Analysis
-
max time kernel
150s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
21-06-2024 02:17
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
2e90c5a072fb9b59942ec701717a1530a9b346e4287bc86e6c198ea532597889_NeikiAnalytics.exe
Resource
win7-20240611-en
5 signatures
150 seconds
General
-
Target
2e90c5a072fb9b59942ec701717a1530a9b346e4287bc86e6c198ea532597889_NeikiAnalytics.exe
-
Size
392KB
-
MD5
64afec1a23b65514a7675f17376ab980
-
SHA1
5804594f36fc5cd5fbd5d7c5a2688ebd2d3850ad
-
SHA256
2e90c5a072fb9b59942ec701717a1530a9b346e4287bc86e6c198ea532597889
-
SHA512
6d7827ac508c010c1dfe54cb9f8f8219013c5b8badd3da15a625153edc64cc84fc05d6c3e2674f33e2cc3b45ffc5d5331cf4da7cb129cbb8edcfba6ad2d8284b
-
SSDEEP
6144:n3C9BRo7tvnJ9oH0IRgZvjkobjcSbcY+CaQdaFOY4iGFYtRdu/n:n3C9ytvngQjZbz+xt4vFBP
Malware Config
Signatures
-
Detect Blackmoon payload 21 IoCs
Processes:
resource yara_rule behavioral1/memory/2284-25-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/3024-36-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2728-56-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2584-78-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2480-97-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1952-168-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/324-250-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1276-258-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/936-294-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2128-303-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1196-240-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2908-214-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1164-177-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1352-132-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1320-123-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1180-114-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2620-74-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2716-46-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/3024-35-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2988-14-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1444-3-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
Processes:
llxxv.exepnrnv.exebhtrlb.exefbjnl.exebxjtjj.exehjrjr.exenvdlnt.exebdnrjrb.exehfpln.exejdlvdf.exehtltfr.exefvhbbn.exerrdfx.exepdpfdp.exevpjdr.exejtxxdt.exetnnjfnx.exepxdlnv.exexfrfvfj.exefnpnv.exehhlxjv.exetbdbx.exevdxdlj.exeflvvr.exefjtbrx.exetrlvb.exefrfxf.exedhxhxt.exebnfvnhn.exeltthrt.exebdxfrj.exelxjdv.exenrrldfj.exexjjpx.exepxlrfl.exelvrhl.exehjlph.exevbjvvtj.exeltlbf.exenrvptf.exejlhbthj.exelfvbhpl.exervxdt.exenxpbtpd.exedvvdx.exentxpllb.exexpthpbp.exelfjflxd.exellplnxh.exelxtrtf.exeprbtbh.exerxtlf.exepxlvt.exetlldfpt.exenhdrdxn.exevbrtvn.exebntrhbt.exeflrjjvr.exettvttl.exevjvvlf.exervbbbx.exepjhlxrv.exebrjfrb.exebddnbdn.exepid process 2988 llxxv.exe 2284 pnrnv.exe 3024 bhtrlb.exe 2716 fbjnl.exe 