Analysis
-
max time kernel
150s -
max time network
117s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
18/05/2024, 13:36
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
cf58772b0e081fe51838564c365befa0_NeikiAnalytics.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
cf58772b0e081fe51838564c365befa0_NeikiAnalytics.exe
-
Size
393KB
-
MD5
cf58772b0e081fe51838564c365befa0
-
SHA1
a791d9a26f96a268de78eb12056a82516e64dbf3
-
SHA256
3394c4c6f06b87ae9c3b441f120e82122b2c2a3d2e9865e7dd773f21ae57a0ef
-
SHA512
e6054ceb73f9833d87deb8779816ee64b15fa17ecd6d66705d7c378b13bb956a83c4a97d0cade0f14eafedc46f6976fa9cb4853b994e8cc495441f0890976ce8
-
SSDEEP
6144:Acm7ImGddX5WrXF5lpKGYV0aTk/BO0XJm4UEPOshN/xdKnvP48bmRE:m7TcJWjdpKGATTk/jYIOWN/KnnPN
Malware Config
Signatures
-
Detect Blackmoon payload 36 IoCs
resource yara_rule behavioral1/memory/1952-0-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2456-9-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2492-26-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2624-36-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2388-48-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2784-45-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2652-57-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2428-73-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/384-90-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2720-106-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1360-114-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1556-124-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1796-142-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/644-150-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2760-162-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2752-177-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/856-194-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1576-238-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1692-247-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/948-256-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1484-267-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1448-286-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2448-300-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1516-301-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2936-316-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2516-329-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2784-341-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2408-374-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1664-397-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1572-430-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1680-461-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1080-543-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2716-952-0x00000000001B0000-0x00000000001DA000-memory.dmp family_blackmoon behavioral1/memory/2616-1166-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2652-1180-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2948-1220-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 2456 nhtntb.exe 2492 7xfxxxr.exe 2624 xlfflrx.exe 2784 9dppj.exe 2388 rfxflll.exe 2652 xrfllfl.exe 2428 pjvpj.exe 2872 7rllrrl.exe 384 7thhnh.exe 2548 5vjjp.exe 2720 rfrlrlr.exe 1360 7bhhnh.exe 1556 9jpdj.exe 1560 rlflxfr.exe 1796 5bnnhh.exe 644 3pddj.exe 1032 xlxrllr.exe 2760 jjdjv.exe 2752 jvvpp.exe 600 5hhnbh.exe 856 thbbnn.exe 2336 rlffrxl.exe 2292 hhbhbb.exe 2976 jdddv.exe 1288 3xrxrxl.exe 1576 9bbhbh.exe 1692 vdjdd.exe 948 3rrfffl.exe 2236 bthnbb.exe 1484 pjjpd.exe 1008 9rfxxff.exe 1448 vvdpj.exe 2448 jvjdp.exe 1516 rlffxlr.exe 2936 hbhnnn.exe 2636 jjddj.exe 2668 lfrfrxx.exe 2516 5btbhb.exe 2784 pjdjv.exe 2696 frflllr.exe 2380 5nhnbb.exe 2440 ddpvj.exe 2900 rfrlrfl.exe 2408 hhntbb.exe 2352 vppjd.exe 2572 fxlfrrx.exe 2724 xlfxfxf.exe 1664 nhbntt.exe 2248 jjvdp.exe 1780 1xffrrf.exe 1604 bthbht.exe 1572 vvjjd.exe 1264 lxlflfl.exe 876 9xrrrrx.exe 2044 bththb.exe 2404 fxllllx.exe 1700 3xrxrlf.exe 1680 3ttthh.exe 1416 vvpvj.exe 1108 rlxlrrf.exe 1124 rlfxlfl.exe 2332 nhbhtt.exe 964 vpjdd.exe 860 xllffrf.exe -
