Analysis
-
max time kernel
135s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
03-06-2024 13:29
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
a4faa0645cc9d0916ff2fc1d96d8e520_NeikiAnalytics.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
a4faa0645cc9d0916ff2fc1d96d8e520_NeikiAnalytics.exe
-
Size
449KB
-
MD5
a4faa0645cc9d0916ff2fc1d96d8e520
-
SHA1
e71892e3261c60fe4997ceb9b7beabb8b4336605
-
SHA256
ff950dd8dd7679b615d977b63e739fd35c0a58c739ca34a310dd84731f1cb116
-
SHA512
335c2de10283e4f3c40863accabce7286266814798cac751cdde2268504c45e6747f2446239231853e48d371d147ab1c8a9189e488112e68a28b76e8cbf91630
-
SSDEEP
6144:8cm7ImGddXmNt251UriZFwfsDX2UznsaFVNJCMKAbel:q7Tc2NYHUrAwfMp3CDl
Malware Config
Signatures
-
Detect Blackmoon payload 45 IoCs
resource yara_rule behavioral1/memory/2312-8-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2828-20-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2500-30-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1888-17-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2672-46-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2616-56-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2388-59-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2528-75-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/292-96-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1160-93-0x00000000001B0000-0x00000000001DA000-memory.dmp family_blackmoon behavioral1/memory/1160-92-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/292-99-0x0000000000320000-0x000000000034A000-memory.dmp family_blackmoon behavioral1/memory/2568-115-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/836-112-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2568-119-0x0000000000260000-0x000000000028A000-memory.dmp family_blackmoon behavioral1/memory/2568-124-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2528-118-0x00000000002C0000-0x00000000002EA000-memory.dmp family_blackmoon behavioral1/memory/1620-143-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1136-151-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2180-170-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2740-197-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/772-207-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2768-216-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2936-225-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2084-235-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1844-265-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1952-270-0x0000000001C80000-0x0000000001CAA000-memory.dmp family_blackmoon behavioral1/memory/1548-280-0x00000000003C0000-0x00000000003EA000-memory.dmp family_blackmoon behavioral1/memory/1652-295-0x0000000000220000-0x000000000024A000-memory.dmp family_blackmoon behavioral1/memory/1652-294-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2088-319-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2056-327-0x00000000001B0000-0x00000000001DA000-memory.dmp family_blackmoon behavioral1/memory/2056-326-0x00000000001B0000-0x00000000001DA000-memory.dmp family_blackmoon behavioral1/memory/2136-358-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2468-379-0x0000000000220000-0x000000000024A000-memory.dmp