Analysis
-
max time kernel
150s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
21-06-2024 04:37
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
3d7932a46d89a1da26d6870424c63b33ada8d97d9c45915e04dc286649992683_NeikiAnalytics.exe
Resource
win7-20240221-en
5 signatures
150 seconds
General
-
Target
3d7932a46d89a1da26d6870424c63b33ada8d97d9c45915e04dc286649992683_NeikiAnalytics.exe
-
Size
305KB
-
MD5
ab345bd0535688fcf0c8eba9ec82a870
-
SHA1
4feab4c4ef291dc4b0ec71b3bfcd6c6cc3ceee55
-
SHA256
3d7932a46d89a1da26d6870424c63b33ada8d97d9c45915e04dc286649992683
-
SHA512
828ae40f7449f276bf763f2fd6b5afb3f55e4f4ea51b9d36541e5b9db6d2cfe98f2d543cd2047c841829729bed68aa3341a8439dac8ce1455b33f527ffbbedf5
-
SSDEEP
3072:PhOm2sI93UufdC67cihfmCiiiXAQ5lpBoG74Abtud+3SomfOTr002:Pcm7ImGddXtWrXF5lpKGsAbA+3pB0v
Malware Config
Signatures
-
Detect Blackmoon payload 46 IoCs
Processes:
resource yara_rule behavioral1/memory/2168-1-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/3036-20-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2004-16-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2680-29-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2636-43-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2384-70-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2460-78-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1468-91-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1792-89-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2776-108-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1568-129-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1716-126-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1600-144-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1396-163-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/268-161-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1448-180-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1460-205-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/428-215-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon behavioral1/memory/1408-252-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2180-296-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2468-301-0x00000000001B0000-0x00000000001D9000-memory.dmp family_blackmoon behavioral1/memory/2256-302-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2468-300-0x00000000001B0000-0x00000000001D9000-memory.dmp family_blackmoon behavioral1/memory/2828-342-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2464-355-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2460-362-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1564-376-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2612-377-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2692-391-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1676-419-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1708-425-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1708-433-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1736-454-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/3008-500-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1464-513-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1392-744-0x0000000000430000-0x0000000000459000-memory.dmp family_blackmoon behavioral1/memory/1952-788-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1700-796-0x00000000001B0000-0x00000000001D9000-memory.dmp family_blackmoon behavioral1/memory/1700-795-0x00000000001B0000-0x00000000001D9000-memory.dmp family_blackmoon behavioral1/memory/2968-803-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2032-841-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2548-898-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon behavioral1/memory/2548-896-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon behavioral1/memory/1560-924-0x0000000000220000-0x0000000000249000-memory.dmp family_blackmoon behavioral1/memory/336-957-0x00000000001B0000-0x00000000001D9000-memory.dmp family_blackmoon behavioral1/memory/1912-966-0x00000000003C0000-0x00000000003E9000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