resource yara_rule behavioral1/memory/1952-0-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2456-9-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2492-17-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2492-26-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2784-37-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2624-36-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2388-48-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2784-45-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2652-57-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2428-73-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/384-90-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2720-106-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1360-114-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1556-124-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1796-142-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/644-150-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1032-152-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2760-162-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2752-177-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/856-194-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2336-196-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1576-238-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1692-247-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/948-256-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1484-267-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1008-276-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1448-286-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2448-293-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2448-300-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1516-301-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2936-316-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2516-329-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2784-341-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2408-374-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2352-375-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2724-389-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1664-397-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2248-404-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1572-423-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1572-430-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1680-461-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1124-480-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1304-518-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1080-543-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2308-544-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2104-569-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2388-627-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2600-670-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1236-683-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2320-708-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2920-850-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2004-882-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2568-895-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2464-932-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2716-950-0x00000000001B0000-0x00000000001DA000-memory.dmp upx behavioral1/memory/1592-959-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1524-972-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/328-979-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/876-1004-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2560-1053-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/964-1060-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/784-1073-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/888-1086-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1724-1099-0x0000000000400000-0x000000000042A000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1952 wrote to memory of 2456 1952 cf58772b0e081fe51838564c365befa0_NeikiAnalytics.exe 28 PID 1952 wrote to memory of 2456 1952 cf58772b0e081fe51838564c365befa0_NeikiAnalytics.exe 28 PID 1952 wrote to memory of 2456 1952 cf58772b0e081fe51838564c365befa0_NeikiAnalytics.exe 28 PID 1952 wrote to memory of 2456 1952 cf58772b0e081fe51838564c365befa0_NeikiAnalytics.exe 28 PID 2456 wrote to memory of 2492 2456 nhtntb.exe 29 PID 2456 wrote to memory of 2492 2456 nhtntb.exe 29 PID 2456 wrote to memory of 2492 2456 nhtntb.exe 29 PID 2456 wrote to memory of 2492 2456 nhtntb.exe 29 PID 2492 wrote to memory of 2624 2492 7xfxxxr.exe 30 PID 2492 wrote to memory of 2624 2492 7xfxxxr.exe 30 PID 2492 wrote to memory of 2624 2492 7xfxxxr.exe 30 PID 2492 wrote to memory of 2624 2492 7xfxxxr.exe 30 PID 2624 wrote to memory of 2784 2624 xlfflrx.exe 31 PID 2624 wrote to memory of 2784 2624 xlfflrx.exe 31 PID 2624 wrote to memory of 2784 2624 xlfflrx.exe 31 PID 2624 wrote to memory of 2784 2624 xlfflrx.exe 31 PID 2784 wrote to memory of 2388 2784 9dppj.exe 32 PID 2784 wrote to memory of 2388 2784 9dppj.exe 32 PID 2784 wrote to memory of 2388 2784 9dppj.exe 32 PID 2784 wrote to memory of 2388 2784 9dppj.exe 32 PID 2388 wrote to memory of 2652 2388 rfxflll.exe 33 PID 2388 wrote to memory of 2652 2388 rfxflll.exe 33 PID 2388 wrote to memory of 2652 2388 rfxflll.exe 33 PID 2388 wrote to memory of 2652 2388 rfxflll.exe 33 PID 2652 wrote to memory of 2428 2652 xrfllfl.exe 34 PID 2652 wrote to memory of 2428 2652 xrfllfl.exe 34 PID 2652 wrote to memory of 2428 2652 xrfllfl.exe 34 PID 2652 wrote to memory of 2428 2652 xrfllfl.exe 34 PID 2428 wrote to memory of 2872 2428 pjvpj.exe 35 PID 2428 wrote to memory of 2872 2428 pjvpj.exe 35 PID 2428 wrote to memory of 2872 2428 pjvpj.exe 35 PID 2428 wrote to memory of 2872 2428 pjvpj.exe 35 PID 2872 wrote to memory of 384 2872 7rllrrl.exe 36 PID 2872 wrote to memory of 384 2872 7rllrrl.exe 36 PID 2872 wrote to memory of 384 2872 7rllrrl.exe 36 PID 2872 wrote to memory of 384 2872 7rllrrl.exe 36 PID 384 wrote to memory of 2548 384 7thhnh.exe 37 PID 384 wrote to memory of 2548 384 7thhnh.exe 37 PID 384 wrote to memory of 2548 384 7thhnh.exe 37 PID 384 wrote to memory of 2548 384 7thhnh.exe 37 PID 2548 wrote to memory of 2720 2548 5vjjp.exe 38 PID 2548 wrote to memory of 2720 2548 5vjjp.exe 38 PID 2548 wrote to memory of 2720 2548 5vjjp.exe 38 PID 2548 wrote to memory of 2720 2548 5vjjp.exe 38 PID 2720 wrote to memory of 1360 2720 rfrlrlr.exe 39 PID 2720 wrote to memory of 1360 2720 rfrlrlr.exe 39 PID 2720 wrote to memory of 1360 2720 rfrlrlr.exe 39 PID 2720 wrote to memory of 1360 2720 rfrlrlr.exe 39 PID 1360 wrote to memory of 1556 1360 7bhhnh.exe 40 PID 1360 wrote to memory of 1556 1360 7bhhnh.exe 40 PID 1360 wrote to memory of 1556 1360 7bhhnh.exe 40 PID 1360 wrote to memory of 1556 1360 7bhhnh.exe 40 PID 1556 wrote to memory of 1560 1556 9jpdj.exe 41 PID 1556 wrote to memory of 1560 1556 9jpdj.exe 41 PID 1556 wrote to memory of 1560 1556 9jpdj.exe 41 PID 1556 wrote to memory of 1560 1556 9jpdj.exe 41 PID 1560 wrote to memory of 1796 1560 rlflxfr.exe 42 PID 1560 wrote to memory of 1796 1560 rlflxfr.exe 42 PID 1560 wrote to memory of 1796 1560 rlflxfr.exe 42 PID 1560 wrote to memory of 1796 1560 rlflxfr.exe 42 PID 1796 wrote to memory of 644 1796 5bnnhh.exe 43 PID 1796 wrote to memory of 644 1796 5bnnhh.exe 43 PID 1796 wrote to memory of 644 1796 5bnnhh.exe 43 PID 1796 wrote to memory of 644 1796 5bnnhh.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\cf58772b0e081fe51838564c365befa0_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\cf58772b0e081fe51838564c365befa0_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1952 -
