Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
22-05-2024 03:55
Behavioral task
behavioral1
Sample
18a9e65fe4d107bfba5bebad8f92ba40_NeikiAnalytics.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
18a9e65fe4d107bfba5bebad8f92ba40_NeikiAnalytics.exe
-
Size
189KB
-
MD5
18a9e65fe4d107bfba5bebad8f92ba40
-
SHA1
909299df8c5f36a47ab5362ab12f018e684a46ff
-
SHA256
38fbc084d1e46d1841a19bb2d65675e2ffb9aa02ce628f0b0cf443f9bddc3600
-
SHA512
d1891be864ba0d4b9fc7a038fc35896044ee318d254dc6f963787740f6b05b6a7d1fe5356deda44f051be2a69caef496cdc79a03fa20fa9420a3b36f6dfd7711
-
SSDEEP
3072:YhOmTsF93UYfwC6GIoutLmxHxae5yLpcgDE4JBuItR8pTsgnKbQFe3+J:Ycm4FmowdHoSLEaTBftapTsyFeOJ
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
resource yara_rule behavioral2/memory/3940-5-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/4104-10-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/3292-13-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/3480-19-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/2456-31-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/3152-77-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/724-67-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/740-57-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/4952-48-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/4332-47-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/3864-44-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/2248-25-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/2364-88-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/2704-91-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/2360-97-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/3204-103-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/4552-108-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/2732-124-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/3704-132-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/1028-131-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/3564-139-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/1348-153-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/4704-165-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/1664-171-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/1612-195-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/3348-193-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/1876-201-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/1192-203-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/536-209-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/3988-213-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/3044-217-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/2880-225-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/3292-229-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/4008-236-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/532-246-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/1724-274-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/2964-284-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/2620-282-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/3088-292-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/1828-302-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/4016-318-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/1988-322-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/3040-330-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/4320-339-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/3908-353-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/1760-359-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/3764-363-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/2324-373-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/5072-385-