Analysis
-
max time kernel
154s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
18/05/2024, 13:09
Behavioral task
behavioral1
Sample
ca27fa448728f1b0c574971c4fe0c830_NeikiAnalytics.exe
Resource
win7-20240419-en
5 signatures
150 seconds
General
-
Target
ca27fa448728f1b0c574971c4fe0c830_NeikiAnalytics.exe
-
Size
86KB
-
MD5
ca27fa448728f1b0c574971c4fe0c830
-
SHA1
28d65d1413e0a0f23986ae4bbf395b4d7b46efab
-
SHA256
fb1df914020c56b2fa513c85a5c4946f2e6a246593b88dd96379597bdf525e5f
-
SHA512
6f8e09b9589141cbfff10055e3ffd1b811fbba160968cfe18e54fb8886dd074d617e5c5374f55941dcf0ad0816b673dfdd9b2f4728e55dcac006d4e281ee33f7
-
SSDEEP
1536:kvQBeOGtrYS3srx93UBWfwC6Ggnouy8p5yAXNlIQkPvA3qrEvO7C82krfiEqkBy+:khOmTsF93UYfwC6GIoutpYcvrqrE66kp
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral2/memory/2384-6-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4984-11-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2588-17-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4748-23-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2744-29-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3488-35-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/208-40-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2196-46-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1116-51-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/936-58-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1368-61-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1612-70-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3732-83-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1692-88-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3576-99-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3504-105-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2088-121-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3620-127-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1592-133-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3308-154-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4192-160-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4760-165-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/64-185-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1076-198-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3748-205-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/348-212-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1688-228-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2216-232-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1712-239-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2124-246-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4368-254-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2304-258-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4428-268-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1624-281-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3564-285-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/964-289-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5100-290-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4036-306-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1632-313-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/612-320-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/392-322-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4916-343-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3808-356-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3748-360-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/468-373-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1164-380-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3992-390-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1532-409-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/400-419-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3564-432-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/216-485-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1812-513-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1136-517-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