec:\rxfrlrr.exe80⤵PID:4440
-
\??\c:\bnttbh.exec:\bnttbh.exe81⤵PID:1584
-
\??\c:\vvddv.exec:\vvddv.exe82⤵PID:2376
-
\??\c:\vjpvp.exec:\vjpvp.exe83⤵PID:4636
-
\??\c:\rlrllll.exec:\rlrllll.exe84⤵PID:1644
-
\??\c:\xrxrxxr.exec:\xrxrxxr.exe85⤵PID:3732
-
\??\c:\3nhhnn.exec:\3nhhnn.exe86⤵PID:1480
-
\??\c:\pvdjd.exec:\pvdjd.exe87⤵PID:4672
-
\??\c:\rflrrrl.exec:\rflrrrl.exe88⤵PID:4580
-
\??\c:\fxfxlxx.exec:\fxfxlxx.exe89⤵PID:3528
-
\??\c:\7ntbbh.exec:\7ntbbh.exe90⤵PID:1064
-
\??\c:\3pjdv.exec:\3pjdv.exe91⤵PID:952
-
\??\c:\flxflll.exec:\flxflll.exe92⤵PID:3716
-
\??\c:\flxxxxx.exec:\flxxxxx.exe93⤵PID:2128
-
\??\c:\tntnnn.exec:\tntnnn.exe94⤵PID:4836
-
\??\c:\bnbbtt.exec:\bnbbtt.exe95⤵PID:2428
-
\??\c:\ttbbtt.exec:\ttbbtt.exe96⤵PID:3836
-
\??\c:\jdvdj.exec:\jdvdj.exe97⤵PID:4680
-
\??\c:\rlrrrxx.exec:\rlrrrxx.exe98⤵PID:1120
-
\??\c:\fflrrxx.exec:\fflrrxx.exe99⤵PID:3432
-
\??\c:\vppvv.exec:\vppvv.exe100⤵PID:2036
-
\??\c:\frrrlll.exec:\frrrlll.exe101⤵PID:3292
-
\??\c:\rrfllrr.exec:\rrfllrr.exe102⤵PID:3028
-
\??\c:\7bnhhh.exec:\7bnhhh.exe103⤵PID:324
-
\??\c:\nbhnbh.exec:\nbhnbh.exe104⤵PID:2600
-
\??\c:\vdjdv.exec:\vdjdv.exe105⤵PID:4912
-
\??\c:\fflfxfx.exec:\fflfxfx.exe106⤵PID:3240
-
\??\c:\xflllll.exec:\xflllll.exe107⤵PID:2080
-
\??\c:\7tbbhh.exec:\7tbbhh.exe108⤵PID:4652
-
\??\c:\hbnbtt.exec:\hbnbtt.exe109⤵PID:3184
-
\??\c:\vjjpd.exec:\vjjpd.exe110⤵PID:4236
-
\??\c:\xrrrlll.exec:\xrrrlll.exe111⤵PID:2364
-
\??\c:\htbnnt.exec:\htbnnt.exe112⤵PID:4768
-
\??\c:\nbhtbh.exec:\nbhtbh.exe113⤵PID:5036
-
\??\c:\jvvvp.exec:\jvvvp.exe114⤵PID:2468
-
\??\c:\djjdv.exec:\djjdv.exe115⤵PID:2280
-
\??\c:\5frrlll.exec:\5frrlll.exe116⤵PID:1352
-
\??\c:\fxxxffr.exec:\fxxxffr.exe117⤵PID:704
-
\??\c:\llllfxr.exec:\llllfxr.exe118⤵PID:4056
-
\??\c:\bhhntb.exec:\bhhntb.exe119⤵PID:3152
-
\??\c:\vjdvp.exec:\vjdvp.exe120⤵PID:4688
-
\??\c:\5djjp.exec:\5djjp.exe121⤵PID:4372
-
\??\c:\xxxfxxx.exec:\xxxfxxx.exe122⤵PID:3224
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-