\??\c:\nhtntb.exec:\nhtntb.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2456 -
\??\c:\7xfxxxr.exec:\7xfxxxr.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2492 -
\??\c:\xlfflrx.exec:\xlfflrx.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2624 -
\??\c:\9dppj.exec:\9dppj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2784 -
\??\c:\rfxflll.exec:\rfxflll.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2388 -
\??\c:\xrfllfl.exec:\xrfllfl.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2652 -
\??\c:\pjvpj.exec:\pjvpj.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2428 -
\??\c:\7rllrrl.exec:\7rllrrl.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2872 -
\??\c:\7thhnh.exec:\7thhnh.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:384 -
\??\c:\5vjjp.exec:\5vjjp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2548 -
\??\c:\rfrlrlr.exec:\rfrlrlr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2720 -
\??\c:\7bhhnh.exec:\7bhhnh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1360 -
\??\c:\9jpdj.exec:\9jpdj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1556 -
\??\c:\rlflxfr.exec:\rlflxfr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1560 -
\??\c:\5bnnhh.exec:\5bnnhh.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1796 -
\??\c:\3pddj.exec:\3pddj.exe17⤵
- Executes dropped EXE
PID:644 -
\??\c:\xlxrllr.exec:\xlxrllr.exe18⤵
- Executes dropped EXE
PID:1032 -
\??\c:\jjdjv.exec:\jjdjv.exe19⤵
- Executes dropped EXE
PID:2760 -
\??\c:\jvvpp.exec:\jvvpp.exe20⤵
- Executes dropped EXE
PID:2752 -
\??\c:\5hhnbh.exec:\5hhnbh.exe21⤵
- Executes dropped EXE
PID:600 -
\??\c:\thbbnn.exec:\thbbnn.exe22⤵
- Executes dropped EXE
PID:856 -
\??\c:\rlffrxl.exec:\rlffrxl.exe23⤵
- Executes dropped EXE
PID:2336 -
\??\c:\hhbhbb.exec:\hhbhbb.exe24⤵
- Executes dropped EXE
PID:2292 -
\??\c:\jdddv.exec:\jdddv.exe25⤵
- Executes dropped EXE
PID:2976 -
\??\c:\3xrxrxl.exec:\3xrxrxl.exe26⤵
- Executes dropped EXE
PID:1288 -
\??\c:\9bbhbh.exec:\9bbhbh.exe27⤵
- Executes dropped EXE
PID:1576 -
\??\c:\vdjdd.exec:\vdjdd.exe28⤵
- Executes dropped EXE
PID:1692 -
\??\c:\3rrfffl.exec:\3rrfffl.exe29⤵
- Executes dropped EXE
PID:948 -
\??\c:\bthnbb.exec:\bthnbb.exe30⤵
- Executes dropped EXE
PID:2236 -
\??\c:\pjjpd.exec:\pjjpd.exe31⤵
- Executes dropped EXE
PID:1484 -
\??\c:\9rfxxff.exec:\9rfxxff.exe32⤵
- Executes dropped EXE
PID:1008 -
\??\c:\vvdpj.exec:\vvdpj.exe33⤵
- Executes dropped EXE
PID:1448 -
\??\c:\jvjdp.exec:\jvjdp.exe34⤵
- Executes dropped EXE
PID:2448 -
\??\c:\rlffxlr.exec:\rlffxlr.exe35⤵
- Executes dropped EXE
PID:1516 -
\??\c:\hbhnnn.exec:\hbhnnn.exe36⤵
- Executes dropped EXE
PID:2936 -
\??\c:\jjddj.exec:\jjddj.exe37⤵
- Executes dropped EXE
PID:2636 -
\??\c:\lfrfrxx.exec:\lfrfrxx.exe38⤵
- Executes dropped EXE
PID:2668 -
\??\c:\5btbhb.exec:\5btbhb.exe39⤵
- Executes dropped EXE
PID:2516 -
\??\c:\pjdjv.exec:\pjdjv.exe40⤵
- Executes dropped EXE
PID:2784 -
\??\c:\frflllr.exec:\frflllr.exe41⤵
- Executes dropped EXE
PID:2696 -
\??\c:\5nhnbb.exec:\5nhnbb.exe42⤵
- Executes dropped EXE
PID:2380 -
\??\c:\ddpvj.exec:\ddpvj.exe43⤵
- Executes dropped EXE
PID:2440 -
\??\c:\rfrlrfl.exec:\rfrlrfl.exe44⤵
- Executes dropped EXE
PID:2900 -
\??\c:\hhntbb.exec:\hhntbb.exe45⤵
- Executes dropped EXE
PID:2408 -
\??\c:\vppjd.exec:\vppjd.exe46⤵
- Executes dropped EXE
PID:2352 -
\??\c:\fxlfrrx.exec:\fxlfrrx.exe47⤵
- Executes dropped EXE