family_blackmoon behavioral1/memory/2844-397-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2592-431-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1980-445-0x0000000000220000-0x000000000024A000-memory.dmp family_blackmoon behavioral1/memory/2020-448-0x0000000000230000-0x000000000025A000-memory.dmp family_blackmoon behavioral1/memory/2716-490-0x0000000000430000-0x000000000045A000-memory.dmp family_blackmoon behavioral1/memory/2700-542-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/1492-556-0x0000000000330000-0x000000000035A000-memory.dmp family_blackmoon behavioral1/memory/2980-617-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2760-663-0x0000000000400000-0x000000000042A000-memory.dmp family_blackmoon behavioral1/memory/2680-695-0x0000000000320000-0x000000000034A000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
pid Process 1888 blxdfdx.exe 2828 hnflh.exe 2500 dhhtr.exe 2672 nfrfr.exe 2616 lfvnvp.exe 2388 xpbvbx.exe 2528 xpnxnn.exe 2404 tjbvnrh.exe 1160 hjbldd.exe 292 npfnvnn.exe 836 njfnv.exe 2568 ttrhpdr.exe 1532 frrflnd.exe 1620 rvfbrr.exe 1136 vtrdp.exe 1540 ddhhdhx.exe 2180 txlbt.exe 2716 drrlvn.exe 1644 rvvtbrn.exe 2740 jtnpxj.exe 772 nfjnfd.exe 2768 rddpn.exe 2936 htxdpvp.exe 2084 vnvhlv.exe 1804 phdvdp.exe 980 dtfnj.exe 1844 lljff.exe 1952 dtbrntt.exe 1548 jvtrhll.exe 1652 trvjjt.exe 3060 rndfxn.exe 2980 nltnbl.exe 2088 jrxlv.exe 2056 nrdjv.exe 1536 lrplrln.exe 2828 lljtt.exe 2924 rnjplj.exe 2772 rxfvf.exe 2136 hvbpvtt.exe 2676 vjrxlbh.exe 2652 xhrbtl.exe 2376 tvvjp.exe 2468 bffpp.exe 2244 bxhxjl.exe 2844 fhntfr.exe 696 fdhlfb.exe 1160 bfrlf.exe 2020 tftpdnt.exe 2340 fldxtdr.exe 2592 xtlffd.exe 1800 fvvllx.exe 1980 lhrrpn.exe 1524 bnrnnn.exe 1104 pntxfp.exe 1984 ntbfhjj.exe 1540 bfxxj.exe 1692 blvpjn.exe 2716 tvddf.exe 1112 rbrjtr.exe 1596 jpdhhnd.exe 524 ddjpb.exe 2780 flvnlf.exe 1832 djpbf.exe 1468 rbndftx.exe -
resource yara_rule behavioral1/memory/1888-10-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2312-8-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2828-20-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2500-30-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1888-17-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2672-46-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2616-47-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2616-56-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2388-59-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2528-67-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2528-75-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/292-96-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1160-92-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2568-115-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/836-112-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2568-124-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1620-143-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1136-151-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2180-162-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2180-170-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2740-188-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2740-197-