Analysis
-
max time kernel
153s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
21-06-2024 01:57
Behavioral task
behavioral1
Sample
2c89c6c5786e48f153c75f36589b4f42d3d3ec96fec7954483b113b0d5ac2ac6_NeikiAnalytics.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
2c89c6c5786e48f153c75f36589b4f42d3d3ec96fec7954483b113b0d5ac2ac6_NeikiAnalytics.exe
-
Size
381KB
-
MD5
461d6c8e50b66503d3d32f15d26938a0
-
SHA1
ad1f8eae292b1b3c12c3a7920cacebefd7fd8990
-
SHA256
2c89c6c5786e48f153c75f36589b4f42d3d3ec96fec7954483b113b0d5ac2ac6
-
SHA512
d7ac3955cac0bf7eb75d2cb002b48e8b8f8a753bac8504c8c37e3ba7623342a7841158885f83d6ca4e748a5dc1ca9372afcc4df5bbbb39da3159ba099fa07d71
-
SSDEEP
6144:Ocm4FmowdHoSsm4FIc1/cm4FmowdHoSsiNlcJcmHYC9/jvvfwL+TLPfSRcm4FVoP:w4wFHoSl4h4wFHoS24yTgL+zfu4/FHo3
Malware Config
Signatures
-
Detect Blackmoon payload 64 IoCs
Processes:
resource yara_rule behavioral2/memory/4780-6-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/4796-13-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/5068-22-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/3280-27-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/4832-34-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/568-39-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/2020-48-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/3688-49-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/3688-57-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/1604-63-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/2004-68-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/4524-75-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/1008-81-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/880-83-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/2536-91-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/1008-90-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/2536-97-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/1608-99-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/1608-105-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/4432-110-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/3064-111-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/3064-117-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/4280-124-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/1208-126-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/1412-139-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/1208-133-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/1344-145-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/3812-152-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/2212-158-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/3560-160-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/3560-167-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/3460-173-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/2504-175-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/2504-179-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/3068-183-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/3068-188-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/3336-195-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/3336-202-