2728 bxjtjj.exe 2620 hjrjr.exe 2584 nvdlnt.exe 2480 bdnrjrb.exe 2336 hfpln.exe 1180 jdlvdf.exe 1320 htltfr.exe 1352 fvhbbn.exe 1188 rrdfx.exe 2380 pdpfdp.exe 2348 vpjdr.exe 1952 jtxxdt.exe 1164 tnnjfnx.exe 2768 pxdlnv.exe 3000 xfrfvfj.exe 1628 fnpnv.exe 2908 hhlxjv.exe 1044 tbdbx.exe 2940 vdxdlj.exe 1196 flvvr.exe 324 fjtbrx.exe 1276 trlvb.exe 1488 frfxf.exe 620 dhxhxt.exe 1856 bnfvnhn.exe 936 ltthrt.exe 2128 bdxfrj.exe 3036 lxjdv.exe 1604 nrrldfj.exe 1444 xjjpx.exe 1584 pxlrfl.exe 2988 lvrhl.exe 2588 hjlph.exe 2964 vbjvvtj.exe 2824 ltlbf.exe 2580 nrvptf.exe 2536 jlhbthj.exe 2980 lfvbhpl.exe 2680 rvxdt.exe 2524 nxpbtpd.exe 2492 dvvdx.exe 2448 ntxpllb.exe 2460 xpthpbp.exe 1324 lfjflxd.exe 2564 llplnxh.exe 2004 lxtrtf.exe 1296 prbtbh.exe 856 rxtlf.exe 1684 pxlvt.exe 2188 tlldfpt.exe 2200 nhdrdxn.exe 2760 vbrtvn.exe 2388 bntrhbt.exe 2340 flrjjvr.exe 2244 ttvttl.exe 2832 vjvvlf.exe 1080 rvbbbx.exe 1248 pjhlxrv.exe 1040 brjfrb.exe 1996 bddnbdn.exe -
Processes:
resource yara_rule behavioral1/memory/2284-25-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/3024-36-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2728-56-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2584-78-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2480-97-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2480-89-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1952-168-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/324-250-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1276-258-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/936-294-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2128-303-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1196-240-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2908-214-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1164-177-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1352-132-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1320-123-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1180-114-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2480-88-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2480-87-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2620-74-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2620-66-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2620-65-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2716-46-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/3024-35-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2284-24-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2284-22-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2988-14-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1444-3-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