/3528-527-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4988-543-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1976-544-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/1592-554-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/5116-567-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4512-571-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/4412-587-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2304-647-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/2136-649-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/400-655-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral2/memory/624-709-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 4984 taqji.exe 2588 063vox.exe 4748 333r8m.exe 2744 5o65u19.exe 3488 o23k03.exe 208 385h5e.exe 2196 1h4u5.exe 1116 h5ogk54.exe 936 9937t.exe 1368 o206gdn.exe 1612 92upil.exe 776 601i3o.exe 3732 6nc91.exe 1692 q0g447.exe 3528 t7u3l.exe 3576 ua112u7.exe 3504 od5dst8.exe 4672 7u08s.exe 2448 2eet9e8.exe 2088 204606.exe 3620 22rg5p1.exe 1592 7mdp7.exe 3148 557pjwu.exe 3964 maj51.exe 3984 250c9.exe 3308 x1qeh.exe 4192 60884.exe 4760 dkk9lc.exe 4132 6u7s77.exe 3980 1035dv.exe 384 6eb0w79.exe 64 n1fm0.exe 632 duin0i5.exe 1840 49s32.exe 2700 hh9q1.exe 1076 1927f.exe 3808 0h332a1.exe 3748 javm4k.exe 1140 00h73t.exe 348 q57x97m.exe 624 ew9ra.exe 2196 6d01h.exe 4928 q0icx7.exe 2908 97i7q5f.exe 1688 6kb9h.exe 2216 u32n3.exe 1368 o16a2.exe 1712 3ro1q.exe 4820 6xcj5k.exe 2124 wr734uc.exe 5108 02d39.exe 5028 avg50d9.exe 4368 fsd765.exe 2304 4895ux6.exe 4224 osgd2wt.exe 2804 gsd0n.exe 4428 1wbomsh.exe 4376 3u9jdk.exe 3332 5cc58u.exe 1624 6kwogk.exe 3564 4inni.exe 964 9htb49.exe 5100 f28enc.exe 2696 5s12w13.exe -
resource yara_rule behavioral2/memory/2384-0-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0008000000023252-3.dat upx behavioral2/memory/2384-6-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0008000000023256-9.dat upx behavioral2/memory/4984-11-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0009000000023257-13.dat upx behavioral2/memory/2588-17-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/4748-23-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023258-21.dat upx behavioral2/files/0x0007000000023259-27.dat upx behavioral2/memory/2744-29-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002325a-33.dat upx behavioral2/memory/3488-35-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002325b-39.dat upx behavioral2/memory/208-40-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2196-46-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002325d-44.dat upx behavioral2/memory/1116-51-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002325e-52.dat upx behavioral2/files/0x000700000002325f-56.dat upx behavioral2/memory/936-58-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1368-61-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023260-63.dat upx behavioral2/files/0x0007000000023261-68.dat upx behavioral2/memory/1612-70-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/776-72-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023262-75.dat upx behavioral2/files/0x0007000000023264-79.dat upx behavioral2/memory/3732-83-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023265-86.dat upx behavioral2/memory/1692-88-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023266-92.dat upx behavioral2/files/0x0007000000023267-97.dat upx behavioral2/memory/3576-99-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000a000000016fa5-103.dat upx behavioral2/memory/3504-105-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023268-109.dat upx behavioral2/files/0x0007000000023269-114.dat upx behavioral2/memory/2088-121-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002326a-122.dat upx behavioral2/memory/3620-127-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002326b-126.dat upx behavioral2/files/0x000700000002326c-131.dat upx behavioral2/memory/1592-133-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x000700000002326d-137.dat