Processes:
3flrflx.exetnbbhh.exe4866846.exe3lffrxf.exefflfrlr.exe7ddpv.exehhtthn.exe0006080.exe2062000.exee20628.exe6422806.exexrllxxl.exe82462.exehthhnn.exennbbtt.exe3nhtnn.exehhtttt.exe8240624.exe648408.exefxffllx.exe4244628.exebbtnnb.exe1lffflx.exe008022.exek20066.exe6844666.exe264646.exerrllxfr.exe64280.exes0220.exe5thhhh.exedvppd.exelrxrlxx.exepdppd.exejdjpv.exefxrflrx.exe6024662.exerfflffx.exedjjvp.exeflfrrxr.exebtbbnn.exexrlrrxf.exe5jdvd.exe1nhntb.exea2042.exepjvdp.exeflxllff.exehbhnbn.exe88628.exe664606.exe9xrfffr.exe486802.exe066264.exe7nbbht.exe28422.exedvdvp.exe0800280.exe824066.exec046806.exeddvdv.exe5pdjp.exeddpvj.exe7bttnh.exeq20606.exepid process 2004 3flrflx.exe 3036 tnbbhh.exe 2680 4866846.exe 2636 3lffrxf.exe 2548 fflfrlr.exe 2320 7ddpv.exe 2384 hhtthn.exe 2460 0006080.exe 1792 2062000.exe 1468 e20628.exe 2624 6422806.exe 2776 xrllxxl.exe 1716 82462.exe 1568 hthhnn.exe 1600 nnbbtt.exe 2732 3nhtnn.exe 268 hhtttt.exe 1396 8240624.exe 1448 648408.exe 2780 fxffllx.exe 2756 4244628.exe 1460 bbtnnb.exe 428 1lffflx.exe 3008 008022.exe 980 k20066.exe 2968 6844666.exe 348 264646.exe 1408 rrllxfr.exe 1368 64280.exe 560 s0220.exe 2972 5thhhh.exe 1916 dvppd.exe 2180 lrxrlxx.exe 2468 pdppd.exe 2540 jdjpv.exe 2116 fxrflrx.exe 2536 6024662.exe 2512 rfflffx.exe 2828 djjvp.exe 2432 flfrrxr.exe 2400 btbbnn.exe 2464 xrlrrxf.exe 2460 5jdvd.exe 1564 1nhntb.exe 2612 a2042.exe 2692 pjvdp.exe 2696 flxllff.exe 2444 hbhnbn.exe 2360 88628.exe 1964 664606.exe 1676 9xrfffr.exe 1708 486802.exe 540 066264.exe 1064 7nbbht.exe 1736 28422.exe 2316 dvdvp.exe 1448 0800280.exe 2744 824066.exe 2832 c046806.exe 2252 ddvdv.exe 3020 5pdjp.exe 1608 ddpvj.exe 3008 7bttnh.exe 1464 q20606.exe -
Processes:
resource yara_rule behavioral1/memory/2168-1-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2004-8-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/3036-20-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2004-16-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2680-29-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2636-43-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2384-70-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2460-78-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1792-80-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1468-91-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1792-89-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2776-108-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1568-129-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1716-126-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1600-144-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1396-163-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/268-161-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1448-180-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1460-197-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1460-205-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2968-233-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1408-252-