2e90c5a072fb9b59942ec701717a1530a9b346e4287bc86e6c198ea532597889_NeikiAnalytics.exellxxv.exepnrnv.exebhtrlb.exefbjnl.exebxjtjj.exehjrjr.exenvdlnt.exebdnrjrb.exehfpln.exejdlvdf.exehtltfr.exefvhbbn.exerrdfx.exepdpfdp.exevpjdr.exedescription pid process target process PID 1444 wrote to memory of 2988 1444 2e90c5a072fb9b59942ec701717a1530a9b346e4287bc86e6c198ea532597889_NeikiAnalytics.exe llxxv.exe PID 1444 wrote to memory of 2988 1444 2e90c5a072fb9b59942ec701717a1530a9b346e4287bc86e6c198ea532597889_NeikiAnalytics.exe llxxv.exe PID 1444 wrote to memory of 2988 1444 2e90c5a072fb9b59942ec701717a1530a9b346e4287bc86e6c198ea532597889_NeikiAnalytics.exe llxxv.exe PID 1444 wrote to memory of 2988 1444 2e90c5a072fb9b59942ec701717a1530a9b346e4287bc86e6c198ea532597889_NeikiAnalytics.exe llxxv.exe PID 2988 wrote to memory of 2284 2988 llxxv.exe pnrnv.exe PID 2988 wrote to memory of 2284 2988 llxxv.exe pnrnv.exe PID 2988 wrote to memory of 2284 2988 llxxv.exe pnrnv.exe PID 2988 wrote to memory of 2284 2988 llxxv.exe pnrnv.exe PID 2284 wrote to memory of 3024 2284 pnrnv.exe frjjb.exe PID 2284 wrote to memory of 3024 2284 pnrnv.exe frjjb.exe PID 2284 wrote to memory of 3024 2284 pnrnv.exe frjjb.exe PID 2284 wrote to memory of 3024 2284 pnrnv.exe frjjb.exe PID 3024 wrote to memory of 2716 3024 bhtrlb.exe fbjnl.exe PID 3024 wrote to memory of 2716 3024 bhtrlb.exe fbjnl.exe PID 3024 wrote to memory of 2716 3024 bhtrlb.exe fbjnl.exe PID 3024 wrote to memory of 2716 3024 bhtrlb.exe fbjnl.exe PID 2716 wrote to memory of 2728 2716 fbjnl.exe bxjtjj.exe PID 2716 wrote to memory of 2728 2716 fbjnl.exe bxjtjj.exe PID 2716 wrote to memory of 2728 2716 fbjnl.exe bxjtjj.exe PID 2716 wrote to memory of 2728 2716 fbjnl.exe bxjtjj.exe PID 2728 wrote to memory of 2620 2728 bxjtjj.exe hjrjr.exe PID 2728 wrote to memory of 2620 2728 bxjtjj.exe hjrjr.exe PID 2728 wrote to memory of 2620 2728 bxjtjj.exe hjrjr.exe PID 2728 wrote to memory of 2620 2728 bxjtjj.exe hjrjr.exe PID 2620 wrote to memory of 2584 2620 hjrjr.exe nvdlnt.exe PID 2620 wrote to memory of 2584 2620 hjrjr.exe nvdlnt.exe PID 2620 wrote to memory of 2584 2620 hjrjr.exe nvdlnt.exe PID 2620 wrote to memory of 2584 2620 hjrjr.exe nvdlnt.exe PID 2584 wrote to memory of 2480 2584 nvdlnt.exe bdnrjrb.exe PID 2584 wrote to memory of 2480 2584 nvdlnt.exe bdnrjrb.exe PID 2584 wrote to memory of 2480 2584 nvdlnt.exe bdnrjrb.exe PID 2584 wrote to memory of 2480 2584 nvdlnt.exe bdnrjrb.exe PID 2480 wrote to memory of 2336 2480 bdnrjrb.exe hfpln.exe PID 2480 wrote to memory of 2336 2480 bdnrjrb.exe hfpln.exe PID 2480 wrote to memory of 2336 2480 bdnrjrb.exe hfpln.exe PID 2480 wrote to memory of 2336 2480 bdnrjrb.exe hfpln.exe PID 2336 wrote to memory of 1180 2336 hfpln.exe jdlvdf.exe PID 2336 wrote to memory of 1180 2336 hfpln.exe jdlvdf.exe PID 2336 wrote to memory of 1180 2336 hfpln.exe jdlvdf.exe PID 2336 wrote to memory of 1180 2336 hfpln.exe jdlvdf.exe PID 1180 wrote to memory of 1320 1180 jdlvdf.exe htltfr.exe PID 1180 wrote to memory of 1320 1180 jdlvdf.exe htltfr.exe PID 1180 wrote to memory of 1320 1180 jdlvdf.exe