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/772-207-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2768-216-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2936-225-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2084-227-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2084-235-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1844-265-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/3060-297-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1652-294-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2088-319-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2136-358-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2468-379-0x0000000000220000-0x000000000024A000-memory.dmp upx behavioral1/memory/2136-390-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2844-397-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2592-423-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2592-426-0x00000000002A0000-0x00000000002CA000-memory.dmp upx behavioral1/memory/2592-431-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1984-459-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1692-476-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2716-490-0x0000000000430000-0x000000000045A000-memory.dmp upx behavioral1/memory/524-503-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1468-522-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2700-535-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2700-542-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1492-549-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2816-563-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1908-578-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2980-617-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/3056-643-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2760-663-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/2476-685-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/3024-692-0x0000000000400000-0x000000000042A000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 2312 wrote to memory of 1888 2312 a4faa0645cc9d0916ff2fc1d96d8e520_NeikiAnalytics.exe 28 PID 2312 wrote to memory of 1888 2312 a4faa0645cc9d0916ff2fc1d96d8e520_NeikiAnalytics.exe 28 PID 2312 wrote to memory of 1888 2312 a4faa0645cc9d0916ff2fc1d96d8e520_NeikiAnalytics.exe 28 PID 2312 wrote to memory of 1888 2312 a4faa0645cc9d0916ff2fc1d96d8e520_NeikiAnalytics.exe 28 PID 1888 wrote to memory of 2828 1888 blxdfdx.exe 29 PID 1888 wrote to memory of 2828 1888 blxdfdx.exe 29 PID 1888 wrote to memory of 2828 1888 blxdfdx.exe 29 PID 1888 wrote to memory of 2828 1888 blxdfdx.exe 29 PID 2828 wrote to memory of 2500 2828 hnflh.exe 30 PID 2828 wrote to memory of 2500 2828 hnflh.exe 30 PID 2828 wrote to memory of 2500 2828 hnflh.exe 30 PID 2828 wrote to memory of 2500 2828 hnflh.exe 30 PID 2500 wrote to memory of 2672 2500 dhhtr.exe 31 PID 2500 wrote to memory of 2672 2500 dhhtr.exe 31 PID 2500 wrote to memory of 2672 2500 dhhtr.exe 31 PID 2500 wrote to memory of 2672 2500 dhhtr.exe 31 PID 2672 wrote to memory of 2616 2672 nfrfr.exe 32 PID 2672 wrote to memory of 2616 2672 nfrfr.exe 32 PID 2672 wrote to memory of 2616 2672 nfrfr.exe 32 PID 2672 wrote to memory of 2616 2672 nfrfr.exe 