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2180-296-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2256-302-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2512-328-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2828-335-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2828-342-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2464-355-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2460-362-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1564-376-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2612-377-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2692-384-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2692-391-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2444-398-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1676-419-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1708-425-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1708-433-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1736-454-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2316-455-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/3008-500-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2068-514-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1464-513-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2968-521-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2668-580-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2392-600-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2412-620-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2556-627-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1928-655-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2624-675-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1392-744-0x0000000000430000-0x0000000000459000-memory.dmp upx behavioral1/memory/1900-751-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1952-788-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1700-795-0x00000000001B0000-0x00000000001D9000-memory.dmp upx behavioral1/memory/2968-803-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2032-841-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2544-866-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2548-896-0x0000000000220000-0x0000000000249000-memory.dmp upx behavioral1/memory/2600-931-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
3d7932a46d89a1da26d6870424c63b33ada8d97d9c45915e04dc286649992683_NeikiAnalytics.exe3flrflx.exetnbbhh.exe4866846.exe3lffrxf.exefflfrlr.exe7ddpv.exehhtthn.exe0006080.exe2062000.exee20628.exe6422806.exexrllxxl.exe82462.exehthhnn.exennbbtt.exedescription pid process target process PID 2168 wrote to memory of 2004 2168 3d7932a46d89a1da26d6870424c63b33ada8d97d9c45915e04dc286649992683_NeikiAnalytics.exe 3flrflx.exe PID 2168 wrote to memory of 2004 2168 3d7932a46d89a1da26d6870424c63b33ada8d97d9c45915e04dc286649992683_NeikiAnalytics.exe 3flrflx.exe PID 2168 wrote to memory of 2004 2168 3d7932a46d89a1da26d6870424c63b33ada8d97d9c45915e04dc286649992683_NeikiAnalytics.exe 3flrflx.exe PID 2168 wrote to memory of 2004 2168 3d7932a46d89a1da26d6870424c63b33ada8d97d9c45915e04dc286649992683_NeikiAnalytics.exe 3flrflx.exe PID 2004 wrote to memory of 3036 2004 3flrflx.exe tnbbhh.exe PID 2004 wrote to memory of 3036 2004 3flrflx.exe tnbbhh.exe PID 2004 wrote to memory of 3036 2004 3flrflx.exe tnbbhh.exe PID 2004 wrote to memory of 3036 2004 3flrflx.exe tnbbhh.exe PID 3036 wrote to memory of 2680 3036 tnbbhh.exe 4866846.exe PID 3036 wrote to memory of 2680 3036 tnbbhh.exe 4866846.exe PID 3036 wrote to memory of 2680 3036 tnbbhh.exe 4866846.exe PID 3036 