htltfr.exe PID 1180 wrote to memory of 1320 1180 jdlvdf.exe htltfr.exe PID 1320 wrote to memory of 1352 1320 htltfr.exe fvhbbn.exe PID 1320 wrote to memory of 1352 1320 htltfr.exe fvhbbn.exe PID 1320 wrote to memory of 1352 1320 htltfr.exe fvhbbn.exe PID 1320 wrote to memory of 1352 1320 htltfr.exe fvhbbn.exe PID 1352 wrote to memory of 1188 1352 fvhbbn.exe rrdfx.exe PID 1352 wrote to memory of 1188 1352 fvhbbn.exe rrdfx.exe PID 1352 wrote to memory of 1188 1352 fvhbbn.exe rrdfx.exe PID 1352 wrote to memory of 1188 1352 fvhbbn.exe rrdfx.exe PID 1188 wrote to memory of 2380 1188 rrdfx.exe pdpfdp.exe PID 1188 wrote to memory of 2380 1188 rrdfx.exe pdpfdp.exe PID 1188 wrote to memory of 2380 1188 rrdfx.exe pdpfdp.exe PID 1188 wrote to memory of 2380 1188 rrdfx.exe pdpfdp.exe PID 2380 wrote to memory of 2348 2380 pdpfdp.exe vpjdr.exe PID 2380 wrote to memory of 2348 2380 pdpfdp.exe vpjdr.exe PID 2380 wrote to memory of 2348 2380 pdpfdp.exe vpjdr.exe PID 2380 wrote to memory of 2348 2380 pdpfdp.exe vpjdr.exe PID 2348 wrote to memory of 1952 2348 vpjdr.exe jtxxdt.exe PID 2348 wrote to memory of 1952 2348 vpjdr.exe jtxxdt.exe PID 2348 wrote to memory of 1952 2348 vpjdr.exe jtxxdt.exe PID 2348 wrote to memory of 1952 2348 vpjdr.exe jtxxdt.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2e90c5a072fb9b59942ec701717a1530a9b346e4287bc86e6c198ea532597889_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\2e90c5a072fb9b59942ec701717a1530a9b346e4287bc86e6c198ea532597889_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1444 -
\??\c:\llxxv.exec:\llxxv.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2988 -
\??\c:\pnrnv.exec:\pnrnv.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2284 -
\??\c:\bhtrlb.exec:\bhtrlb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3024 -
\??\c:\fbjnl.exec:\fbjnl.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2716 -
\??\c:\bxjtjj.exec:\bxjtjj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2728 -
\??\c:\hjrjr.exec:\hjrjr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2620 -
\??\c:\nvdlnt.exec:\nvdlnt.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2584 -
\??\c:\bdnrjrb.exec:\bdnrjrb.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2480 -
\??\c:\hfpln.exec:\hfpln.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2336 -
\??\c:\jdlvdf.exec:\jdlvdf.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1180 -
\??\c:\htltfr.exec:\htltfr.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1320 -
\??\c:\fvhbbn.exec:\fvhbbn.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1352 -
\??\c:\rrdfx.exec:\rrdfx.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1188 -
\??\c:\pdpfdp.exec:\pdpfdp.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2380 -
\??\c:\vpjdr.exec:\vpjdr.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2348 -
\??\c:\jtxxdt.exec:\jtxxdt.exe17⤵
- Executes dropped EXE
PID:1952 -