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/5076-389-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/1396-404-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/2728-442-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/3124-535-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/1732-539-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/1536-546-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/1608-590-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/3988-649-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/1536-680-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/656-694-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/2292-724-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/952-747-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/3520-754-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/4024-818-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon behavioral2/memory/4848-893-0x0000000000400000-0x0000000000430000-memory.dmp family_blackmoon -
Malware Dropper & Backdoor - Berbew 32 IoCs
Berbew is a backdoor Trojan malware with capabilities to download and install a range of additional malicious software, such as other Trojans, ransomware, and cryptominers.
resource yara_rule behavioral2/files/0x0007000000023305-3.dat family_berbew behavioral2/files/0x00070000000234a3-11.dat family_berbew behavioral2/files/0x00070000000234a4-14.dat family_berbew behavioral2/files/0x00070000000234a5-23.dat family_berbew behavioral2/files/0x00070000000234a6-28.dat family_berbew behavioral2/files/0x00070000000234a7-35.dat family_berbew behavioral2/files/0x00070000000234a8-39.dat family_berbew behavioral2/files/0x00070000000234a9-46.dat family_berbew behavioral2/files/0x00070000000234aa-53.dat family_berbew behavioral2/files/0x00070000000234ab-59.dat family_berbew behavioral2/files/0x00070000000234ac-63.dat family_berbew behavioral2/files/0x00070000000234ad-69.dat family_berbew behavioral2/files/0x00070000000234ae-73.dat family_berbew behavioral2/files/0x00070000000234af-81.dat family_berbew behavioral2/files/0x00070000000234b0-86.dat family_berbew behavioral2/files/0x00070000000234b1-94.dat family_berbew behavioral2/files/0x00070000000234b2-100.dat family_berbew behavioral2/files/0x00070000000234b3-105.dat family_berbew behavioral2/files/0x00080000000234a0-111.dat family_berbew behavioral2/files/0x00070000000234b4-116.dat family_berbew behavioral2/files/0x00070000000234b5-121.dat family_berbew behavioral2/files/0x00070000000234b6-128.dat family_berbew behavioral2/files/0x00070000000234b7-136.dat family_berbew behavioral2/files/0x00070000000234b8-141.dat family_berbew behavioral2/files/0x00070000000234b9-146.dat family_berbew behavioral2/files/0x00070000000234ba-151.dat family_berbew behavioral2/files/0x00070000000234bc-158.dat family_berbew behavioral2/files/0x00070000000234bd-162.dat family_berbew behavioral2/files/0x00070000000234be-169.dat family_berbew behavioral2/files/0x00070000000234bf-175.dat family_berbew behavioral2/files/0x00070000000234c0-180.dat family_berbew behavioral2/files/0x00070000000234c1-184.dat family_berbew -
Executes dropped EXE 64 IoCs
pid Process 4104 480860.exe 3292 jpddp.exe 3480 42866.exe 2248 hbhbnn.exe 2456 nbtntt.exe 3864 vpjpd.exe 4952 8282660.exe 4332 xxfxrll.exe 740 jdpdp.exe 724 bbntnh.exe 3152 024482.exe 3112 9hnnhh.exe 2072 ddvdj.exe 2364 rlfxrfx.exe 2704 lxlxrxr.exe 2360 hnbhbh.exe 3204 xlrrfxl.exe 4552 jdjvp.exe 824 862222.exe 2732 26600.exe 1028 ntbbnt.exe 3704 jpddj.exe 3564 0860682.exe 1336 xxlxlrr.exe 1348 86064.exe 2064 4648222.exe 820 xxrrlff.exe 4704 428262.exe 1664 262222.exe 4580 4886600.exe 4992 22440.exe 4236 2882668.exe 3348 1lrffxx.exe 1612 hbnbtb.exe 1876 jdpjp.exe 1192 860062.exe 536 hnbnnn.exe 3988 vpddd.exe 3044 0806266.exe 4520 6080026.exe 1572 jddjd.exe 2880 hnnhnh.exe 3292 3vvpp.exe 3696 jjvvp.exe 4008 dddvj.exe 1600 vdppp.exe 532 46286.exe 4004 2260644.exe 4900 6066246.exe 4844 4462488.exe 3720 5nbbtb.exe 3252 bbhbnh.exe 2300 ttnttn.exe 1740 vdpjp.exe 3588 0628240.exe 2944 lrrrxlf.exe 1724 lrxxxxx.exe 2620 k84822.exe 2964 284822.exe 752 vvppv.exe 3088 bbhbnn.exe 3032 vvpdp.exe 3512 84006.exe 1828 vvddp.