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/3744-200-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/2816-199-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/4420-208-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/2816-210-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/4420-214-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/4068-221-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/4752-223-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/4752-228-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/1744-229-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/1744-233-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/3028-234-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/3028-240-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/1000-243-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/4260-244-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/4260-248-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/2020-253-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/3980-258-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/456-263-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/4632-268-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/4608-273-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/3344-274-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/3344-278-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/3288-279-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/1352-284-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/3288-283-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon behavioral2/memory/872-289-0x0000000000400000-0x0000000000472000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
Processes:
934n0kq.exesn31956.exedu0xp.exe0398f.exex52u046.exe60c95.exe68e3m9h.exe590rrmw.exe3u9agq8.exe74ro0e.exe8h6799.exe5w3onl9.exei5cl7.exerm4s7.exe713g628.exec7fd23.exe5d37e7.exepeku9.exec43gg.exe8bb0978.exexm3k1s.exe49j3cii.exem26n47j.exe7d7j7x7.exe927va4.exe93eqhr.exe814bq.exe8to3c40.exe196tc9t.exe4dg1563.exeg6la1w.exe07utudk.exe2s3s3nn.exel3992l.exej1q14uf.exe5e7gd9.exeaqb7r99.exedsrp6op.exee553c97.exe52r1jg.exe7k71w7m.exe895ldx.exeo3nibo9.exe77w537h.exe53t34o.exe2wu2n3.exe09u8a5.exe15w4f9q.exeg5721d.exer76dsmw.exeqh564.exeolrmkb.exet7f0r9.exeh4kn1ws.exe39x94i3.exehtuj15.exe88251h5.exe0akcc1.exe63l3sk.exepauvp.exe01h1p4p.exe1j0jj.exemo79j6.exee7enfp8.exepid process 4796 934n0kq.exe 5068 sn31956.exe 3280 du0xp.exe 4832 0398f.exe 568 x52u046.exe 2020 60c95.exe 3688 68e3m9h.exe 1604 590rrmw.exe 2004 3u9agq8.exe 4524 74ro0e.exe 880 8h6799.exe 1008 5w3onl9.exe 2536 i5cl7.exe 1608 rm4s7.exe 4432 713g628.exe 3064 c7fd23.exe 4280 5d37e7.exe 1208 peku9.exe 1412 c43gg.exe 1344 8bb0978.exe 3812 xm3k1s.exe 2212 49j3cii.exe 3560 m26n47j.exe 3460 7d7j7x7.exe 2504 927va4.exe 3068 93eqhr.exe 3744 814bq.exe 3336 8to3c40.exe 2816 196tc9t.exe 4420 4dg1563.exe 4068 g6la1w.exe 4752 07utudk.exe 1744 2s3s3nn.exe 3028 l3992l.exe 1000 j1q14uf.exe 4260 5e7gd9.exe 2020 aqb7r99.exe 3980 dsrp6op.exe 456 e553c97.exe 4632 52r1jg.exe 4608 7k71w7m.exe 3344 895ldx.exe 3288 o3nibo9.exe 1352 77w537h.exe 872 53t34o.exe 552 2wu2n3.exe 4476 09u8a5.exe 1496 15w4f9q.exe 2108 g5721d.exe 2496 r76dsmw.exe 4280 qh564.exe 968 olrmkb.exe 772 t7f0r9.exe 4848 h4kn1ws.exe 2520 39x94i3.exe 5064 htuj15.exe 3492 88251h5.exe 5100 0akcc1.exe 2372 63l3sk.exe 4128 pauvp.exe 1728 01h1p4p.exe 380 1j0jj.exe 4836 mo79j6.exe 4468 e7enfp8.exe -