wrote to memory of 2680 3036 tnbbhh.exe 4866846.exe PID 2680 wrote to memory of 2636 2680 4866846.exe 3lffrxf.exe PID 2680 wrote to memory of 2636 2680 4866846.exe 3lffrxf.exe PID 2680 wrote to memory of 2636 2680 4866846.exe 3lffrxf.exe PID 2680 wrote to memory of 2636 2680 4866846.exe 3lffrxf.exe PID 2636 wrote to memory of 2548 2636 3lffrxf.exe fflfrlr.exe PID 2636 wrote to memory of 2548 2636 3lffrxf.exe fflfrlr.exe PID 2636 wrote to memory of 2548 2636 3lffrxf.exe fflfrlr.exe PID 2636 wrote to memory of 2548 2636 3lffrxf.exe fflfrlr.exe PID 2548 wrote to memory of 2320 2548 fflfrlr.exe 7ddpv.exe PID 2548 wrote to memory of 2320 2548 fflfrlr.exe 7ddpv.exe PID 2548 wrote to memory of 2320 2548 fflfrlr.exe 7ddpv.exe PID 2548 wrote to memory of 2320 2548 fflfrlr.exe 7ddpv.exe PID 2320 wrote to memory of 2384 2320 7ddpv.exe hhtthn.exe PID 2320 wrote to memory of 2384 2320 7ddpv.exe hhtthn.exe PID 2320 wrote to memory of 2384 2320 7ddpv.exe hhtthn.exe PID 2320 wrote to memory of 2384 2320 7ddpv.exe hhtthn.exe PID 2384 wrote to memory of 2460 2384 hhtthn.exe 0006080.exe PID 2384 wrote to memory of 2460 2384 hhtthn.exe 0006080.exe PID 2384 wrote to memory of 2460 2384 hhtthn.exe 0006080.exe PID 2384 wrote to memory of 2460 2384 hhtthn.exe 0006080.exe PID 2460 wrote to memory of 1792 2460 0006080.exe 2062000.exe PID 2460 wrote to memory of 1792 2460 0006080.exe 2062000.exe PID 2460 wrote to memory of 1792 2460 0006080.exe 2062000.exe PID 2460 wrote to memory of 1792 2460 0006080.exe 2062000.exe PID 1792 wrote to memory of 1468 1792 2062000.exe e20628.exe PID 1792 wrote to memory of 1468 1792 2062000.exe e20628.exe PID 1792 wrote to memory of 1468 1792 2062000.exe e20628.exe PID 1792 wrote to memory of 1468 1792 2062000.exe e20628.exe PID 1468 wrote to memory of 2624 1468 e20628.exe 6422806.exe PID 1468 wrote to memory of 2624 1468 e20628.exe 6422806.exe PID 1468 wrote to memory of 2624 1468 e20628.exe 6422806.exe PID 1468 wrote to memory of 2624 1468 e20628.exe 6422806.exe PID 2624 wrote to memory of 2776 2624 6422806.exe xrllxxl.exe PID 2624 wrote to memory of 2776 2624 6422806.exe xrllxxl.exe PID 2624 wrote to memory of 2776 2624 6422806.exe xrllxxl.exe PID 2624 wrote to memory of 2776 2624 6422806.exe xrllxxl.exe PID 2776 wrote to memory of 1716 2776 xrllxxl.exe 82462.exe PID 2776 wrote to memory of 1716 2776 xrllxxl.exe 82462.exe PID 2776 wrote to memory of 1716 2776 xrllxxl.exe 82462.exe PID 2776 wrote to memory of 1716 2776 xrllxxl.exe 82462.exe PID 1716 wrote to memory of 1568 1716 82462.exe hthhnn.exe PID 1716 wrote to memory of 1568 1716 82462.exe hthhnn.exe PID 1716 wrote to memory of 1568 1716 82462.exe hthhnn.exe PID 1716 wrote to memory of 1568 1716 82462.exe hthhnn.exe PID 1568 wrote to memory of 1600 1568 hthhnn.exe nnbbtt.exe PID 1568 wrote to memory of 1600 1568 hthhnn.exe nnbbtt.exe PID 1568 wrote to memory of 1600 1568 hthhnn.exe nnbbtt.exe PID 1568 wrote to memory of 1600 1568 hthhnn.exe nnbbtt.exe PID 1600 wrote to memory of 2732 1600 nnbbtt.exe 3nhtnn.exe PID 1600 wrote to memory of 2732 1600 nnbbtt.exe 3nhtnn.exe PID 1600 wrote to memory of 2732 1600 nnbbtt.exe 3nhtnn.exe PID 1600 wrote to memory of 2732 1600 nnbbtt.exe 3nhtnn.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\3d7932a46d89a1da26d6870424c63b33ada8d97d9c45915e04dc286649992683_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\3d7932a46d89a1da26d6870424c63b33ada8d97d9c45915e04dc286649992683_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2168 -
\??\c:\3flrflx.exec:\3flrflx.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2004 -