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3940 wrote to memory of 4104 3940 18a9e65fe4d107bfba5bebad8f92ba40_NeikiAnalytics.exe 83 PID 3940 wrote to memory of 4104 3940 18a9e65fe4d107bfba5bebad8f92ba40_NeikiAnalytics.exe 83 PID 3940 wrote to memory of 4104 3940 18a9e65fe4d107bfba5bebad8f92ba40_NeikiAnalytics.exe 83 PID 4104 wrote to memory of 3292 4104 480860.exe 84 PID 4104 wrote to memory of 3292 4104 480860.exe 84 PID 4104 wrote to memory of 3292 4104 480860.exe 84 PID 3292 wrote to memory of 3480 3292 jpddp.exe 85 PID 3292 wrote to memory of 3480 3292 jpddp.exe 85 PID 3292 wrote to memory of 3480 3292 jpddp.exe 85 PID 3480 wrote to memory of 2248 3480 42866.exe 86 PID 3480 wrote to memory of 2248 3480 42866.exe 86 PID 3480 wrote to memory of 2248 3480 42866.exe 86 PID 2248 wrote to memory of 2456 2248 hbhbnn.exe 87 PID 2248 wrote to memory of 2456 2248 hbhbnn.exe 87 PID 2248 wrote to memory of 2456 2248 hbhbnn.exe 87 PID 2456 wrote to memory of 3864 2456 nbtntt.exe 88 PID 2456 wrote to memory of 3864 2456 nbtntt.exe 88 PID 2456 wrote to memory of 3864 2456 nbtntt.exe 88 PID 3864 wrote to memory of 4952 3864 vpjpd.exe 89 PID 3864 wrote to memory of 4952 3864 vpjpd.exe 89 PID 3864 wrote to memory of 4952 3864 vpjpd.exe 89 PID 4952 wrote to memory of 4332 4952 8282660.exe 90 PID 4952 wrote to memory of 4332 4952 8282660.exe 90 PID 4952 wrote to memory of 4332 4952 8282660.exe 90 PID 4332 wrote to memory of 740 4332 xxfxrll.exe 91 PID 4332 wrote to memory of 740 4332 xxfxrll.exe 91 PID 4332 wrote to memory of 740 4332 xxfxrll.exe 91 PID 740 wrote to memory of 724 740 jdpdp.exe 92 PID 740 wrote to memory of 724 740 jdpdp.exe 92 PID 740 wrote to memory of 724 740 jdpdp.exe 92 PID 724 wrote to memory of 3152 724 bbntnh.exe 93 PID 724 wrote to memory of 3152 724 bbntnh.exe 93 PID 724 wrote to memory of 3152 724 bbntnh.exe 93 PID 3152 wrote to memory of 3112 3152 024482.exe 94 PID 3152 wrote to memory of 3112 3152 024482.exe 94 PID 3152 wrote to memory of 3112 3152 024482.exe 94 PID 3112 wrote to memory of 2072 3112 9hnnhh.exe 95 PID 3112 wrote to memory of 2072 3112 9hnnhh.exe 95 PID 3112 wrote to memory of 2072 3112 9hnnhh.exe 95 PID 2072 wrote to memory of 2364 2072 ddvdj.exe 96 PID 2072 wrote to memory of 2364 2072 ddvdj.exe 96 PID 2072 wrote to memory of 2364 2072 ddvdj.exe 96 PID 2364 wrote to memory of 2704 2364 rlfxrfx.exe 97 PID 2364 wrote to memory of 2704 2364 rlfxrfx.exe 97 PID 2364 wrote to memory of 2704 2364 rlfxrfx.exe 97 PID 2704 wrote to memory of 2360 2704 lxlxrxr.exe 98 PID 2704 wrote to memory of 2360 2704 lxlxrxr.exe 98 PID 2704 wrote to memory of 2360 2704 lxlxrxr.exe 98 PID 2360 wrote to memory of 3204 2360 hnbhbh.exe 99 PID 2360 wrote to memory of 3204 2360 hnbhbh.exe 99 PID 2360 wrote to memory of 3204 2360 hnbhbh.exe 99 PID 3204 wrote to memory of 4552 3204 xlrrfxl.exe 100 PID 3204 wrote to memory of 4552 3204 xlrrfxl.exe 100 PID 3204 wrote to memory of 4552 3204 xlrrfxl.exe 100 PID 4552 wrote to memory of 824 4552 jdjvp.exe 101 PID 4552 wrote to memory of 824 4552 jdjvp.exe 101 PID 4552 wrote to memory of 824 4552 jdjvp.exe 101 PID 824 wrote to memory of 2732 824 862222.exe 102 PID 824 wrote to memory of 2732 824 862222.exe 102 PID 824 wrote to memory of 2732 824 862222.exe 102 PID 2732 wrote to memory of 1028 2732 26600.exe 103 PID 2732 wrote to memory of 1028 2732 26600.exe 103 PID 2732 wrote to memory of 1028 2732 26600.exe 103 PID 1028 wrote to memory of 3704 1028 ntbbnt.exe 104