Processes:
resource yara_rule behavioral2/memory/4780-0-0x0000000000400000-0x0000000000472000-memory.dmp upx C:\934n0kq.exe upx behavioral2/memory/4796-7-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral2/memory/4780-6-0x0000000000400000-0x0000000000472000-memory.dmp upx C:\sn31956.exe upx behavioral2/memory/4796-13-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral2/memory/5068-11-0x0000000000400000-0x0000000000472000-memory.dmp upx C:\du0xp.exe upx behavioral2/memory/5068-22-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral2/memory/3280-21-0x0000000000400000-0x0000000000472000-memory.dmp upx \??\c:\0398f.exe upx behavioral2/memory/3280-27-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral2/memory/4832-28-0x0000000000400000-0x0000000000472000-memory.dmp upx C:\x52u046.exe upx behavioral2/memory/4832-34-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral2/memory/568-35-0x0000000000400000-0x0000000000472000-memory.dmp upx C:\60c95.exe upx behavioral2/memory/2020-43-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral2/memory/568-39-0x0000000000400000-0x0000000000472000-memory.dmp upx C:\68e3m9h.exe upx behavioral2/memory/2020-48-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral2/memory/3688-49-0x0000000000400000-0x0000000000472000-memory.dmp upx \??\c:\590rrmw.exe upx behavioral2/memory/1604-54-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral2/memory/3688-57-0x0000000000400000-0x0000000000472000-memory.dmp upx \??\c:\3u9agq8.exe upx behavioral2/memory/2004-61-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral2/memory/1604-63-0x0000000000400000-0x0000000000472000-memory.dmp upx C:\74ro0e.exe upx behavioral2/memory/2004-68-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral2/memory/4524-69-0x0000000000400000-0x0000000000472000-memory.dmp upx \??\c:\8h6799.exe upx behavioral2/memory/4524-75-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral2/memory/880-77-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral2/memory/1008-81-0x0000000000400000-0x0000000000472000-memory.dmp upx \??\c:\5w3onl9.exe upx behavioral2/memory/880-83-0x0000000000400000-0x0000000000472000-memory.dmp upx \??\c:\i5cl7.exe upx behavioral2/memory/2536-91-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral2/memory/1008-90-0x0000000000400000-0x0000000000472000-memory.dmp upx C:\rm4s7.exe upx behavioral2/memory/2536-97-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral2/memory/1608-99-0x0000000000400000-0x0000000000472000-memory.dmp upx \??\c:\713g628.exe upx behavioral2/memory/1608-105-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral2/memory/4432-103-0x0000000000400000-0x0000000000472000-memory.dmp upx C:\c7fd23.exe upx behavioral2/memory/4432-110-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral2/memory/3064-111-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral2/memory/3064-117-0x0000000000400000-0x0000000000472000-memory.dmp upx C:\5d37e7.exe upx behavioral2/memory/4280-118-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral2/memory/4280-124-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral2/memory/1208-126-0x0000000000400000-0x0000000000472000-memory.dmp upx \??