\??\c:\tnbbhh.exec:\tnbbhh.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3036 -
\??\c:\4866846.exec:\4866846.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2680 -
\??\c:\3lffrxf.exec:\3lffrxf.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2636 -
\??\c:\fflfrlr.exec:\fflfrlr.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2548 -
\??\c:\7ddpv.exec:\7ddpv.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2320 -
\??\c:\hhtthn.exec:\hhtthn.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2384 -
\??\c:\0006080.exec:\0006080.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2460 -
\??\c:\2062000.exec:\2062000.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1792 -
\??\c:\e20628.exec:\e20628.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1468 -
\??\c:\6422806.exec:\6422806.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2624 -
\??\c:\xrllxxl.exec:\xrllxxl.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2776 -
\??\c:\82462.exec:\82462.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1716 -
\??\c:\hthhnn.exec:\hthhnn.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1568 -
\??\c:\nnbbtt.exec:\nnbbtt.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1600 -
\??\c:\3nhtnn.exec:\3nhtnn.exe17⤵
- Executes dropped EXE
PID:2732 -
\??\c:\hhtttt.exec:\hhtttt.exe18⤵
- Executes dropped EXE
PID:268 -
\??\c:\8240624.exec:\8240624.exe19⤵
- Executes dropped EXE
PID:1396 -
\??\c:\648408.exec:\648408.exe20⤵
- Executes dropped EXE
PID:1448 -
\??\c:\fxffllx.exec:\fxffllx.exe21⤵
- Executes dropped EXE
PID:2780 -
\??\c:\4244628.exec:\4244628.exe22⤵
- Executes dropped EXE
PID:2756 -
\??\c:\bbtnnb.exec:\bbtnnb.exe23⤵
- Executes dropped EXE
PID:1460 -
\??\c:\1lffflx.exec:\1lffflx.exe24⤵
- Executes dropped EXE
PID:428 -
\??\c:\008022.exec:\008022.exe25⤵
- Executes dropped EXE
PID:3008 -
\??\c:\k20066.exec:\k20066.exe26⤵
- Executes dropped EXE
PID:980 -
\??\c:\6844666.exec:\6844666.exe27⤵
- Executes dropped EXE
PID:2968 -
\??\c:\264646.exec:\264646.exe28⤵
- Executes dropped EXE
PID:348 -
\??\c:\rrllxfr.exec:\rrllxfr.exe29⤵
- Executes dropped EXE
PID:1408 -
\??\c:\64280.exec:\64280.exe30⤵
- Executes dropped EXE
PID:1368 -
\??\c:\s0220.exec:\s0220.exe31⤵
- Executes dropped EXE
PID:560 -
\??\c:\5thhhh.exec:\5thhhh.exe32⤵
- Executes dropped EXE
PID:2972 -
\??\c:\dvppd.exec:\dvppd.exe33⤵
- Executes dropped EXE
PID:1916 -
\??\c:\lrxrlxx.exec:\lrxrlxx.exe34⤵
- Executes dropped EXE
PID:2180 -
\??\c:\pdppd.exec:\pdppd.exe35⤵
- Executes dropped EXE
PID:2468 -
\??\c:\dvpvj.exec:\dvpvj.exe36⤵PID:2256
-
\??\c:\jdjpv.exec:\jdjpv.exe37⤵
- Executes dropped EXE
PID:2540 -
\??\c:\fxrflrx.exec:\fxrflrx.exe38⤵
- Executes dropped EXE
PID:2116 -
\??\c:\6024662.exec:\6024662.exe39⤵
- Executes dropped EXE
PID:2536 -
\??\c:\rfflffx.exec:\rfflffx.exe40⤵
- Executes dropped EXE
PID:2512 -
\??\c:\djjvp.exec:\djjvp.exe41⤵
- Executes dropped EXE
PID:2828 -
\??\c:\flfrrxr.exec:\flfrrxr.exe42⤵
- Executes dropped EXE
PID:2432 -
\??\c:\btbbnn.exec:\btbbnn.exe43⤵
- Executes dropped EXE
PID:2400 -
\??\c:\xrlrrxf.exec:\xrlrrxf.exe44⤵
- Executes dropped EXE
PID:2464 -
\??\c:\5jdvd.exec:\5jdvd.exe45⤵
- Executes dropped EXE
PID:2460 -
\??\c:\1nhntb.exec:\1nhntb.exe46⤵
- Executes dropped EXE
PID:1564 -
\??\c:\a2042.exec:\a2042.exe47⤵
- Executes dropped EXE
PID:2612 -
\??\c:\pjvdp.exec:\pjvdp.exe48⤵
- Executes dropped EXE
PID:2692 -
\??\c:\flxllff.exec:\flxllff.exe49⤵
- Executes dropped EXE
PID:2696 -
\??\c:\hbhnbn.exec:\hbhnbn.exe50⤵
- Executes dropped EXE
PID:2444 -
\??\c:\88628.exec:\88628.exe51⤵