Processes
-
C:\Users\Admin\AppData\Local\Temp\18a9e65fe4d107bfba5bebad8f92ba40_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\18a9e65fe4d107bfba5bebad8f92ba40_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3940 -
\??\c:\480860.exec:\480860.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4104 -
\??\c:\jpddp.exec:\jpddp.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3292 -
\??\c:\42866.exec:\42866.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3480 -
\??\c:\hbhbnn.exec:\hbhbnn.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2248 -
\??\c:\nbtntt.exec:\nbtntt.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2456 -
\??\c:\vpjpd.exec:\vpjpd.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3864 -
\??\c:\8282660.exec:\8282660.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4952 -
\??\c:\xxfxrll.exec:\xxfxrll.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4332 -
\??\c:\jdpdp.exec:\jdpdp.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:740 -
\??\c:\bbntnh.exec:\bbntnh.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:724 -
\??\c:\024482.exec:\024482.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3152 -
\??\c:\9hnnhh.exec:\9hnnhh.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3112 -
\??\c:\ddvdj.exec:\ddvdj.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2072 -
\??\c:\rlfxrfx.exec:\rlfxrfx.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2364 -
\??\c:\lxlxrxr.exec:\lxlxrxr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2704 -
\??\c:\hnbhbh.exec:\hnbhbh.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2360 -
\??\c:\xlrrfxl.exec:\xlrrfxl.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3204 -
\??\c:\jdjvp.exec:\jdjvp.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4552 -
\??\c:\862222.exec:\862222.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:824 -
\??\c:\26600.exec:\26600.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2732 -
\??\c:\ntbbnt.exec:\ntbbnt.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1028 -
\??\c:\jpddj.exec:\jpddj.exe23⤵
- Executes dropped EXE
PID:3704 -
\??\c:\0860682.exec:\0860682.exe24⤵
- Executes dropped EXE
PID:3564 -
\??\c:\xxlxlrr.exec:\xxlxlrr.exe25⤵
- Executes dropped EXE
PID:1336 -
\??\c:\86064.exec:\86064.exe26⤵
- Executes dropped EXE
PID:1348 -
\??\c:\4648222.exec:\4648222.exe27⤵
- Executes dropped EXE
PID:2064 -
\??\c:\xxrrlff.exec:\xxrrlff.exe28⤵
- Executes dropped EXE
PID:820 -
\??\c:\428262.exec:\428262.exe29⤵
- Executes dropped EXE
PID:4704 -
\??\c:\262222.exec:\262222.exe30⤵
- Executes dropped EXE
PID:1664 -
\??\c:\4886600.exec:\4886600.exe31⤵
- Executes dropped EXE
PID:4580 -
\??\c:\22440.exec:\22440.exe32⤵
- Executes dropped EXE
PID:4992 -
\??\c:\2882668.exec:\2882668.exe33⤵
- Executes dropped EXE
PID:4236 -
\??\c:\1lrffxx.exec:\1lrffxx.exe34⤵
- Executes dropped EXE
PID:3348 -
\??\c:\hbnbtb.exec:\hbnbtb.exe35⤵
- Executes dropped EXE
PID:1612 -
\??\c:\jdpjp.exec:\jdpjp.exe36⤵
- Executes dropped EXE
PID:1876 -
\??\c:\860062.exec:\860062.exe37⤵
- Executes dropped EXE
PID:1192 -
\??\c:\hnbnnn.exec:\hnbnnn.exe38⤵
- Executes dropped EXE
PID:536 -
\??\c:\vpddd.exec:\vpddd.exe39⤵
- Executes dropped EXE
PID:3988 -
\??\c:\0806266.exec:\0806266.exe40⤵
- Executes dropped EXE
PID:3044 -
\??\c:\6080026.exec:\6080026.exe41⤵
- Executes dropped EXE
PID:4520 -
\??\c:\jddjd.exec:\jddjd.exe42⤵
- Executes dropped EXE
PID:1572 -
\??\c:\hnnhnh.exec:\hnnhnh.exe43⤵
- Executes dropped EXE
PID:2880 -
\??\c:\3vvpp.exec:\3vvpp.exe44⤵
- Executes dropped EXE
PID:3292 -
\??\c:\jjvvp.exec:\jjvvp.exe45⤵
- Executes dropped EXE
PID:3696 -
\??\c:\dddvj.exec:\dddvj.exe46⤵
- Executes dropped EXE
PID:4008 -
\??\c:\vdppp.exec:\vdppp.exe47⤵
- Executes dropped EXE
PID:1600 -