\c:\peku9.exe upx \??\c:\8bb0978.exe upx behavioral2/memory/1344-140-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral2/memory/1412-139-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral2/memory/1412-135-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral2/memory/1208-133-0x0000000000400000-0x0000000000472000-memory.dmp upx \??\c:\c43gg.exe upx \??\c:\xm3k1s.exe upx behavioral2/memory/1344-145-0x0000000000400000-0x0000000000472000-memory.dmp upx behavioral2/memory/3812-147-0x0000000000400000-0x0000000000472000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
2c89c6c5786e48f153c75f36589b4f42d3d3ec96fec7954483b113b0d5ac2ac6_NeikiAnalytics.exe934n0kq.exesn31956.exedu0xp.exe0398f.exex52u046.exe60c95.exe68e3m9h.exe590rrmw.exe3u9agq8.exe74ro0e.exe8h6799.exe5w3onl9.exei5cl7.exerm4s7.exe713g628.exec7fd23.exe5d37e7.exepeku9.exec43gg.exe8bb0978.exexm3k1s.exedescription pid process target process PID 4780 wrote to memory of 4796 4780 2c89c6c5786e48f153c75f36589b4f42d3d3ec96fec7954483b113b0d5ac2ac6_NeikiAnalytics.exe 934n0kq.exe PID 4780 wrote to memory of 4796 4780 2c89c6c5786e48f153c75f36589b4f42d3d3ec96fec7954483b113b0d5ac2ac6_NeikiAnalytics.exe 934n0kq.exe PID 4780 wrote to memory of 4796 4780 2c89c6c5786e48f153c75f36589b4f42d3d3ec96fec7954483b113b0d5ac2ac6_NeikiAnalytics.exe 934n0kq.exe PID 4796 wrote to memory of 5068 4796 934n0kq.exe sn31956.exe PID 4796 wrote to memory of 5068 4796 934n0kq.exe sn31956.exe PID 4796 wrote to memory of 5068 4796 934n0kq.exe sn31956.exe PID 5068 wrote to memory of 3280 5068 sn31956.exe du0xp.exe PID 5068 wrote to memory of 3280 5068 sn31956.exe du0xp.exe PID 5068 wrote to memory of 3280 5068 sn31956.exe du0xp.exe PID 3280 wrote to memory of 4832 3280 du0xp.exe 0398f.exe PID 3280 wrote to memory of 4832 3280 du0xp.exe 0398f.exe PID 3280 wrote to memory of 4832 3280 du0xp.exe 0398f.exe PID 4832 wrote to memory of 568 4832 0398f.exe x52u046.exe PID 4832 wrote to memory of 568 4832 0398f.exe x52u046.exe PID 4832 wrote to memory of 568 4832 0398f.exe x52u046.exe PID 568 wrote to memory of 2020 568 x52u046.exe 60c95.exe PID 568 wrote to memory of 2020 568 x52u046.exe 60c95.exe PID 568 wrote to memory of 2020 568 x52u046.exe 60c95.exe PID 2020 wrote to memory of 3688 2020 60c95.exe 68e3m9h.exe PID 2020 wrote to memory of 3688 2020 60c95.exe 68e3m9h.exe PID 2020 wrote to memory of 3688 2020 60c95.exe 68e3m9h.exe PID 3688 wrote to memory of 1604 3688 68e3m9h.exe 590rrmw.exe PID 3688 wrote to memory of 1604 3688 68e3m9h.exe 590rrmw.exe PID 3688 wrote to memory of 1604 3688 68e3m9h.exe 590rrmw.exe PID 1604 wrote to memory of 2004 1604 590rrmw.exe 3u9agq8.exe PID 1604 wrote to memory of 2004 1604 590rrmw.exe 3u9agq8.exe PID 1604 wrote to memory of 2004 1604 590rrmw.exe 3u9agq8.exe PID 2004 wrote to memory of 4524 2004 3u9agq8.exe 74ro0e.exe PID 2004 wrote to memory of 4524 2004 3u9agq8.exe 74ro0e.exe PID 2004 wrote to memory of 4524 2004 3u9agq8.exe 74ro0e.exe PID 4524 wrote to memory of 880 4524 