Analysis
-
max time kernel
150s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 13:17
Behavioral task
behavioral1
Sample
cbb271f375f0d33be34d6b900168e800_NeikiAnalytics.exe
Resource
win7-20231129-en
5 signatures
150 seconds
General
-
Target
cbb271f375f0d33be34d6b900168e800_NeikiAnalytics.exe
-
Size
75KB
-
MD5
cbb271f375f0d33be34d6b900168e800
-
SHA1
63772079d27206e68743d3b7b6ad37d96f32567a
-
SHA256
8de0bec4b76376df982fd261336fc0a5076e27d5ddbd3e998349a19a38eb994a
-
SHA512
15ac7bad2f819cfc31063ed1d192d2d3294f7fe61528dfafd42754086b8e315401189d4dd9b81a475ce01dadf52e9438003061ef387a960b4fcc9e04d3196f48
-
SSDEEP
1536:9vQBeOGtrYS3srx93UBWfwC6Ggnouy8PbhnyLFWoFLAxZhMDzE8s:9hOmTsF93UYfwC6GIoutz5yLpOSDi
Malware Config
Signatures
-
Detect Blackmoon payload 38 IoCs
resource yara_rule behavioral1/memory/1848-8-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2884-22-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/3052-19-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2920-31-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/3068-45-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2636-53-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2536-64-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2776-72-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2604-83-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2324-101-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2996-109-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2184-128-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/812-137-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/328-139-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1664-163-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/628-173-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2612-176-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/308-198-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1296-208-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/476-217-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1636-226-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2068-263-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1272-294-0x0000000077AF0000-0x0000000077C0F000-memory.dmp family_blackmoon behavioral1/memory/860-310-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2908-330-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2700-345-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2592-351-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2592-358-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2544-372-0x0000000000250000-0x0000000000277000-memory.dmp family_blackmoon behavioral1/memory/2856-388-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2196-403-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/308-484-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/268-494-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/1048-529-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2044-578-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2852-667-0x00000000001B0000-0x00000000001D7000-memory.dmp family_blackmoon