- Executes dropped EXE
PID:2360 -
\??\c:\664606.exec:\664606.exe52⤵
- Executes dropped EXE
PID:1964 -
\??\c:\9xrfffr.exec:\9xrfffr.exe53⤵
- Executes dropped EXE
PID:1676 -
\??\c:\486802.exec:\486802.exe54⤵
- Executes dropped EXE
PID:1708 -
\??\c:\066264.exec:\066264.exe55⤵
- Executes dropped EXE
PID:540 -
\??\c:\7nbbht.exec:\7nbbht.exe56⤵
- Executes dropped EXE
PID:1064 -
\??\c:\28422.exec:\28422.exe57⤵
- Executes dropped EXE
PID:1736 -
\??\c:\dvdvp.exec:\dvdvp.exe58⤵
- Executes dropped EXE
PID:2316 -
\??\c:\0800280.exec:\0800280.exe59⤵
- Executes dropped EXE
PID:1448 -
\??\c:\824066.exec:\824066.exe60⤵
- Executes dropped EXE
PID:2744 -
\??\c:\c046806.exec:\c046806.exe61⤵
- Executes dropped EXE
PID:2832 -
\??\c:\ddvdv.exec:\ddvdv.exe62⤵
- Executes dropped EXE
PID:2252 -
\??\c:\5pdjp.exec:\5pdjp.exe63⤵
- Executes dropped EXE
PID:3020 -
\??\c:\ddpvj.exec:\ddpvj.exe64⤵
- Executes dropped EXE
PID:1608 -
\??\c:\7bttnh.exec:\7bttnh.exe65⤵
- Executes dropped EXE
PID:3008 -
\??\c:\q20606.exec:\q20606.exe66⤵
- Executes dropped EXE
PID:1464 -
\??\c:\5rlfllr.exec:\5rlfllr.exe67⤵PID:2068
-
\??\c:\pjjpd.exec:\pjjpd.exe68⤵PID:2968
-
\??\c:\hhbnhn.exec:\hhbnhn.exe69⤵PID:904
-
\??\c:\0866668.exec:\0866668.exe70⤵PID:1688
-
\??\c:\420460.exec:\420460.exe71⤵PID:1956
-
\??\c:\o248880.exec:\o248880.exe72⤵PID:2916
-
\??\c:\60802.exec:\60802.exe73⤵PID:1436
-
\??\c:\042422.exec:\042422.exe74⤵PID:984
-
\??\c:\7nhbbh.exec:\7nhbbh.exe75⤵PID:2188
-
\??\c:\e42682.exec:\e42682.exe76⤵PID:2572
-
\??\c:\lfllrrf.exec:\lfllrrf.exe77⤵PID:2668
-
\??\c:\6684668.exec:\6684668.exe78⤵PID:1516
-
\??\c:\o688006.exec:\o688006.exe79⤵PID:2540
-
\??\c:\ddjpj.exec:\ddjpj.exe80⤵PID:2392
-
\??\c:\268066.exec:\268066.exe81⤵PID:2504
-
\??\c:\0440620.exec:\0440620.exe82⤵PID:2632
-
\??\c:\w02244.exec:\w02244.exe83⤵PID:2412
-
\??\c:\vdjvp.exec:\vdjvp.exe84⤵PID:2556
-
\??\c:\jdvdv.exec:\jdvdv.exe85⤵PID:2388
-
\??\c:\086022.exec:\086022.exe86⤵PID:2956
-
\??\c:\4246228.exec:\4246228.exe87⤵PID:2596
-
\??\c:\822424.exec:\822424.exe88⤵PID:1928
-
\??\c:\4406848.exec:\4406848.exe89⤵PID:2612
-
\??\c:\26062.exec:\26062.exe90⤵PID:2196
-
\??\c:\xxxfrfl.exec:\xxxfrfl.exe91⤵PID:2624
-
\??\c:\666200.exec:\666200.exe92⤵PID:1888
-
\??\c:\6080668.exec:\6080668.exe93⤵PID:1612
-
\??\c:\bthnbb.exec:\bthnbb.exe94⤵PID:1892
-
\??\c:\llxxrff.exec:\llxxrff.exe95⤵PID:2200
-
\??\c:\c266880.exec:\c266880.exe96⤵PID:1556
-
\??\c:\jdddp.exec:\jdddp.exe97⤵PID:2732
-
\??\c:\864466.exec:\864466.exe98⤵PID:956
-
\??\c:\3vdjp.exec:\3vdjp.exe99⤵PID:1396
-
\??\c:\pdppd.exec:\pdppd.exe100⤵PID:836
-
\??\c:\c486446.exec:\c486446.exe101⤵PID:1392
-
\??\c:\424628.exec:\424628.exe102⤵PID:1448
-
\??\c:\g4006.exec:\g4006.exe103⤵PID:1900
-
\??\c:\3pdpp.exec:\3pdpp.exe104⤵PID:812
-
\??\c:\llffllx.exec:\llffllx.exe105⤵PID:2252
-
\??\c:\i622824.exec:\i622824.exe106⤵PID:3020
-
\??\c:\0424224.exec:\0424224.exe107⤵PID:1608
-
\??\c:\9fxxfrr.exec:\9fxxfrr.exe108⤵PID:1952
-
\??\c:\86268.exec:\86268.exe109⤵PID:1700
-
\??\c:\862208.exec:\862208.exe110⤵PID:980
-
\??\c:\dpddp.exec:\dpddp.exe111⤵PID:2968
-
\??\c:\bbtnhh.exec:\bbtnhh.exe112⤵PID:2240
-
\??\c:\hhbhnh.exec:\hhbhnh.exe113⤵PID:2920
-
\??\c:\lfllxxl.exec:\lfllxxl.exe114⤵PID:2044
-
\??\c:\tththn.exec:\tththn.exe115⤵PID:1148
-
\??\c:\vvppv.exec:\vvppv.exe116⤵PID:2032
-
\??\c:\ddvdv.exec:\ddvdv.exe117⤵PID:984
-
\??\c:\9nhbbb.exec:\9nhbbb.exe118⤵PID:2188
-
\??\c:\hhhnnn.exec:\hhhnnn.exe119⤵PID:2528
-
\??\c:\jvjjp.exec:\jvjjp.exe120⤵PID:2660
-
\??\c:\48288.exec:\48288.exe121⤵PID:2544
-
\??\c:\hhthth.exec:\hhthth.exe122⤵PID:2664
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-