74ro0e.exe 8h6799.exe PID 4524 wrote to memory of 880 4524 74ro0e.exe 8h6799.exe PID 4524 wrote to memory of 880 4524 74ro0e.exe 8h6799.exe PID 880 wrote to memory of 1008 880 8h6799.exe 5w3onl9.exe PID 880 wrote to memory of 1008 880 8h6799.exe 5w3onl9.exe PID 880 wrote to memory of 1008 880 8h6799.exe 5w3onl9.exe PID 1008 wrote to memory of 2536 1008 5w3onl9.exe i5cl7.exe PID 1008 wrote to memory of 2536 1008 5w3onl9.exe i5cl7.exe PID 1008 wrote to memory of 2536 1008 5w3onl9.exe i5cl7.exe PID 2536 wrote to memory of 1608 2536 i5cl7.exe rm4s7.exe PID 2536 wrote to memory of 1608 2536 i5cl7.exe rm4s7.exe PID 2536 wrote to memory of 1608 2536 i5cl7.exe rm4s7.exe PID 1608 wrote to memory of 4432 1608 rm4s7.exe 713g628.exe PID 1608 wrote to memory of 4432 1608 rm4s7.exe 713g628.exe PID 1608 wrote to memory of 4432 1608 rm4s7.exe 713g628.exe PID 4432 wrote to memory of 3064 4432 713g628.exe c7fd23.exe PID 4432 wrote to memory of 3064 4432 713g628.exe c7fd23.exe PID 4432 wrote to memory of 3064 4432 713g628.exe c7fd23.exe PID 3064 wrote to memory of 4280 3064 c7fd23.exe 5d37e7.exe PID 3064 wrote to memory of 4280 3064 c7fd23.exe 5d37e7.exe PID 3064 wrote to memory of 4280 3064 c7fd23.exe 5d37e7.exe PID 4280 wrote to memory of 1208 4280 5d37e7.exe peku9.exe PID 4280 wrote to memory of 1208 4280 5d37e7.exe peku9.exe PID 4280 wrote to memory of 1208 4280 5d37e7.exe peku9.exe PID 1208 wrote to memory of 1412 1208 peku9.exe c43gg.exe PID 1208 wrote to memory of 1412 1208 peku9.exe c43gg.exe PID 1208 wrote to memory of 1412 1208 peku9.exe c43gg.exe PID 1412 wrote to memory of 1344 1412 c43gg.exe 8bb0978.exe PID 1412 wrote to memory of 1344 1412 c43gg.exe 8bb0978.exe PID 1412 wrote to memory of 1344 1412 c43gg.exe 8bb0978.exe PID 1344 wrote to memory of 3812 1344 8bb0978.exe xm3k1s.exe PID 1344 wrote to memory of 3812 1344 8bb0978.exe xm3k1s.exe PID 1344 wrote to memory of 3812 1344 8bb0978.exe xm3k1s.exe PID 3812 wrote to memory of 2212 3812 xm3k1s.exe 49j3cii.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2c89c6c5786e48f153c75f36589b4f42d3d3ec96fec7954483b113b0d5ac2ac6_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\2c89c6c5786e48f153c75f36589b4f42d3d3ec96fec7954483b113b0d5ac2ac6_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:4780 -
\??\c:\934n0kq.exec:\934n0kq.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4796 -
\??\c:\sn31956.exec:\sn31956.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:5068 -
\??\c:\du0xp.exec:\du0xp.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3280 -
\??\c:\0398f.exec:\0398f.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4832 -
\??\c:\x52u046.exec:\x52u046.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:568 -
\??\c:\60c95.exec:\60c95.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2020 -
\??\c:\68e3m9h.exec:\68e3m9h.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3688 -
\??\c:\590rrmw.exec:\590rrmw.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1604 -
\??\c:\3u9agq8.exec:\3u9agq8.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2004 -
\??\c:\74ro0e.exec:\74ro0e.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4524 -
\??\c:\8h6799.exec:\8h6799.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:880 -