upx behavioral2/files/0x000700000002326e-142.dat upx behavioral2/files/0x000700000002326f-147.dat upx behavioral2/files/0x0007000000023270-152.dat upx behavioral2/memory/3308-154-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023271-158.dat upx behavioral2/memory/4192-160-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023272-164.dat upx behavioral2/memory/4760-165-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/files/0x0007000000023273-169.dat upx behavioral2/files/0x0007000000023274-174.dat upx behavioral2/files/0x0007000000023275-179.dat upx behavioral2/memory/64-185-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1076-198-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/3748-205-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/348-212-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1688-228-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2216-232-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/1712-239-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral2/memory/2124-246-0x0000000000400000-0x0000000000427000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2384 wrote to memory of 4984 2384 ca27fa448728f1b0c574971c4fe0c830_NeikiAnalytics.exe 92 PID 2384 wrote to memory of 4984 2384 ca27fa448728f1b0c574971c4fe0c830_NeikiAnalytics.exe 92 PID 2384 wrote to memory of 4984 2384 ca27fa448728f1b0c574971c4fe0c830_NeikiAnalytics.exe 92 PID 4984 wrote to memory of 2588 4984 taqji.exe 93 PID 4984 wrote to memory of 2588 4984 taqji.exe 93 PID 4984 wrote to memory of 2588 4984 taqji.exe 93 PID 2588 wrote to memory of 4748 2588 063vox.exe 94 PID 2588 wrote to memory of 4748 2588 063vox.exe 94 PID 2588 wrote to memory of 4748 2588 063vox.exe 94 PID 4748 wrote to memory of 2744 4748 333r8m.exe 95 PID 4748 wrote to memory of 2744 4748 333r8m.exe 95 PID 4748 wrote to memory of 2744 4748 333r8m.exe 95 PID 2744 wrote to memory of 3488 2744 5o65u19.exe 96 PID 2744 wrote to memory of 3488 2744 5o65u19.exe 96 PID 2744 wrote to memory of 3488 2744 5o65u19.exe 96 PID 3488 wrote to memory of 208 3488 o23k03.exe 97 PID 3488 wrote to memory of 208 3488 o23k03.exe 97 PID 3488 wrote to memory of 208 3488 o23k03.exe 97 PID 208 wrote to memory of 2196 208 385h5e.exe 98 PID 208 wrote to memory of 2196 208 385h5e.exe 98 PID 208 wrote to memory of 2196 208 385h5e.exe 98 PID 2196 wrote to memory of 1116 2196 1h4u5.exe 99 PID 2196 wrote to memory of 1116 2196 1h4u5.exe 99 PID 2196 wrote to memory of 1116 2196 1h4u5.exe 99 PID 1116 wrote to memory of 936 1116 h5ogk54.exe 100 PID 1116 wrote to memory of 936 1116 h5ogk54.exe 100 PID 1116 wrote to memory of 936 1116 h5ogk54.exe 100 PID 936 wrote to memory of 1368 936 9937t.exe 101 PID 936 wrote to memory of 1368 936 9937t.exe 101 PID 936 wrote to memory of 1368 936 9937t.exe 101 PID 1368 wrote to memory of 1612 1368 o206gdn.exe 102 PID 1368 wrote to memory of 1612 1368 o206gdn.exe 102 PID 1368 wrote to memory of 1612 1368 o206gdn.exe 102 PID 1612 wrote to memory of 776 1612 92upil.exe 103 PID 1612 wrote to memory of 776 1612 92upil.exe 103 PID 1612 wrote to memory of 776 1612 92upil.exe 103 PID 776 wrote to memory of 3732 776 601i3o.exe 104 PID 776 wrote to memory of 3732 776 601i3o.exe 104 PID 776 wrote to memory of 3732 776 601i3o.exe 104 PID 3732 wrote to memory of 1692 3732 6nc91.exe 105 PID 3732 wrote to memory of 1692 3732 6nc91.exe 105 PID 3732 wrote to memory of 1692 3732 6nc91.exe 105 PID 1692 wrote to memory of 3528 1692 q0g447.exe 106 PID 1692 wrote to memory of 3528 1692 q0g447.exe 106 PID 1692 wrote to memory of 3528 1692 q0g447.exe 106 PID 3528 wrote to memory of 3576 3528 t7u3l.exe 107 PID 3528 wrote to memory of 3576 3528 t7u3l.exe 107 PID 3528 wrote to memory of 3576 3528 t7u3l.exe 107 PID 3576 wrote to memory of 3504 3576 ua112u7.exe 108 PID 3576 wrote to memory of 3504 3576 ua112u7.exe 108 PID 3576 wrote to memory of 3504 3576 ua112u7.exe 108 PID 3504 wrote to memory of 4672 3504 od5dst8.exe 109 PID 3504 wrote to memory of 4672 3504 od5dst8.exe 109 PID 3504 wrote to memory of 4672 3504 od5dst8.exe 109 PID 4672 wrote to memory of 2448 4672 7u08s.exe 110 PID 4672 wrote to memory of 2448 4672 7u08s.exe 110 PID 4672 wrote to memory of 2448 4672 7u08s.exe 110 PID 2448 wrote to memory of 2088 2448 2eet9e8.exe 111 PID 2448 wrote to memory of 2088 2448 2eet9e8.exe 111 PID 2448 wrote to memory of 2088 2448 2eet9e8.exe 111 PID 2088 wrote to memory of 3620 2088 204606.exe 112 PID 2088 wrote to memory of 3620 2088 204606.exe 112 PID 2088 wrote to memory of 3620 2088 204606.exe 112 PID 3620 wrote to memory of 1592 3620 22rg5p1.exe 113