32 PID 2616 wrote to memory of 2388 2616 lfvnvp.exe 33 PID 2616 wrote to memory of 2388 2616 lfvnvp.exe 33 PID 2616 wrote to memory of 2388 2616 lfvnvp.exe 33 PID 2616 wrote to memory of 2388 2616 lfvnvp.exe 33 PID 2388 wrote to memory of 2528 2388 xpbvbx.exe 34 PID 2388 wrote to memory of 2528 2388 xpbvbx.exe 34 PID 2388 wrote to memory of 2528 2388 xpbvbx.exe 34 PID 2388 wrote to memory of 2528 2388 xpbvbx.exe 34 PID 2528 wrote to memory of 2404 2528 xpnxnn.exe 35 PID 2528 wrote to memory of 2404 2528 xpnxnn.exe 35 PID 2528 wrote to memory of 2404 2528 xpnxnn.exe 35 PID 2528 wrote to memory of 2404 2528 xpnxnn.exe 35 PID 2404 wrote to memory of 1160 2404 tjbvnrh.exe 36 PID 2404 wrote to memory of 1160 2404 tjbvnrh.exe 36 PID 2404 wrote to memory of 1160 2404 tjbvnrh.exe 36 PID 2404 wrote to memory of 1160 2404 tjbvnrh.exe 36 PID 1160 wrote to memory of 292 1160 hjbldd.exe 37 PID 1160 wrote to memory of 292 1160 hjbldd.exe 37 PID 1160 wrote to memory of 292 1160 hjbldd.exe 37 PID 1160 wrote to memory of 292 1160 hjbldd.exe 37 PID 292 wrote to memory of 836 292 npfnvnn.exe 38 PID 292 wrote to memory of 836 292 npfnvnn.exe 38 PID 292 wrote to memory of 836 292 npfnvnn.exe 38 PID 292 wrote to memory of 836 292 npfnvnn.exe 38 PID 836 wrote to memory of 2568 836 njfnv.exe 39 PID 836 wrote to memory of 2568 836 njfnv.exe 39 PID 836 wrote to memory of 2568 836 njfnv.exe 39 PID 836 wrote to memory of 2568 836 njfnv.exe 39 PID 2568 wrote to memory of 1532 2568 ttrhpdr.exe 40 PID 2568 wrote to memory of 1532 2568 ttrhpdr.exe 40 PID 2568 wrote to memory of 1532 2568 ttrhpdr.exe 40 PID 2568 wrote to memory of 1532 2568 ttrhpdr.exe 40 PID 1532 wrote to memory of 1620 1532 frrflnd.exe 41 PID 1532 wrote to memory of 1620 1532 frrflnd.exe 41 PID 1532 wrote to memory of 1620 1532 frrflnd.exe 41 PID 1532 wrote to memory of 1620 1532 frrflnd.exe 41 PID 1620 wrote to memory of 1136 1620 rvfbrr.exe 42 PID 1620 wrote to memory of 1136 1620 rvfbrr.exe 42 PID 1620 wrote to memory of 1136 1620 rvfbrr.exe 42 PID 1620 wrote to memory of 1136 1620 rvfbrr.exe 42 PID 1136 wrote to memory of 1540 1136 vtrdp.exe 43 PID 1136 wrote to memory of 1540 1136 vtrdp.exe 43 PID 1136 wrote to memory of 1540 1136 vtrdp.exe 43 PID 1136 wrote to memory of 1540 1136 vtrdp.exe 43
Processes
-
C:\Users\Admin\AppData\Local\Temp\a4faa0645cc9d0916ff2fc1d96d8e520_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\a4faa0645cc9d0916ff2fc1d96d8e520_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2312 -
\??\c:\blxdfdx.exec:\blxdfdx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1888 -
\??\c:\hnflh.exec:\hnflh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2828 -
\??\c:\dhhtr.exec:\dhhtr.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2500 -
\??\c:\nfrfr.exec:\nfrfr.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2672 -
\??\c:\lfvnvp.exec:\lfvnvp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2616 -
\??\c:\xpbvbx.exec:\xpbvbx.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2388 -
\??\c:\xpnxnn.exec:\xpnxnn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2528 -
\??\c:\tjbvnrh.exec:\tjbvnrh.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2404 -
\??\c:\hjbldd.exec:\hjbldd.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1160 -