PID:2572 -
\??\c:\xlfxfxf.exec:\xlfxfxf.exe48⤵
- Executes dropped EXE
PID:2724 -
\??\c:\nhbntt.exec:\nhbntt.exe49⤵
- Executes dropped EXE
PID:1664 -
\??\c:\jjvdp.exec:\jjvdp.exe50⤵
- Executes dropped EXE
PID:2248 -
\??\c:\1xffrrf.exec:\1xffrrf.exe51⤵
- Executes dropped EXE
PID:1780 -
\??\c:\bthbht.exec:\bthbht.exe52⤵
- Executes dropped EXE
PID:1604 -
\??\c:\vvjjd.exec:\vvjjd.exe53⤵
- Executes dropped EXE
PID:1572 -
\??\c:\lxlflfl.exec:\lxlflfl.exe54⤵
- Executes dropped EXE
PID:1264 -
\??\c:\9xrrrrx.exec:\9xrrrrx.exe55⤵
- Executes dropped EXE
PID:876 -
\??\c:\bththb.exec:\bththb.exe56⤵
- Executes dropped EXE
PID:2044 -
\??\c:\fxllllx.exec:\fxllllx.exe57⤵
- Executes dropped EXE
PID:2404 -
\??\c:\3xrxrlf.exec:\3xrxrlf.exe58⤵
- Executes dropped EXE
PID:1700 -
\??\c:\3ttthh.exec:\3ttthh.exe59⤵
- Executes dropped EXE
PID:1680 -
\??\c:\vvpvj.exec:\vvpvj.exe60⤵
- Executes dropped EXE
PID:1416 -
\??\c:\rlxlrrf.exec:\rlxlrrf.exe61⤵
- Executes dropped EXE
PID:1108 -
\??\c:\rlfxlfl.exec:\rlfxlfl.exe62⤵
- Executes dropped EXE
PID:1124 -
\??\c:\nhbhtt.exec:\nhbhtt.exe63⤵
- Executes dropped EXE
PID:2332 -
\??\c:\vpjdd.exec:\vpjdd.exe64⤵
- Executes dropped EXE
PID:964 -
\??\c:\xllffrf.exec:\xllffrf.exe65⤵
- Executes dropped EXE
PID:860 -
\??\c:\thhhhh.exec:\thhhhh.exe66⤵PID:1492
-
\??\c:\bnbbbn.exec:\bnbbbn.exe67⤵PID:972
-
\??\c:\pdvvj.exec:\pdvvj.exe68⤵PID:1304
-
\??\c:\1xrlrlr.exec:\1xrlrlr.exe69⤵PID:292
-
\??\c:\flrxrrx.exec:\flrxrrx.exe70⤵PID:572
-
\??\c:\hthhtt.exec:\hthhtt.exe71⤵PID:1080
-
\??\c:\jvjdv.exec:\jvjdv.exe72⤵PID:2308
-
\??\c:\9vjjv.exec:\9vjjv.exe73⤵PID:1128
-
\??\c:\7lfxllx.exec:\7lfxllx.exe74⤵PID:3068
-
\??\c:\nbhhnh.exec:\nbhhnh.exe75⤵PID:2212
-
\??\c:\9jdpv.exec:\9jdpv.exe76⤵PID:2104
-
\??\c:\9ffflrf.exec:\9ffflrf.exe77⤵PID:3032
-
\??\c:\rfrrflr.exec:\rfrrflr.exe78⤵PID:2076
-
\??\c:\hhbntb.exec:\hhbntb.exe79⤵PID:2644
-
\??\c:\jdpvd.exec:\jdpvd.exe80⤵PID:2796
-
\??\c:\rfxflxf.exec:\rfxflxf.exe81⤵PID:2520
-
\??\c:\hbtthh.exec:\hbtthh.exe82⤵PID:2668
-
\??\c:\dpdpp.exec:\dpdpp.exe83⤵PID:2516
-
\??\c:\9dpjj.exec:\9dpjj.exe84⤵PID:2364
-
\??\c:\rrlxfll.exec:\rrlxfll.exe85⤵PID:2388
-
\??\c:\3httbt.exec:\3httbt.exe86⤵PID:2384
-
\??\c:\vddpv.exec:\vddpv.exe87⤵PID:2440
-
\??\c:\dvddj.exec:\dvddj.exe88⤵PID:2948
-
\??\c:\rrfrffl.exec:\rrfrffl.exe89⤵PID:1624
-
\??\c:\thhhbh.exec:\thhhbh.exe90⤵PID:1608
-
\??\c:\1vvvp.exec:\1vvvp.exe91⤵PID:2708
-
\??\c:\5lfrrxl.exec:\5lfrrxl.exe92⤵PID:2600
-
\??\c:\rlfxflx.exec:\rlfxflx.exe93⤵PID:1360
-
\??\c:\bthtbh.exec:\bthtbh.exe94⤵PID:1236
-
\??\c:\dvjpv.exec:\dvjpv.exe95⤵PID:1620
-
\??\c:\xflrxfl.exec:\xflrxfl.exe96⤵PID:328
-
\??\c:\lfrrxrf.exec:\lfrrxrf.exe97⤵PID:2584
-
\??\c:\nnnhnt.exec:\nnnhnt.exe98⤵PID:2320
-
\??\c:\pjvjd.exec:\pjvjd.exe99⤵PID:1264
-
\??\c:\dvdjv.exec:\dvdjv.exe100⤵PID:876
-
\??\c:\9xlxxrx.exec:\9xlxxrx.exe101⤵PID:2044
-
\??\c:\lfrrlrx.exec:\lfrrlrx.exe102⤵PID:1924
-
\??\c:\hhhhtt.exec:\hhhhtt.exe103⤵PID:1700
-
\??\c:\1jvvv.exec:\1jvvv.exe104⤵PID:2940
-
\??\c:\dpddj.exec:\dpddj.exe105⤵PID:1084
-
\??\c:\xlrlxxl.exec:\xlrlxxl.exe106⤵PID:912
-
\??\c:\tnbbbb.exec:\tnbbbb.exe107⤵PID:852
-
\??\c:\hbntnt.exec:\hbntnt.exe108⤵PID:2972
-
\??\c:\7vjjd.exec:\7vjjd.exe109⤵PID:964
-
\??\c:\1fllxxf.exec:\1fllxxf.exe110⤵PID:380
-
\??\c:\xlffllr.exec:\xlffllr.exe111⤵PID:1492
-
\??\c:\nbtthh.exec:\nbtthh.exe112⤵PID:972
-
\??\c:\vvjjp.exec:\vvjjp.exe113⤵PID:2264
-
\??\c:\1pvpd.exec:\1pvpd.exe114⤵PID:1908
-
\??\c:\ffxlrrr.exec:\ffxlrrr.exe115⤵PID:1220
-
\??\c:\5bnhnn.exec:\5bnhnn.exe116⤵PID:1080
-
\??\c:\hbnthh.exec:\hbnthh.exe117⤵PID:1564
-
\??\c:\5vpjv.exec:\5vpjv.exe118⤵PID:2992
-
\??\c:\1lrrffx.exec:\1lrrffx.exe119⤵PID:1628
-
\??\c:\rlxxflr.exec:\rlxxflr.exe120⤵PID:896
-
\??\c:\tthhhn.exec:\tthhhn.exe121⤵PID:2920
-
\??\c:\pjpvj.exec:\pjpvj.exe122⤵PID:1540
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-