behavioral1/memory/1432-823-0x0000000000400000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/912-1079-0x00000000002A0000-0x00000000002C7000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 3052 hbnhhb.exe 2884 dpjjj.exe 2920 jpjjj.exe 3068 fxllllr.exe 2636 5hbtbh.exe 2536 vjdjj.exe 2776 xxffxxf.exe 2604 5frlrrr.exe 2432 tnbntb.exe 2324 pjdpv.exe 2996 dvjpd.exe 1800 xlxrxrx.exe 2184 btntbh.exe 812 bthtbb.exe 328 pjvvj.exe 936 1jvjv.exe 1664 7rffllr.exe 628 xxfrfff.exe 2612 thbhhn.exe 2712 5tbttt.exe 308 dvddj.exe 1296 llxrxxf.exe 476 1lxrlfx.exe 1636 bbthbb.exe 1984 3vpvv.exe 780 jdvvv.exe 2932 lllrfrl.exe 1104 hhbnbt.exe 2068 nntttb.exe 2080 vjjvv.exe 2924 vpvpv.exe 876 lfflrrx.exe 1272 lfxfrfr.exe 860 hthhnt.exe 2148 llfrrrr.exe 2516 btbntn.exe 2908 7tntbt.exe 2640 jdjpv.exe 2540 frfrrxl.exe 2700 rfffllr.exe 2592 hbtbnn.exe 2716 dvppv.exe 2544 ddpvp.exe 2452 9rlrllr.exe 2856 7httbh.exe 2176 pjvpv.exe 1604 1vpdd.exe 2196 7dppp.exe 756 rlffrxf.exe 944 9tbbhb.exe 812 tthnhn.exe 2156 5hbhnb.exe 1648 dpjpp.exe 2160 djjvv.exe 1520 9xxllrf.exe 628 tnthtb.exe 836 7bttbh.exe 2744 vvvvd.exe 2472 5jvdv.exe 308 fxllrrx.exe 772 lrrxxlf.exe 268 nhnntt.exe 1496 nbhbtn.exe 1308 jdddd.exe -
resource yara_rule behavioral1/memory/1848-0-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1848-3-0x0000000000220000-0x0000000000247000-memory.dmp upx behavioral1/memory/1848-8-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x000a000000014825-11.dat upx behavioral1/memory/2884-22-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/3052-10-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x000b000000014abe-20.dat upx behavioral1/memory/3052-19-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2920-31-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0008000000015605-29.dat upx behavioral1/files/0x0007000000015616-37.dat upx behavioral1/files/0x0007000000015626-44.dat upx behavioral1/memory/3068-45-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0007000000015b6f-54.dat upx behavioral1/memory/2636-53-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2536-55-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2536-64-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0008000000015c52-61.dat upx behavioral1/files/0x0009000000015c78-73.dat upx behavioral1/memory/2776-72-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2604-74-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0007000000015c83-81.dat upx behavioral1/memory/2604-83-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2432-84-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0007000000015c9f-92.dat upx behavioral1/files/0x0009000000015cb6-98.dat upx behavioral1/memory/2324-101-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0008000000015cce-110.dat upx behavioral1/memory/2996-109-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000015cee-117.dat upx behavioral1/memory/2184-119-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2184-128-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000015cf6-127.dat upx behavioral1/files/0x0006000000015cfe-134.dat upx