Processes
-
C:\Users\Admin\AppData\Local\Temp\ca27fa448728f1b0c574971c4fe0c830_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\ca27fa448728f1b0c574971c4fe0c830_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2384 -
\??\c:\taqji.exec:\taqji.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4984 -
\??\c:\063vox.exec:\063vox.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2588 -
\??\c:\333r8m.exec:\333r8m.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4748 -
\??\c:\5o65u19.exec:\5o65u19.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2744 -
\??\c:\o23k03.exec:\o23k03.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3488 -
\??\c:\385h5e.exec:\385h5e.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:208 -
\??\c:\1h4u5.exec:\1h4u5.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2196 -
\??\c:\h5ogk54.exec:\h5ogk54.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1116 -
\??\c:\9937t.exec:\9937t.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:936 -
\??\c:\o206gdn.exec:\o206gdn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1368 -
\??\c:\92upil.exec:\92upil.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1612 -
\??\c:\601i3o.exec:\601i3o.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:776 -
\??\c:\6nc91.exec:\6nc91.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3732 -
\??\c:\q0g447.exec:\q0g447.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1692 -
\??\c:\t7u3l.exec:\t7u3l.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3528 -
\??\c:\ua112u7.exec:\ua112u7.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3576 -
\??\c:\od5dst8.exec:\od5dst8.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3504 -
\??\c:\7u08s.exec:\7u08s.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4672 -
\??\c:\2eet9e8.exec:\2eet9e8.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2448 -
\??\c:\204606.exec:\204606.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2088 -
\??\c:\22rg5p1.exec:\22rg5p1.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3620 -
\??\c:\7mdp7.exec:\7mdp7.exe23⤵
- Executes dropped EXE
PID:1592 -
\??\c:\557pjwu.exec:\557pjwu.exe24⤵
- Executes dropped EXE
PID:3148 -
\??\c:\maj51.exec:\maj51.exe25⤵
- Executes dropped EXE
PID:3964 -
\??\c:\250c9.exec:\250c9.exe26⤵
- Executes dropped EXE
PID:3984 -
\??\c:\x1qeh.exec:\x1qeh.exe27⤵
- Executes dropped EXE
PID:3308 -
\??\c:\60884.exec:\60884.exe28⤵
- Executes dropped EXE
PID:4192 -
\??\c:\dkk9lc.exec:\dkk9lc.exe29⤵
- Executes dropped EXE
PID:4760 -
\??\c:\6u7s77.exec:\6u7s77.exe30⤵
- Executes dropped EXE
PID:4132 -
\??\c:\1035dv.exec:\1035dv.exe31⤵
- Executes dropped EXE
PID:3980 -
\??\c:\6eb0w79.exec:\6eb0w79.exe32⤵
- Executes dropped EXE
PID:384 -
\??\c:\n1fm0.exec:\n1fm0.exe33⤵
- Executes dropped EXE
PID:64 -
\??\c:\duin0i5.exec:\duin0i5.exe34⤵
- Executes dropped EXE
PID:632 -
\??\c:\49s32.exec:\49s32.exe35⤵
- Executes dropped EXE
PID:1840 -
\??\c:\hh9q1.exec:\hh9q1.exe36⤵
- Executes dropped EXE
PID:2700 -
\??\c:\1927f.exec:\1927f.exe37⤵
- Executes dropped EXE
PID:1076 -
\??\c:\0h332a1.exec:\0h332a1.exe38⤵
- Executes dropped EXE
PID:3808 -
\??\c:\javm4k.exec:\javm4k.exe39⤵
- Executes dropped EXE
PID:3748 -
\??\c:\00h73t.exec:\00h73t.exe40⤵
- Executes dropped EXE
PID:1140 -
\??\c:\q57x97m.exec:\q57x97m.exe41⤵
- Executes dropped EXE
PID:348 -
\??\c:\ew9ra.exec:\ew9ra.exe42⤵
- Executes dropped EXE
PID:624 -
\??\c:\6d01h.exec:\6d01h.exe43⤵
- Executes dropped EXE
PID:2196 -
\??\c:\q0icx7.exec:\q0icx7.exe44⤵