\??\c:\npfnvnn.exec:\npfnvnn.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:292 -
\??\c:\njfnv.exec:\njfnv.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:836 -
\??\c:\ttrhpdr.exec:\ttrhpdr.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2568 -
\??\c:\frrflnd.exec:\frrflnd.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1532 -
\??\c:\rvfbrr.exec:\rvfbrr.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1620 -
\??\c:\vtrdp.exec:\vtrdp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1136 -
\??\c:\ddhhdhx.exec:\ddhhdhx.exe17⤵
- Executes dropped EXE
PID:1540 -
\??\c:\txlbt.exec:\txlbt.exe18⤵
- Executes dropped EXE
PID:2180 -
\??\c:\drrlvn.exec:\drrlvn.exe19⤵
- Executes dropped EXE
PID:2716 -
\??\c:\rvvtbrn.exec:\rvvtbrn.exe20⤵
- Executes dropped EXE
PID:1644 -
\??\c:\jtnpxj.exec:\jtnpxj.exe21⤵
- Executes dropped EXE
PID:2740 -
\??\c:\nfjnfd.exec:\nfjnfd.exe22⤵
- Executes dropped EXE
PID:772 -
\??\c:\rddpn.exec:\rddpn.exe23⤵
- Executes dropped EXE
PID:2768 -
\??\c:\htxdpvp.exec:\htxdpvp.exe24⤵
- Executes dropped EXE
PID:2936 -
\??\c:\vnvhlv.exec:\vnvhlv.exe25⤵
- Executes dropped EXE
PID:2084 -
\??\c:\phdvdp.exec:\phdvdp.exe26⤵
- Executes dropped EXE
PID:1804 -
\??\c:\dtfnj.exec:\dtfnj.exe27⤵
- Executes dropped EXE
PID:980 -
\??\c:\lljff.exec:\lljff.exe28⤵
- Executes dropped EXE
PID:1844 -
\??\c:\dtbrntt.exec:\dtbrntt.exe29⤵
- Executes dropped EXE
PID:1952 -
\??\c:\jvtrhll.exec:\jvtrhll.exe30⤵
- Executes dropped EXE
PID:1548 -
\??\c:\trvjjt.exec:\trvjjt.exe31⤵
- Executes dropped EXE
PID:1652 -
\??\c:\rndfxn.exec:\rndfxn.exe32⤵
- Executes dropped EXE
PID:3060 -
\??\c:\nltnbl.exec:\nltnbl.exe33⤵
- Executes dropped EXE
PID:2980 -
\??\c:\jrxlv.exec:\jrxlv.exe34⤵
- Executes dropped EXE
PID:2088 -
\??\c:\nrdjv.exec:\nrdjv.exe35⤵
- Executes dropped EXE
PID:2056 -
\??\c:\lrplrln.exec:\lrplrln.exe36⤵
- Executes dropped EXE
PID:1536 -
\??\c:\lljtt.exec:\lljtt.exe37⤵
- Executes dropped EXE
PID:2828 -
\??\c:\rnjplj.exec:\rnjplj.exe38⤵
- Executes dropped EXE
PID:2924 -
\??\c:\rxfvf.exec:\rxfvf.exe39⤵
- Executes dropped EXE
PID:2772 -
\??\c:\hvbpvtt.exec:\hvbpvtt.exe40⤵
- Executes dropped EXE
PID:2136 -
\??\c:\vjrxlbh.exec:\vjrxlbh.exe41⤵
- Executes dropped EXE
PID:2676 -
\??\c:\xhrbtl.exec:\xhrbtl.exe42⤵
- Executes dropped EXE
PID:2652 -
\??\c:\tvvjp.exec:\tvvjp.exe43⤵
- Executes dropped EXE
PID:2376 -
\??\c:\bffpp.exec:\bffpp.exe44⤵
- Executes dropped EXE
PID:2468 -
\??\c:\bxhxjl.exec:\bxhxjl.exe45⤵
- Executes dropped EXE
PID:2244 -
\??\c:\fhntfr.exec:\fhntfr.exe46⤵
- Executes dropped EXE
PID:2844 -
\??\c:\fdhlfb.exec:\fdhlfb.exe47⤵
- Executes dropped EXE
PID:696 -
\??\c:\bfrlf.exec:\bfrlf.exe48⤵
- Executes dropped EXE
PID:1160 -
\??\c:\tftpdnt.exec:\tftpdnt.exe49⤵
- Executes dropped EXE
PID:2020 -
\??\c:\fldxtdr.exec:\fldxtdr.exe50⤵
- Executes dropped EXE
PID:2340 -
\??\c:\xtlffd.exec:\xtlffd.exe51⤵
- Executes dropped EXE
PID:2592 -
\??\c:\fvvllx.exec:\fvvllx.exe52⤵
- Executes dropped EXE
PID:1800 -
\??\c:\lhrrpn.exec:\lhrrpn.exe53⤵
- Executes dropped EXE
PID:1980 -
\??\c:\bnrnnn.exec:\bnrnnn.exe54⤵
- Executes dropped EXE
PID:1524 -
\??\c:\pntxfp.exec:\pntxfp.exe55⤵
- Executes dropped EXE
PID:1104 -
\??\c:\ntbfhjj.exec:\ntbfhjj.exe56⤵