behavioral1/memory/812-137-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/328-139-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000015d07-146.dat upx behavioral1/files/0x0006000000015d0f-153.dat upx behavioral1/files/0x0006000000015d1a-164.dat upx behavioral1/memory/1664-163-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000015d27-174.dat upx behavioral1/memory/628-173-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/2612-176-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000015d31-182.dat upx behavioral1/files/0x0006000000015d98-189.dat upx behavioral1/files/0x0006000000015df1-199.dat upx behavioral1/memory/308-198-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/1296-208-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000015f01-206.dat upx behavioral1/memory/476-209-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/memory/476-217-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000015f7a-218.dat upx behavioral1/memory/1636-226-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x00060000000160af-225.dat upx behavioral1/files/0x0006000000016176-236.dat upx behavioral1/memory/780-235-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x0006000000016287-243.dat upx behavioral1/files/0x0006000000016448-252.dat upx behavioral1/files/0x000600000001650c-260.dat upx behavioral1/memory/2068-263-0x0000000000400000-0x0000000000427000-memory.dmp upx behavioral1/files/0x00060000000165ae-269.dat upx behavioral1/files/0x00060000000167d5-277.dat upx behavioral1/files/0x0006000000016a29-286.dat upx behavioral1/memory/3052-296-0x0000000000400000-0x0000000000427000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1848 wrote to memory of 3052 1848 cbb271f375f0d33be34d6b900168e800_NeikiAnalytics.exe 28 PID 1848 wrote to memory of 3052 1848 cbb271f375f0d33be34d6b900168e800_NeikiAnalytics.exe 28 PID 1848 wrote to memory of 3052 1848 cbb271f375f0d33be34d6b900168e800_NeikiAnalytics.exe 28 PID 1848 wrote to memory of 3052 1848 cbb271f375f0d33be34d6b900168e800_NeikiAnalytics.exe 28 PID 3052 wrote to memory of 2884 3052 hbnhhb.exe 29 PID 3052 wrote to memory of 2884 3052 hbnhhb.exe 29 PID 3052 wrote to memory of 2884 3052 hbnhhb.exe 29 PID 3052 wrote to memory of 2884 3052 hbnhhb.exe 29 PID 2884 wrote to memory of 2920 2884 dpjjj.exe 30 PID 2884 wrote to memory of 2920 2884 dpjjj.exe 30 PID 2884 wrote to memory of 2920 2884 dpjjj.exe 30 PID 2884 wrote to memory of 2920 2884 dpjjj.exe 30 PID 2920 wrote to memory of 3068 2920 jpjjj.exe 31 PID 2920 wrote to memory of 3068 2920 jpjjj.exe 31 PID 2920 wrote to memory of 3068 2920 jpjjj.exe 31 PID 2920 wrote to memory of 3068 2920 jpjjj.exe 31 PID 3068 wrote to memory of 2636 3068 fxllllr.exe 32 PID 3068 wrote to memory of 2636 3068 fxllllr.exe 32 PID 3068 wrote to memory of 2636 3068 fxllllr.exe 32 PID 3068 wrote to memory of 2636 3068 fxllllr.exe 32 PID 2636 wrote to memory of 2536 2636 5hbtbh.exe 33 PID 2636 wrote to memory of 2536 2636 5hbtbh.exe 33 PID 2636 wrote to memory of 2536 2636 5hbtbh.exe 33 PID 2636 wrote to memory of 2536 2636 5hbtbh.exe 33 PID 2536 wrote to memory of 2776 2536 vjdjj.exe 34 PID 2536 wrote to memory of 2776 