\??\c:\46286.exec:\46286.exe48⤵
- Executes dropped EXE
PID:532 -
\??\c:\2260644.exec:\2260644.exe49⤵
- Executes dropped EXE
PID:4004 -
\??\c:\6066246.exec:\6066246.exe50⤵
- Executes dropped EXE
PID:4900 -
\??\c:\4462488.exec:\4462488.exe51⤵
- Executes dropped EXE
PID:4844 -
\??\c:\5nbbtb.exec:\5nbbtb.exe52⤵
- Executes dropped EXE
PID:3720 -
\??\c:\bbhbnh.exec:\bbhbnh.exe53⤵
- Executes dropped EXE
PID:3252 -
\??\c:\ttnttn.exec:\ttnttn.exe54⤵
- Executes dropped EXE
PID:2300 -
\??\c:\vdpjp.exec:\vdpjp.exe55⤵
- Executes dropped EXE
PID:1740 -
\??\c:\0628240.exec:\0628240.exe56⤵
- Executes dropped EXE
PID:3588 -
\??\c:\lrrrxlf.exec:\lrrrxlf.exe57⤵
- Executes dropped EXE
PID:2944 -
\??\c:\lrxxxxx.exec:\lrxxxxx.exe58⤵
- Executes dropped EXE
PID:1724 -
\??\c:\k84822.exec:\k84822.exe59⤵
- Executes dropped EXE
PID:2620 -
\??\c:\284822.exec:\284822.exe60⤵
- Executes dropped EXE
PID:2964 -
\??\c:\vvppv.exec:\vvppv.exe61⤵
- Executes dropped EXE
PID:752 -
\??\c:\bbhbnn.exec:\bbhbnn.exe62⤵
- Executes dropped EXE
PID:3088 -
\??\c:\vvpdp.exec:\vvpdp.exe63⤵
- Executes dropped EXE
PID:3032 -
\??\c:\84006.exec:\84006.exe64⤵
- Executes dropped EXE
PID:3512 -
\??\c:\vvddp.exec:\vvddp.exe65⤵
- Executes dropped EXE
PID:1828 -
\??\c:\064284.exec:\064284.exe66⤵PID:788
-
\??\c:\0tnhb.exec:\0tnhb.exe67⤵PID:1100
-
\??\c:\xffrlxx.exec:\xffrlxx.exe68⤵PID:1028
-
\??\c:\hnnthn.exec:\hnnthn.exe69⤵PID:2924
-
\??\c:\hbtttb.exec:\hbtttb.exe70⤵PID:4016
-
\??\c:\2642862.exec:\2642862.exe71⤵PID:3564
-
\??\c:\rflffll.exec:\rflffll.exe72⤵PID:1988
-
\??\c:\hbhhnn.exec:\hbhhnn.exe73⤵PID:316
-
\??\c:\0468884.exec:\0468884.exe74⤵PID:3040
-
\??\c:\4800044.exec:\4800044.exe75⤵PID:820
-
\??\c:\pjpjd.exec:\pjpjd.exe76⤵PID:4320
-
\??\c:\9vvvj.exec:\9vvvj.exe77⤵PID:3444
-
\??\c:\7vdjp.exec:\7vdjp.exe78⤵PID:2896
-
\??\c:\hbbtbb.exec:\hbbtbb.exe79⤵PID:1816
-
\??\c:\bnnbtn.exec:\bnnbtn.exe80⤵PID:4672
-
\??\c:\hbbttb.exec:\hbbttb.exe81⤵PID:3908
-
\??\c:\0866668.exec:\0866668.exe82⤵PID:1760
-
\??\c:\dvjvj.exec:\dvjvj.exe83⤵PID:3764
-
\??\c:\vjvpv.exec:\vjvpv.exe84⤵PID:3116
-
\??\c:\llffffx.exec:\llffffx.exe85⤵PID:400
-
\??\c:\bnhhhh.exec:\bnhhhh.exe86⤵PID:2324
-
\??\c:\nhnnnb.exec:\nhnnnb.exe87⤵PID:1128
-
\??\c:\242022.exec:\242022.exe88⤵PID:4640
-
\??\c:\tbhntt.exec:\tbhntt.exe89⤵PID:2000
-
\??\c:\jpvpv.exec:\jpvpv.exe90⤵PID:5072
-
\??\c:\086066.exec:\086066.exe91⤵PID:5076
-
\??\c:\8404448.exec:\8404448.exe92⤵PID:4324
-
\??\c:\60664.exec:\60664.exe93⤵PID:4728
-
\??\c:\bnhnbn.exec:\bnhnbn.exe94⤵PID:4872
-
\??\c:\2004404.exec:\2004404.exe95⤵PID:1396
-
\??\c:\a0226.exec:\a0226.exe96⤵PID:992
-
\??\c:\vdpjj.exec:\vdpjj.exe97⤵PID:3224
-
\??\c:\jpvpp.exec:\jpvpp.exe98⤵PID:4924
-
\??\c:\htbhth.exec:\htbhth.exe99⤵PID:2332
-
\??\c:\22846.exec:\22846.exe100⤵PID:4900
-
\??\c:\42648.exec:\42648.exe101⤵PID:4528
-
\??\c:\hntnnt.exec:\hntnnt.exe102⤵PID:3720
-
\??\c:\4220806.exec:\4220806.exe103⤵PID:4024
-
\??\c:\lfxlrlr.exec:\lfxlrlr.exe104⤵PID:3120
-
\??\c:\rrxxxxl.exec:\rrxxxxl.exe105⤵PID:5088
-
\??\c:\2440620.exec:\2440620.exe106⤵PID:4464
-
\??\c:\24260.exec:\24260.exe107⤵PID:1944
-
\??\c:\0840400.exec:\0840400.exe108⤵PID:2728
-
\??\c:\nhhnhh.exec:\nhhnhh.exe109⤵PID:752
-
\??\c:\bnhtbn.exec:\bnhtbn.exe110⤵PID:5056
-
\??\c:\4804848.exec:\4804848.exe111⤵PID:824
-
\??\c:\0244448.exec:\0244448.exe112⤵PID:4396
-
\??\c:\4604404.exec:\4604404.exe113⤵PID:1756
-
\??\c:\08842.exec:\08842.exe114⤵PID:2924
-
\??\c:\o020444.exec:\o020444.exe115⤵PID:1068
-
\??\c:\026802.exec:\026802.exe116⤵PID:2464
-
\??\c:\ffflxfr.exec:\ffflxfr.exe117⤵PID:1988
-
\??\c:\04240.exec:\04240.exe118⤵PID:1676
-
\??\c:\flxlxlx.exec:\flxlxlx.exe119⤵PID:3260
-
\??\c:\42062.exec:\42062.exe120⤵PID:820
-
\??\c:\06622.exec:\06622.exe121⤵PID:4712
-
\??\c:\lrxrfxx.exec:\lrxrfxx.exe122⤵PID:1920
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-