- Executes dropped EXE
PID:1984 -
\??\c:\bfxxj.exec:\bfxxj.exe57⤵
- Executes dropped EXE
PID:1540 -
\??\c:\blvpjn.exec:\blvpjn.exe58⤵
- Executes dropped EXE
PID:1692 -
\??\c:\tvddf.exec:\tvddf.exe59⤵
- Executes dropped EXE
PID:2716 -
\??\c:\rbrjtr.exec:\rbrjtr.exe60⤵
- Executes dropped EXE
PID:1112 -
\??\c:\jpdhhnd.exec:\jpdhhnd.exe61⤵
- Executes dropped EXE
PID:1596 -
\??\c:\ddjpb.exec:\ddjpb.exe62⤵
- Executes dropped EXE
PID:524 -
\??\c:\flvnlf.exec:\flvnlf.exe63⤵
- Executes dropped EXE
PID:2780 -
\??\c:\djpbf.exec:\djpbf.exe64⤵
- Executes dropped EXE
PID:1832 -
\??\c:\rbndftx.exec:\rbndftx.exe65⤵
- Executes dropped EXE
PID:1468 -
\??\c:\lbrvnx.exec:\lbrvnx.exe66⤵PID:3020
-
\??\c:\hlbbdvj.exec:\hlbbdvj.exe67⤵PID:2700
-
\??\c:\vrbnlpn.exec:\vrbnlpn.exe68⤵PID:3004
-
\??\c:\dhhlbj.exec:\dhhlbj.exe69⤵PID:1492
-
\??\c:\fxxdt.exec:\fxxdt.exe70⤵PID:1624
-
\??\c:\fxvpfv.exec:\fxvpfv.exe71⤵PID:2816
-
\??\c:\vvxnjfl.exec:\vvxnjfl.exe72⤵PID:2796
-
\??\c:\pdxnfh.exec:\pdxnfh.exe73⤵PID:1908
-
\??\c:\dljvjfh.exec:\dljvjfh.exe74⤵PID:2060
-
\??\c:\fbvlpv.exec:\fbvlpv.exe75⤵PID:2892
-
\??\c:\xhfpb.exec:\xhfpb.exe76⤵PID:1848
-
\??\c:\rhvhhrh.exec:\rhvhhrh.exe77⤵PID:1700
-
\??\c:\ndlhl.exec:\ndlhl.exe78⤵PID:3056
-
\??\c:\ldvljdf.exec:\ldvljdf.exe79⤵PID:2980
-
\??\c:\rhrbx.exec:\rhrbx.exe80⤵PID:2088
-
\??\c:\hnnhd.exec:\hnnhd.exe81⤵PID:1616
-
\??\c:\blxnvt.exec:\blxnvt.exe82⤵PID:1536
-
\??\c:\phbjxtl.exec:\phbjxtl.exe83⤵PID:1404
-
\??\c:\pnrvfjp.exec:\pnrvfjp.exe84⤵PID:2664
-
\??\c:\fxhnxl.exec:\fxhnxl.exe85⤵PID:2760
-
\??\c:\lrtbvv.exec:\lrtbvv.exe86⤵PID:2680
-
\??\c:\jjhfjj.exec:\jjhfjj.exe87⤵PID:2456
-
\??\c:\rdlfphr.exec:\rdlfphr.exe88⤵PID:2520
-
\??\c:\jpxldv.exec:\jpxldv.exe89⤵PID:2476
-
\??\c:\dnhxhj.exec:\dnhxhj.exe90⤵PID:3024
-
\??\c:\nvrpnd.exec:\nvrpnd.exe91⤵PID:1604
-
\??\c:\lvxfdx.exec:\lvxfdx.exe92⤵PID:328
-
\??\c:\bvbnrv.exec:\bvbnrv.exe93⤵PID:1300
-
\??\c:\rfjpdrv.exec:\rfjpdrv.exe94⤵PID:1480
-
\??\c:\xjvnr.exec:\xjvnr.exe95⤵PID:2340
-
\??\c:\nvtbrrt.exec:\nvtbrrt.exe96⤵PID:2592
-
\??\c:\drdntrj.exec:\drdntrj.exe97⤵PID:1164
-
\??\c:\lprnp.exec:\lprnp.exe98⤵PID:1668
-
\??\c:\xbrtvf.exec:\xbrtvf.exe99⤵PID:1948
-
\??\c:\vfdhpr.exec:\vfdhpr.exe100⤵PID:1640
-
\??\c:\jnpvblv.exec:\jnpvblv.exe101⤵PID:944
-
\??\c:\pjdbl.exec:\pjdbl.exe102⤵PID:2180
-
\??\c:\jjhdt.exec:\jjhdt.exe103⤵PID:1592
-
\??\c:\fhpjnt.exec:\fhpjnt.exe104⤵PID:932
-
\??\c:\rhhlv.exec:\rhhlv.exe105⤵PID:2684
-
\??\c:\hnthnd.exec:\hnthnd.exe106⤵PID:2784
-
\??\c:\bhbvhbt.exec:\bhbvhbt.exe107⤵PID:2956
-
\??\c:\lppfnx.exec:\lppfnx.exe108⤵PID:1988
-
\??\c:\trtfthb.exec:\trtfthb.exe109⤵PID:2164
-
\??\c:\brtxp.exec:\brtxp.exe110⤵PID:2984
-
\??\c:\xllxtd.exec:\xllxtd.exe111⤵PID:1100
-
\??\c:\dxjbnbv.exec:\dxjbnbv.exe112⤵PID:1088
-
\??\c:\pbjbnll.exec:\pbjbnll.exe113⤵PID:784
-
\??\c:\frjlpdj.exec:\frjlpdj.exe114⤵PID:1476
-
\??\c:\rfhrnpv.exec:\rfhrnpv.exe115⤵PID:1964
-
\??\c:\jlnvd.exec:\jlnvd.exe116⤵PID:1096
-
\??\c:\ppftxbd.exec:\ppftxbd.exe117⤵PID:1944
-
\??\c:\vlvdfpd.exec:\vlvdfpd.exe118⤵PID:2904
-
\??\c:\hjfnjrn.exec:\hjfnjrn.exe119⤵PID:2272
-
\??\c:\vlfjrf.exec:\vlfjrf.exe120⤵PID:880
-
\??\c:\nbdhbb.exec:\nbdhbb.exe121⤵PID:2300
-
\??\c:\frxhr.exec:\frxhr.exe122⤵PID:1848
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-