2536 vjdjj.exe 34 PID 2536 wrote to memory of 2776 2536 vjdjj.exe 34 PID 2536 wrote to memory of 2776 2536 vjdjj.exe 34 PID 2776 wrote to memory of 2604 2776 xxffxxf.exe 35 PID 2776 wrote to memory of 2604 2776 xxffxxf.exe 35 PID 2776 wrote to memory of 2604 2776 xxffxxf.exe 35 PID 2776 wrote to memory of 2604 2776 xxffxxf.exe 35 PID 2604 wrote to memory of 2432 2604 5frlrrr.exe 36 PID 2604 wrote to memory of 2432 2604 5frlrrr.exe 36 PID 2604 wrote to memory of 2432 2604 5frlrrr.exe 36 PID 2604 wrote to memory of 2432 2604 5frlrrr.exe 36 PID 2432 wrote to memory of 2324 2432 tnbntb.exe 37 PID 2432 wrote to memory of 2324 2432 tnbntb.exe 37 PID 2432 wrote to memory of 2324 2432 tnbntb.exe 37 PID 2432 wrote to memory of 2324 2432 tnbntb.exe 37 PID 2324 wrote to memory of 2996 2324 pjdpv.exe 38 PID 2324 wrote to memory of 2996 2324 pjdpv.exe 38 PID 2324 wrote to memory of 2996 2324 pjdpv.exe 38 PID 2324 wrote to memory of 2996 2324 pjdpv.exe 38 PID 2996 wrote to memory of 1800 2996 dvjpd.exe 39 PID 2996 wrote to memory of 1800 2996 dvjpd.exe 39 PID 2996 wrote to memory of 1800 2996 dvjpd.exe 39 PID 2996 wrote to memory of 1800 2996 dvjpd.exe 39 PID 1800 wrote to memory of 2184 1800 xlxrxrx.exe 40 PID 1800 wrote to memory of 2184 1800 xlxrxrx.exe 40 PID 1800 wrote to memory of 2184 1800 xlxrxrx.exe 40 PID 1800 wrote to memory of 2184 1800 xlxrxrx.exe 40 PID 2184 wrote to memory of 812 2184 btntbh.exe 41 PID 2184 wrote to memory of 812 2184 btntbh.exe 41 PID 2184 wrote to memory of 812 2184 btntbh.exe 41 PID 2184 wrote to memory of 812 2184 btntbh.exe 41 PID 812 wrote to memory of 328 812 bthtbb.exe 42 PID 812 wrote to memory of 328 812 bthtbb.exe 42 PID 812 wrote to memory of 328 812 bthtbb.exe 42 PID 812 wrote to memory of 328 812 bthtbb.exe 42 PID 328 wrote to memory of 936 328 pjvvj.exe 43 PID 328 wrote to memory of 936 328 pjvvj.exe 43 PID 328 wrote to memory of 936 328 pjvvj.exe 43 PID 328 wrote to memory of 936 328 pjvvj.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\cbb271f375f0d33be34d6b900168e800_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cbb271f375f0d33be34d6b900168e800_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1848 -
\??\c:\hbnhhb.exec:\hbnhhb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3052 -
\??\c:\dpjjj.exec:\dpjjj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2884 -
\??\c:\jpjjj.exec:\jpjjj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2920 -
\??\c:\fxllllr.exec:\fxllllr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3068 -
\??\c:\5hbtbh.exec:\5hbtbh.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2636 -
\??\c:\vjdjj.exec:\vjdjj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2536 -
\??\c:\xxffxxf.exec:\xxffxxf.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2776 -
\??\c:\5frlrrr.exec:\5frlrrr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2604 -
\??\c:\tnbntb.exec:\tnbntb.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2432 -
\??\c:\pjdpv.exec:\pjdpv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2324 -
\??\c:\dvjpd.exec:\dvjpd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2996 -