\??\c:\5w3onl9.exec:\5w3onl9.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1008 -
\??\c:\i5cl7.exec:\i5cl7.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2536 -
\??\c:\rm4s7.exec:\rm4s7.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1608 -
\??\c:\713g628.exec:\713g628.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4432 -
\??\c:\c7fd23.exec:\c7fd23.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3064 -
\??\c:\5d37e7.exec:\5d37e7.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4280 -
\??\c:\peku9.exec:\peku9.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1208 -
\??\c:\c43gg.exec:\c43gg.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1412 -
\??\c:\8bb0978.exec:\8bb0978.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1344 -
\??\c:\xm3k1s.exec:\xm3k1s.exe22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3812 -
\??\c:\49j3cii.exec:\49j3cii.exe23⤵
- Executes dropped EXE
PID:2212 -
\??\c:\m26n47j.exec:\m26n47j.exe24⤵
- Executes dropped EXE
PID:3560 -
\??\c:\7d7j7x7.exec:\7d7j7x7.exe25⤵
- Executes dropped EXE
PID:3460 -
\??\c:\927va4.exec:\927va4.exe26⤵
- Executes dropped EXE
PID:2504 -
\??\c:\93eqhr.exec:\93eqhr.exe27⤵
- Executes dropped EXE
PID:3068 -
\??\c:\814bq.exec:\814bq.exe28⤵
- Executes dropped EXE
PID:3744 -
\??\c:\8to3c40.exec:\8to3c40.exe29⤵
- Executes dropped EXE
PID:3336 -
\??\c:\196tc9t.exec:\196tc9t.exe30⤵
- Executes dropped EXE
PID:2816 -
\??\c:\4dg1563.exec:\4dg1563.exe31⤵
- Executes dropped EXE
PID:4420 -
\??\c:\g6la1w.exec:\g6la1w.exe32⤵
- Executes dropped EXE
PID:4068 -
\??\c:\07utudk.exec:\07utudk.exe33⤵
- Executes dropped EXE
PID:4752 -
\??\c:\2s3s3nn.exec:\2s3s3nn.exe34⤵
- Executes dropped EXE
PID:1744 -
\??\c:\l3992l.exec:\l3992l.exe35⤵
- Executes dropped EXE
PID:3028 -
\??\c:\j1q14uf.exec:\j1q14uf.exe36⤵
- Executes dropped EXE
PID:1000 -
\??\c:\5e7gd9.exec:\5e7gd9.exe37⤵
- Executes dropped EXE
PID:4260 -
\??\c:\aqb7r99.exec:\aqb7r99.exe38⤵
- Executes dropped EXE
PID:2020 -
\??\c:\dsrp6op.exec:\dsrp6op.exe39⤵
- Executes dropped EXE
PID:3980 -
\??\c:\e553c97.exec:\e553c97.exe40⤵
- Executes dropped EXE
PID:456 -
\??\c:\52r1jg.exec:\52r1jg.exe41⤵
- Executes dropped EXE
PID:4632 -
\??\c:\7k71w7m.exec:\7k71w7m.exe42⤵
- Executes dropped EXE
PID:4608 -
\??\c:\895ldx.exec:\895ldx.exe43⤵
- Executes dropped EXE
PID:3344 -
\??\c:\o3nibo9.exec:\o3nibo9.exe44⤵
- Executes dropped EXE
PID:3288 -
\??\c:\77w537h.exec:\77w537h.exe45⤵
- Executes dropped EXE
PID:1352 -
\??\c:\53t34o.exec:\53t34o.exe46⤵
- Executes dropped EXE
PID:872 -
\??\c:\2wu2n3.exec:\2wu2n3.exe47⤵
- Executes dropped EXE
PID:552 -
\??\c:\09u8a5.exec:\09u8a5.exe48⤵
- Executes dropped EXE
PID:4476 -
\??\c:\15w4f9q.exec:\15w4f9q.exe49⤵
- Executes dropped EXE
PID:1496 -
\??\c:\g5721d.exec:\g5721d.exe50⤵
- Executes dropped EXE
PID:2108 -
\??\c:\r76dsmw.exec:\r76dsmw.exe51⤵
- Executes dropped EXE
PID:2496 -
\??\c:\qh564.exec:\qh564.exe52⤵
- Executes dropped EXE
PID:4280 -
\??\c:\olrmkb.exec:\olrmkb.exe53⤵
- Executes dropped EXE
PID:968 -
\??\c:\t7f0r9.exec:\t7f0r9.exe54⤵
- Executes dropped EXE
PID:772 -
\??\c:\h4kn1ws.exec:\h4kn1ws.exe55⤵
- Executes dropped EXE
PID:4848 -
\??\c:\39x94i3.exec:\39x94i3.exe56⤵