- Executes dropped EXE
PID:4928 -
\??\c:\97i7q5f.exec:\97i7q5f.exe45⤵
- Executes dropped EXE
PID:2908 -
\??\c:\6kb9h.exec:\6kb9h.exe46⤵
- Executes dropped EXE
PID:1688 -
\??\c:\u32n3.exec:\u32n3.exe47⤵
- Executes dropped EXE
PID:2216 -
\??\c:\o16a2.exec:\o16a2.exe48⤵
- Executes dropped EXE
PID:1368 -
\??\c:\3ro1q.exec:\3ro1q.exe49⤵
- Executes dropped EXE
PID:1712 -
\??\c:\6xcj5k.exec:\6xcj5k.exe50⤵
- Executes dropped EXE
PID:4820 -
\??\c:\wr734uc.exec:\wr734uc.exe51⤵
- Executes dropped EXE
PID:2124 -
\??\c:\02d39.exec:\02d39.exe52⤵
- Executes dropped EXE
PID:5108 -
\??\c:\avg50d9.exec:\avg50d9.exe53⤵
- Executes dropped EXE
PID:5028 -
\??\c:\fsd765.exec:\fsd765.exe54⤵
- Executes dropped EXE
PID:4368 -
\??\c:\4895ux6.exec:\4895ux6.exe55⤵
- Executes dropped EXE
PID:2304 -
\??\c:\osgd2wt.exec:\osgd2wt.exe56⤵
- Executes dropped EXE
PID:4224 -
\??\c:\gsd0n.exec:\gsd0n.exe57⤵
- Executes dropped EXE
PID:2804 -
\??\c:\1wbomsh.exec:\1wbomsh.exe58⤵
- Executes dropped EXE
PID:4428 -
\??\c:\3u9jdk.exec:\3u9jdk.exe59⤵
- Executes dropped EXE
PID:4376 -
\??\c:\5cc58u.exec:\5cc58u.exe60⤵
- Executes dropped EXE
PID:3332 -
\??\c:\6kwogk.exec:\6kwogk.exe61⤵
- Executes dropped EXE
PID:1624 -
\??\c:\4inni.exec:\4inni.exe62⤵
- Executes dropped EXE
PID:3564 -
\??\c:\9htb49.exec:\9htb49.exe63⤵
- Executes dropped EXE
PID:964 -
\??\c:\f28enc.exec:\f28enc.exe64⤵
- Executes dropped EXE
PID:5100 -
\??\c:\5s12w13.exec:\5s12w13.exe65⤵
- Executes dropped EXE
PID:2696 -
\??\c:\2dv51.exec:\2dv51.exe66⤵PID:1504
-
\??\c:\gk6l205.exec:\gk6l205.exe67⤵PID:3964
-
\??\c:\89fex.exec:\89fex.exe68⤵PID:4036
-
\??\c:\835k796.exec:\835k796.exe69⤵PID:1792
-
\??\c:\gqhia.exec:\gqhia.exe70⤵PID:1632
-
\??\c:\1l1fos5.exec:\1l1fos5.exe71⤵PID:4032
-
\??\c:\t9w4u.exec:\t9w4u.exe72⤵PID:612
-
\??\c:\x0l2b7.exec:\x0l2b7.exe73⤵PID:392
-
\??\c:\7i8x616.exec:\7i8x616.exe74⤵PID:4556
-
\??\c:\3r3sm.exec:\3r3sm.exe75⤵PID:4440
-
\??\c:\i3gko2.exec:\i3gko2.exe76⤵PID:1516
-
\??\c:\88su1g9.exec:\88su1g9.exe77⤵PID:5084
-
\??\c:\0l72os.exec:\0l72os.exe78⤵PID:3048
-
\??\c:\92ew9.exec:\92ew9.exe79⤵PID:4916
-
\??\c:\4la44a.exec:\4la44a.exe80⤵PID:3812
-
\??\c:\qk768ro.exec:\qk768ro.exe81⤵PID:4120
-
\??\c:\3f080g0.exec:\3f080g0.exe82⤵PID:1384
-
\??\c:\l4ug9.exec:\l4ug9.exe83⤵PID:3808
-
\??\c:\km8uxrm.exec:\km8uxrm.exe84⤵PID:3748
-
\??\c:\mojw4t2.exec:\mojw4t2.exe85⤵PID:912
-
\??\c:\ncvm1n6.exec:\ncvm1n6.exe86⤵PID:2916
-
\??\c:\e74ts0b.exec:\e74ts0b.exe87⤵PID:4304
-
\??\c:\7jnh9.exec:\7jnh9.exe88⤵PID:468
-
\??\c:\p2en6.exec:\p2en6.exe89⤵PID:1116
-
\??\c:\5b551.exec:\5b551.exe90⤵PID:1164
-
\??\c:\h3th3.exec:\h3th3.exe91⤵PID:1948
-
\??\c:\h4dvm2.exec:\h4dvm2.exe92⤵PID:2216
-
\??\c:\sapn008.exec:\sapn008.exe93⤵PID:3992
-
\??\c:\8av63.exec:\8av63.exe94⤵PID:4664
-
\??\c:\22862.exec:\22862.exe95⤵PID:4008
-
\??\c:\le0th35.exec:\le0th35.exe96⤵PID:5012
-
\??\c:\ij12k0.exec:\ij12k0.exe97⤵PID:3968
-
\??\c:\2666h33.exec:\2666h33.exe98⤵PID:2692
-
\??\c:\55a5571.exec:\55a5571.exe99⤵PID:1532
-
\??\c:\rm312q.exec:\rm312q.exe100⤵PID:936
-
\??\c:\7k89315.exec:\7k89315.exe101⤵PID:1748
-
\??\c:\5jvj96.exec:\5jvj96.exe102⤵PID:400
-
\??\c:\5uxm68.exec:\5uxm68.exe103⤵PID:1976
-
\??\c:\d65cpv5.exec:\d65cpv5.exe104⤵PID:1860
-
\??\c:\0j7t21.exec:\0j7t21.exe105⤵PID:2252
-
\??\c:\077jp.exec:\077jp.exe106⤵PID:3564
-
\??\c:\5441or.exec:\5441or.exe107⤵PID:4456
-
\??\c:\o44btq.exec:\o44btq.exe108⤵PID:2072
-
\??\c:\itn068.exec:\itn068.exe109⤵PID:2348
-
\??\c:\67793.exec:\67793.exe110⤵PID:4880
-
\??\c:\p3mfp.exec:\p3mfp.exe111⤵PID:60
-
\??\c:\02bnh.exec:\02bnh.exe112⤵PID:3308
-
\??\c:\5m6e1uc.exec:\5m6e1uc.exe113⤵PID:4156
-
\??\c:\134j0n9.exec:\134j0n9.exe114⤵PID:3352
-
\??\c:\2txsq.exec:\2txsq.exe115⤵PID:612
-
\??\c:\x7l7pr.exec:\x7l7pr.exe116⤵PID:4484
-
\??\c:\ksd131.exec:\ksd131.exe117⤵PID:64
-
\??\c:\cx7p5l.exec:\cx7p5l.exe118⤵PID:1516
-
\??\c:\1hus590.exec:\1hus590.exe119⤵PID:640
-
\??\c:\0vgb72.exec:\0vgb72.exe120⤵PID:2700
-
\??\c:\2791i6n.exec:\2791i6n.exe121⤵PID:3480
-
\??\c:\j6e3l.exec:\j6e3l.exe122⤵PID:3328
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-