\??\c:\tnnjfnx.exec:\tnnjfnx.exe18⤵
- Executes dropped EXE
PID:1164 -
\??\c:\pxdlnv.exec:\pxdlnv.exe19⤵
- Executes dropped EXE
PID:2768 -
\??\c:\xfrfvfj.exec:\xfrfvfj.exe20⤵
- Executes dropped EXE
PID:3000 -
\??\c:\fnpnv.exec:\fnpnv.exe21⤵
- Executes dropped EXE
PID:1628 -
\??\c:\hhlxjv.exec:\hhlxjv.exe22⤵
- Executes dropped EXE
PID:2908 -
\??\c:\tbdbx.exec:\tbdbx.exe23⤵
- Executes dropped EXE
PID:1044 -
\??\c:\vdxdlj.exec:\vdxdlj.exe24⤵
- Executes dropped EXE
PID:2940 -
\??\c:\flvvr.exec:\flvvr.exe25⤵
- Executes dropped EXE
PID:1196 -
\??\c:\fjtbrx.exec:\fjtbrx.exe26⤵
- Executes dropped EXE
PID:324 -
\??\c:\trlvb.exec:\trlvb.exe27⤵
- Executes dropped EXE
PID:1276 -
\??\c:\frfxf.exec:\frfxf.exe28⤵
- Executes dropped EXE
PID:1488 -
\??\c:\dhxhxt.exec:\dhxhxt.exe29⤵
- Executes dropped EXE
PID:620 -
\??\c:\bnfvnhn.exec:\bnfvnhn.exe30⤵
- Executes dropped EXE
PID:1856 -
\??\c:\ltthrt.exec:\ltthrt.exe31⤵
- Executes dropped EXE
PID:936 -
\??\c:\bdxfrj.exec:\bdxfrj.exe32⤵
- Executes dropped EXE
PID:2128 -
\??\c:\lxjdv.exec:\lxjdv.exe33⤵
- Executes dropped EXE
PID:3036 -
\??\c:\nrrldfj.exec:\nrrldfj.exe34⤵
- Executes dropped EXE
PID:1604 -
\??\c:\xjjpx.exec:\xjjpx.exe35⤵
- Executes dropped EXE
PID:1444 -
\??\c:\pxlrfl.exec:\pxlrfl.exe36⤵
- Executes dropped EXE
PID:1584 -
\??\c:\lvrhl.exec:\lvrhl.exe37⤵
- Executes dropped EXE
PID:2988 -
\??\c:\hjlph.exec:\hjlph.exe38⤵
- Executes dropped EXE
PID:2588 -
\??\c:\vbjvvtj.exec:\vbjvvtj.exe39⤵
- Executes dropped EXE
PID:2964 -
\??\c:\ltlbf.exec:\ltlbf.exe40⤵
- Executes dropped EXE
PID:2824 -
\??\c:\nrvptf.exec:\nrvptf.exe41⤵
- Executes dropped EXE
PID:2580 -
\??\c:\jlhbthj.exec:\jlhbthj.exe42⤵
- Executes dropped EXE
PID:2536 -
\??\c:\lfvbhpl.exec:\lfvbhpl.exe43⤵
- Executes dropped EXE
PID:2980 -
\??\c:\rvxdt.exec:\rvxdt.exe44⤵
- Executes dropped EXE
PID:2680 -
\??\c:\nxpbtpd.exec:\nxpbtpd.exe45⤵
- Executes dropped EXE
PID:2524 -
\??\c:\dvvdx.exec:\dvvdx.exe46⤵
- Executes dropped EXE
PID:2492 -
\??\c:\ntxpllb.exec:\ntxpllb.exe47⤵
- Executes dropped EXE
PID:2448 -
\??\c:\xpthpbp.exec:\xpthpbp.exe48⤵
- Executes dropped EXE
PID:2460 -
\??\c:\lfjflxd.exec:\lfjflxd.exe49⤵
- Executes dropped EXE
PID:1324 -
\??\c:\llplnxh.exec:\llplnxh.exe50⤵
- Executes dropped EXE
PID:2564 -
\??\c:\lxtrtf.exec:\lxtrtf.exe51⤵
- Executes dropped EXE
PID:2004 -
\??\c:\prbtbh.exec:\prbtbh.exe52⤵
- Executes dropped EXE
PID:1296 -
\??\c:\rxtlf.exec:\rxtlf.exe53⤵
- Executes dropped EXE
PID:856 -
\??\c:\pxlvt.exec:\pxlvt.exe54⤵
- Executes dropped EXE
PID:1684 -
\??\c:\tlldfpt.exec:\tlldfpt.exe55⤵
- Executes dropped EXE
PID:2188 -
\??\c:\nhdrdxn.exec:\nhdrdxn.exe56⤵
- Executes dropped EXE
PID:2200 -
\??\c:\vbrtvn.exec:\vbrtvn.exe57⤵
- Executes dropped EXE
PID:2760 -
\??\c:\bntrhbt.exec:\bntrhbt.exe58⤵
- Executes dropped EXE
PID:2388 -
\??\c:\flrjjvr.exec:\flrjjvr.exe59⤵
- Executes dropped EXE
PID:2340 -
\??\c:\ttvttl.exec:\ttvttl.exe60⤵
- Executes dropped EXE
PID:2244 -