- Executes dropped EXE
PID:2520 -
\??\c:\htuj15.exec:\htuj15.exe57⤵
- Executes dropped EXE
PID:5064 -
\??\c:\88251h5.exec:\88251h5.exe58⤵
- Executes dropped EXE
PID:3492 -
\??\c:\0akcc1.exec:\0akcc1.exe59⤵
- Executes dropped EXE
PID:5100 -
\??\c:\63l3sk.exec:\63l3sk.exe60⤵
- Executes dropped EXE
PID:2372 -
\??\c:\pauvp.exec:\pauvp.exe61⤵
- Executes dropped EXE
PID:4128 -
\??\c:\01h1p4p.exec:\01h1p4p.exe62⤵
- Executes dropped EXE
PID:1728 -
\??\c:\1j0jj.exec:\1j0jj.exe63⤵
- Executes dropped EXE
PID:380 -
\??\c:\mo79j6.exec:\mo79j6.exe64⤵
- Executes dropped EXE
PID:4836 -
\??\c:\e7enfp8.exec:\e7enfp8.exe65⤵
- Executes dropped EXE
PID:4468 -
\??\c:\e3c7w.exec:\e3c7w.exe66⤵PID:4412
-
\??\c:\967v1.exec:\967v1.exe67⤵PID:3316
-
\??\c:\ff9mag.exec:\ff9mag.exe68⤵PID:4744
-
\??\c:\q1d16.exec:\q1d16.exe69⤵PID:1556
-
\??\c:\4nbq31.exec:\4nbq31.exe70⤵PID:4496
-
\??\c:\6dg48l.exec:\6dg48l.exe71⤵PID:3280
-
\??\c:\t2st5.exec:\t2st5.exe72⤵PID:3820
-
\??\c:\3b43xis.exec:\3b43xis.exe73⤵PID:2172
-
\??\c:\9jnb9.exec:\9jnb9.exe74⤵PID:5104
-
\??\c:\x3586.exec:\x3586.exe75⤵PID:1636
-
\??\c:\dd8qq7x.exec:\dd8qq7x.exe76⤵PID:1448
-
\??\c:\32aq1ul.exec:\32aq1ul.exe77⤵PID:3312
-
\??\c:\xri477.exec:\xri477.exe78⤵PID:1596
-
\??\c:\dehilaq.exec:\dehilaq.exe79⤵PID:220
-
\??\c:\81th4.exec:\81th4.exe80⤵PID:1312
-
\??\c:\541ncx.exec:\541ncx.exe81⤵PID:2912
-
\??\c:\5c6wb.exec:\5c6wb.exe82⤵PID:5116
-
\??\c:\62uf7.exec:\62uf7.exe83⤵PID:2024
-
\??\c:\1lqpl.exec:\1lqpl.exe84⤵PID:3796
-
\??\c:\j7513qh.exec:\j7513qh.exe85⤵PID:2880
-
\??\c:\9sl16.exec:\9sl16.exe86⤵PID:3056
-
\??\c:\6de3e.exec:\6de3e.exe87⤵PID:4432
-
\??\c:\q19ua.exec:\q19ua.exe88⤵PID:3064
-
\??\c:\wul1r.exec:\wul1r.exe89⤵PID:4908
-
\??\c:\30v317.exec:\30v317.exe90⤵PID:2248
-
\??\c:\e1a36.exec:\e1a36.exe91⤵PID:4380
-
\??\c:\k6o77lf.exec:\k6o77lf.exe92⤵PID:2304
-
\??\c:\6jm608n.exec:\6jm608n.exe93⤵PID:3024
-
\??\c:\181fsm.exec:\181fsm.exe94⤵PID:2212
-
\??\c:\r524f.exec:\r524f.exe95⤵PID:3148
-
\??\c:\2lue80f.exec:\2lue80f.exe96⤵PID:488
-
\??\c:\p7c37.exec:\p7c37.exe97⤵PID:4560
-
\??\c:\8dgf11.exec:\8dgf11.exe98⤵PID:2984
-
\??\c:\j5qh7w3.exec:\j5qh7w3.exe99⤵PID:2504
-
\??\c:\nreu4fg.exec:\nreu4fg.exe100⤵PID:4204
-
\??\c:\w9uum.exec:\w9uum.exe101⤵PID:1232
-
\??\c:\2eo55.exec:\2eo55.exe102⤵PID:2376
-
\??\c:\r1ew981.exec:\r1ew981.exe103⤵PID:748
-
\??\c:\b5u14rx.exec:\b5u14rx.exe104⤵PID:2120
-
\??\c:\63tl871.exec:\63tl871.exe105⤵PID:4420
-
\??\c:\fj3rd.exec:\fj3rd.exe106⤵PID:2492
-
\??\c:\of7e928.exec:\of7e928.exe107⤵PID:4620
-
\??\c:\06s8p.exec:\06s8p.exe108⤵PID:940
-
\??\c:\169xsp3.exec:\169xsp3.exe109⤵PID:4580
-
\??\c:\px124h.exec:\px124h.exe110⤵PID:2700
-
\??\c:\76wcn2.exec:\76wcn2.exe111⤵PID:1716
-
\??\c:\93dsks6.exec:\93dsks6.exe112⤵PID:1736
-
\??\c:\v95c34.exec:\v95c34.exe113⤵PID:2020
-
\??\c:\rskh92.exec:\rskh92.exe114⤵PID:4988
-
\??\c:\00wn9r7.exec:\00wn9r7.exe115⤵PID:3312
-
\??\c:\84dlgqt.exec:\84dlgqt.exe116⤵PID:1596
-
\??\c:\j41jo9.exec:\j41jo9.exe117⤵PID:2928
-
\??\c:\c3wg4q.exec:\c3wg4q.exe118⤵PID:1420
-
\??\c:\vq9u5m3.exec:\vq9u5m3.exe119⤵PID:1436
-
\??\c:\t4kf7.exec:\t4kf7.exe120⤵PID:2592
-
\??\c:\674j30j.exec:\674j30j.exe121⤵PID:4160
-
\??\c:\dkcjeh.exec:\dkcjeh.exe122⤵PID:3320
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-