\??\c:\xlxrxrx.exec:\xlxrxrx.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1800 -
\??\c:\btntbh.exec:\btntbh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2184 -
\??\c:\bthtbb.exec:\bthtbb.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:812 -
\??\c:\pjvvj.exec:\pjvvj.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:328 -
\??\c:\1jvjv.exec:\1jvjv.exe17⤵
- Executes dropped EXE
PID:936 -
\??\c:\7rffllr.exec:\7rffllr.exe18⤵
- Executes dropped EXE
PID:1664 -
\??\c:\xxfrfff.exec:\xxfrfff.exe19⤵
- Executes dropped EXE
PID:628 -
\??\c:\thbhhn.exec:\thbhhn.exe20⤵
- Executes dropped EXE
PID:2612 -
\??\c:\5tbttt.exec:\5tbttt.exe21⤵
- Executes dropped EXE
PID:2712 -
\??\c:\dvddj.exec:\dvddj.exe22⤵
- Executes dropped EXE
PID:308 -
\??\c:\llxrxxf.exec:\llxrxxf.exe23⤵
- Executes dropped EXE
PID:1296 -
\??\c:\1lxrlfx.exec:\1lxrlfx.exe24⤵
- Executes dropped EXE
PID:476 -
\??\c:\bbthbb.exec:\bbthbb.exe25⤵
- Executes dropped EXE
PID:1636 -
\??\c:\3vpvv.exec:\3vpvv.exe26⤵
- Executes dropped EXE
PID:1984 -
\??\c:\jdvvv.exec:\jdvvv.exe27⤵
- Executes dropped EXE
PID:780 -
\??\c:\lllrfrl.exec:\lllrfrl.exe28⤵
- Executes dropped EXE
PID:2932 -
\??\c:\hhbnbt.exec:\hhbnbt.exe29⤵
- Executes dropped EXE
PID:1104 -
\??\c:\nntttb.exec:\nntttb.exe30⤵
- Executes dropped EXE
PID:2068 -
\??\c:\vjjvv.exec:\vjjvv.exe31⤵
- Executes dropped EXE
PID:2080 -
\??\c:\vpvpv.exec:\vpvpv.exe32⤵
- Executes dropped EXE
PID:2924 -
\??\c:\lfflrrx.exec:\lfflrrx.exe33⤵
- Executes dropped EXE
PID:876 -
\??\c:\lfxfrfr.exec:\lfxfrfr.exe34⤵
- Executes dropped EXE
PID:1272 -
\??\c:\btntbb.exec:\btntbb.exe35⤵PID:3052
-
\??\c:\hthhnt.exec:\hthhnt.exe36⤵
- Executes dropped EXE
PID:860 -
\??\c:\llfrrrr.exec:\llfrrrr.exe37⤵
- Executes dropped EXE
PID:2148 -
\??\c:\btbntn.exec:\btbntn.exe38⤵
- Executes dropped EXE
PID:2516 -
\??\c:\7tntbt.exec:\7tntbt.exe39⤵
- Executes dropped EXE
PID:2908 -
\??\c:\jdjpv.exec:\jdjpv.exe40⤵
- Executes dropped EXE
PID:2640 -
\??\c:\frfrrxl.exec:\frfrrxl.exe41⤵
- Executes dropped EXE
PID:2540 -
\??\c:\rfffllr.exec:\rfffllr.exe42⤵
- Executes dropped EXE
PID:2700 -
\??\c:\hbtbnn.exec:\hbtbnn.exe43⤵
- Executes dropped EXE
PID:2592 -
\??\c:\dvppv.exec:\dvppv.exe44⤵
- Executes dropped EXE
PID:2716 -
\??\c:\ddpvp.exec:\ddpvp.exe45⤵
- Executes dropped EXE
PID:2544 -
\??\c:\9rlrllr.exec:\9rlrllr.exe46⤵
- Executes dropped EXE
PID:2452 -
\??\c:\7httbh.exec:\7httbh.exe47⤵
- Executes dropped EXE
PID:2856 -
\??\c:\pjvpv.exec:\pjvpv.exe48⤵
- Executes dropped EXE
PID:2176 -
\??\c:\1vpdd.exec:\1vpdd.exe49⤵
- Executes dropped EXE
PID:1604 -
\??\c:\7dppp.exec:\7dppp.exe50⤵
- Executes dropped EXE
PID:2196 -
\??\c:\rlffrxf.exec:\rlffrxf.exe51⤵
- Executes dropped EXE
PID:756 -
\??\c:\9tbbhb.exec:\9tbbhb.exe52⤵
- Executes dropped EXE
PID:944 -
\??\c:\tthnhn.exec:\tthnhn.exe53⤵
- Executes dropped EXE
PID:812 -
\??\c:\5hbhnb.exec:\5hbhnb.exe54⤵
- Executes dropped EXE
PID:2156 -
\??\c:\dpjpp.exec:\dpjpp.exe55⤵
- Executes dropped EXE
PID:1648 -
\??\c:\djjvv.exec:\djjvv.exe56⤵
- Executes dropped EXE
PID:2160 -
\??\c:\9xxllrf.exec:\9xxllrf.exe57⤵
- Executes dropped EXE
PID:1520 -
\??\c:\tnthtb.exec:\tnthtb.exe58⤵