\??\c:\vjvvlf.exec:\vjvvlf.exe61⤵
- Executes dropped EXE
PID:2832 -
\??\c:\rvbbbx.exec:\rvbbbx.exe62⤵
- Executes dropped EXE
PID:1080 -
\??\c:\pjhlxrv.exec:\pjhlxrv.exe63⤵
- Executes dropped EXE
PID:1248 -
\??\c:\brjfrb.exec:\brjfrb.exe64⤵
- Executes dropped EXE
PID:1040 -
\??\c:\bddnbdn.exec:\bddnbdn.exe65⤵
- Executes dropped EXE
PID:1996 -
\??\c:\xpjhd.exec:\xpjhd.exe66⤵PID:1768
-
\??\c:\plbjt.exec:\plbjt.exe67⤵PID:324
-
\??\c:\fllldhl.exec:\fllldhl.exe68⤵PID:1276
-
\??\c:\lddlxhh.exec:\lddlxhh.exe69⤵PID:896
-
\??\c:\lrxpvl.exec:\lrxpvl.exe70⤵PID:3064
-
\??\c:\pbhbdl.exec:\pbhbdl.exe71⤵PID:1544
-
\??\c:\xbvvndj.exec:\xbvvndj.exe72⤵PID:2772
-
\??\c:\djhvpf.exec:\djhvpf.exe73⤵PID:1908
-
\??\c:\vflljxx.exec:\vflljxx.exe74⤵PID:2304
-
\??\c:\vrvrfjv.exec:\vrvrfjv.exe75⤵PID:2300
-
\??\c:\rhbhp.exec:\rhbhp.exe76⤵PID:3004
-
\??\c:\vnvvjpr.exec:\vnvvjpr.exe77⤵PID:2208
-
\??\c:\ldvrn.exec:\ldvrn.exe78⤵PID:1372
-
\??\c:\jpfrhv.exec:\jpfrhv.exe79⤵PID:1932
-
\??\c:\ndtxdf.exec:\ndtxdf.exe80⤵PID:2884
-
\??\c:\xjhjt.exec:\xjhjt.exe81⤵PID:2596
-
\??\c:\xpvnx.exec:\xpvnx.exe82⤵PID:2984
-
\??\c:\ptbbn.exec:\ptbbn.exe83⤵PID:2976
-
\??\c:\pppnd.exec:\pppnd.exe84⤵PID:3056
-
\??\c:\rxptfx.exec:\rxptfx.exe85⤵PID:920
-
\??\c:\frnpppr.exec:\frnpppr.exe86⤵PID:2508
-
\??\c:\xrxfljh.exec:\xrxfljh.exe87⤵PID:2960
-
\??\c:\xjpjrt.exec:\xjpjrt.exe88⤵PID:2396
-
\??\c:\lfjxnt.exec:\lfjxnt.exe89⤵PID:2896
-
\??\c:\trdppfv.exec:\trdppfv.exe90⤵PID:264
-
\??\c:\pvvdn.exec:\pvvdn.exe91⤵PID:2492
-
\??\c:\nlfplj.exec:\nlfplj.exe92⤵PID:2892
-
\??\c:\fxtjpt.exec:\fxtjpt.exe93⤵PID:2460
-
\??\c:\dlbdrn.exec:\dlbdrn.exe94⤵PID:1324
-
\??\c:\pxbtjrf.exec:\pxbtjrf.exe95⤵PID:1800
-
\??\c:\tflrh.exec:\tflrh.exe96⤵PID:2132
-
\??\c:\hfjjnbb.exec:\hfjjnbb.exe97⤵PID:1720
-
\??\c:\fjrdl.exec:\fjrdl.exe98⤵PID:1868
-
\??\c:\dtxnvh.exec:\dtxnvh.exe99⤵PID:1160
-
\??\c:\jdfjbpt.exec:\jdfjbpt.exe100⤵PID:924
-
\??\c:\rlpjf.exec:\rlpjf.exe101⤵PID:2024
-
\??\c:\frbltr.exec:\frbltr.exe102⤵PID:2228
-
\??\c:\tfplfpt.exec:\tfplfpt.exe103⤵PID:2544
-
\??\c:\hlrnbj.exec:\hlrnbj.exe104⤵PID:2740
-
\??\c:\tbtnr.exec:\tbtnr.exe105⤵PID:2324
-
\??\c:\dtprd.exec:\dtprd.exe106⤵PID:2908
-
\??\c:\bxlrrrd.exec:\bxlrrrd.exe107⤵PID:1988
-
\??\c:\rhfvb.exec:\rhfvb.exe108⤵PID:660
-
\??\c:\plxphr.exec:\plxphr.exe109⤵PID:1040
-
\??\c:\thnpbt.exec:\thnpbt.exe110⤵PID:1996
-
\??\c:\drlpvj.exec:\drlpvj.exe111⤵PID:2000
-
\??\c:\pxxnrh.exec:\pxxnrh.exe112⤵PID:2844
-
\??\c:\fnnrtf.exec:\fnnrtf.exe113⤵PID:1276
-
\??\c:\tfdnnt.exec:\tfdnnt.exe114⤵PID:592
-
\??\c:\rtrdljf.exec:\rtrdljf.exe115⤵PID:3064
-
\??\c:\jthpvh.exec:\jthpvh.exe116⤵PID:1544
-
\??\c:\tldbnr.exec:\tldbnr.exe117⤵PID:2772
-
\??\c:\nbtpr.exec:\nbtpr.exe118⤵PID:1908
-
\??\c:\vjlvt.exec:\vjlvt.exe119⤵PID:2316
-
\??\c:\lphfxl.exec:\lphfxl.exe120⤵PID:3008
-
\??\c:\lnfhxjt.exec:\lnfhxjt.exe121⤵PID:2272
-
\??\c:\hxbrbxb.exec:\hxbrbxb.exe122⤵PID:2948
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-