- Executes dropped EXE
PID:628 -
\??\c:\7bttbh.exec:\7bttbh.exe59⤵
- Executes dropped EXE
PID:836 -
\??\c:\vvvvd.exec:\vvvvd.exe60⤵
- Executes dropped EXE
PID:2744 -
\??\c:\5jvdv.exec:\5jvdv.exe61⤵
- Executes dropped EXE
PID:2472 -
\??\c:\fxllrrx.exec:\fxllrrx.exe62⤵
- Executes dropped EXE
PID:308 -
\??\c:\lrrxxlf.exec:\lrrxxlf.exe63⤵
- Executes dropped EXE
PID:772 -
\??\c:\nhnntt.exec:\nhnntt.exe64⤵
- Executes dropped EXE
PID:268 -
\??\c:\nbhbtn.exec:\nbhbtn.exe65⤵
- Executes dropped EXE
PID:1496 -
\??\c:\jdddd.exec:\jdddd.exe66⤵
- Executes dropped EXE
PID:1308 -
\??\c:\7vjpj.exec:\7vjpj.exe67⤵PID:1600
-
\??\c:\flffxlr.exec:\flffxlr.exe68⤵PID:1900
-
\??\c:\9bnhnn.exec:\9bnhnn.exe69⤵PID:1048
-
\??\c:\5tbbbb.exec:\5tbbbb.exe70⤵PID:1804
-
\??\c:\dvpvv.exec:\dvpvv.exe71⤵PID:1100
-
\??\c:\9jdvj.exec:\9jdvj.exe72⤵PID:1432
-
\??\c:\xfxxffl.exec:\xfxxffl.exe73⤵PID:2416
-
\??\c:\lxlrxrx.exec:\lxlrxrx.exe74⤵PID:2080
-
\??\c:\1frrlff.exec:\1frrlff.exe75⤵PID:2924
-
\??\c:\9nhnht.exec:\9nhnht.exe76⤵PID:3040
-
\??\c:\bbnbnn.exec:\bbnbnn.exe77⤵PID:2044
-
\??\c:\pdpjj.exec:\pdpjj.exe78⤵PID:3000
-
\??\c:\7rlxxxf.exec:\7rlxxxf.exe79⤵PID:1708
-
\??\c:\rlffrrf.exec:\rlffrrf.exe80⤵PID:1704
-
\??\c:\nnnbnt.exec:\nnnbnt.exe81⤵PID:1196
-
\??\c:\tthnbb.exec:\tthnbb.exe82⤵PID:2560
-
\??\c:\pvvvv.exec:\pvvvv.exe83⤵PID:2656
-
\??\c:\dpvvp.exec:\dpvvp.exe84⤵PID:2676
-
\??\c:\frlrflx.exec:\frlrflx.exe85⤵PID:2628
-
\??\c:\fxlxllx.exec:\fxlxllx.exe86⤵PID:2672
-
\??\c:\tntbhb.exec:\tntbhb.exe87⤵PID:2316
-
\??\c:\bhbbbb.exec:\bhbbbb.exe88⤵PID:2776
-
\??\c:\3pjjj.exec:\3pjjj.exe89⤵PID:2544
-
\??\c:\vdjjj.exec:\vdjjj.exe90⤵PID:2848
-
\??\c:\frfllxx.exec:\frfllxx.exe91⤵PID:2852
-
\??\c:\xrlrrxx.exec:\xrlrrxx.exe92⤵PID:2868
-
\??\c:\bnhbhh.exec:\bnhbhh.exe93⤵PID:2388
-
\??\c:\1dddp.exec:\1dddp.exe94⤵PID:1616
-
\??\c:\9pjpp.exec:\9pjpp.exe95⤵PID:1676
-
\??\c:\xrrrxfl.exec:\xrrrxfl.exe96⤵PID:1204
-
\??\c:\flrlfxx.exec:\flrlfxx.exe97⤵PID:328
-
\??\c:\tnbhhn.exec:\tnbhhn.exe98⤵PID:1628
-
\??\c:\hhhbhb.exec:\hhhbhb.exe99⤵PID:2308
-
\??\c:\nnbhnb.exec:\nnbhnb.exe100⤵PID:2164
-
\??\c:\jpjdv.exec:\jpjdv.exe101⤵PID:1364
-
\??\c:\ppjdj.exec:\ppjdj.exe102⤵PID:2420
-
\??\c:\xxrrxrl.exec:\xxrrxrl.exe103⤵PID:2060
-
\??\c:\rfrlxxx.exec:\rfrlxxx.exe104⤵PID:2756
-
\??\c:\nhhbbt.exec:\nhhbbt.exe105⤵PID:2104
-
\??\c:\nhtbbb.exec:\nhtbbb.exe106⤵PID:1228
-
\??\c:\jdpvv.exec:\jdpvv.exe107⤵PID:672
-
\??\c:\1vvjj.exec:\1vvjj.exe108⤵PID:540
-
\??\c:\1xrllfr.exec:\1xrllfr.exe109⤵PID:1320
-
\??\c:\frfrrxl.exec:\frfrrxl.exe110⤵PID:1328
-
\??\c:\1fxxflr.exec:\1fxxflr.exe111⤵PID:1984
-
\??\c:\tnhntt.exec:\tnhntt.exe112⤵PID:1120
-
\??\c:\7httbt.exec:\7httbt.exe113⤵PID:1756
-
\??\c:\pjvdd.exec:\pjvdd.exe114⤵PID:1764
-
\??\c:\9jdjd.exec:\9jdjd.exe115⤵PID:2300
-
\??\c:\lfllrfl.exec:\lfllrfl.exe116⤵PID:1104
-
\??\c:\1lflxxf.exec:\1lflxxf.exe117⤵PID:1432
-
\??\c:\nnhhbt.exec:\nnhhbt.exe118⤵PID:2416
-
\??\c:\hnhbhh.exec:\hnhbhh.exe119⤵PID:1976
-
\??\c:\jdvdv.exec:\jdvdv.exe120⤵PID:2924
-
\??\c:\vpvvj.exec:\vpvvj.exe121⤵PID:2704
-
\??\c:\rflfrfr.exec:\rflfrfr.exe122⤵PID:1272
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-