Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
21-06-2024 05:12
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
41316551ecde40de59fef32f6e68f5e48461ac39cc6c388abaae36b37cc44717_NeikiAnalytics.exe
Resource
win7-20240508-en
5 signatures
150 seconds
General
-
Target
41316551ecde40de59fef32f6e68f5e48461ac39cc6c388abaae36b37cc44717_NeikiAnalytics.exe
-
Size
93KB
-
MD5
0134cedcdf6e152b2a92acb6ba677320
-
SHA1
d2718ea7b1595b6ae673545dc663a10582d97a29
-
SHA256
41316551ecde40de59fef32f6e68f5e48461ac39cc6c388abaae36b37cc44717
-
SHA512
e78f301e8025df70999c53e7e078c8f3ee7433bab09c7f3b070aa8fb4a02a6f0186adc46751728d9ec26e32a41433ac15e0b95ddc8aa927ead9b990e4d617abb
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoLuePjDYlR3hnjKXIQSe9oEQ:ymb3NkkiQ3mdBjFoLucjDilOZhof
Malware Config
Signatures
-
Detect Blackmoon payload 23 IoCs
Processes:
resource yara_rule behavioral1/memory/2740-7-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2668-13-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2664-24-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2820-34-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/3024-44-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2740-6-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1712-60-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1712-59-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2900-86-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2576-74-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1484-90-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2756-115-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2348-123-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/560-133-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1872-151-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2196-187-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2188-205-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1640-223-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1704-241-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2856-249-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1508-258-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2280-277-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2852-303-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
Processes:
lxfxflr.exennhttt.exebbtbnt.exe1jpvj.exe7jdjj.exe1lxxlfr.exevvpdp.exevppjd.exetnhhnn.exepjvvp.exe9jppd.exefxrflxf.exe5btbhh.exenbtnbh.exe5jjpp.exevpjvj.exelffflrr.exexrflxfl.exetnhnnt.exe7vpvj.exevpvpv.exexrlrxxf.exetnbbnt.exe5nhtbh.exe9vjjv.exerfrrfxf.exenhttbh.exe3bbtbh.exejvjpp.exerrxfrfx.exetnhnhn.exehbhnbh.exejjdvp.exerlflffl.exerlrrfff.exe9nbhtt.exenhthnn.exe9jdjp.exejvjjv.exerlxrrrx.exexrflrrf.exethtbnn.exebnnnbt.exejjvvd.exelrfxxxx.exe1frlxxf.exe3thntn.exe3hhntt.exevpdjp.exevjvvd.exefxfrlfl.exefxflflx.exebntntn.exe3nbhnn.exe1jvpv.exejvddj.exefxrrffl.exerlrxllr.exethhnbn.exehbbbtt.exepdjjv.exeppjpj.exe5xllrxf.exeffrxrrx.exepid process 2668 lxfxflr.exe 2664 nnhttt.exe 2820 bbtbnt.exe 3024 1jpvj.exe 1712 7jdjj.exe 2576 1lxxlfr.exe 2900 vvpdp.exe 1484 vppjd.exe 1228 tnhhnn.exe 2756 pjvvp.exe 2348 9jppd.exe 560 fxrflxf.exe 2140 5btbhh.exe 1872 nbtnbh.exe 2384 5jjpp.exe 1172 vpjvj.exe 2560 lffflrr.exe 2196 xrflxfl.exe 2448 tnhnnt.exe 2188 7vpvj.exe 1104 vpvpv.exe 1640 xrlrxxf.exe 520 tnbbnt.exe 1704 5nhtbh.exe 2856 9vjjv.exe 1508 rfrrfxf.exe 800 nhttbh.exe 2280 3bbtbh.exe 2808 jvjpp.exe 2308 rrxfrfx.exe 2852 tnhnhn.exe 2416 hbhnbh.exe 2556 jjdvp.exe 1464 rlflffl.exe 2684 rlrrfff.exe 2720 9nbhtt.exe 2580 nhthnn.exe 2500 9jdjp.exe 2728 jvjjv.exe 2512 rlxrrrx.exe 2468 xrflrrf.exe 2716 thtbnn.exe 2900 bnnnbt.exe 1368 jjvvd.exe 836 lrfxxxx.exe 1228 1frlxxf.exe 1212 3thntn.exe 2652 3hhntt.exe 2128 vpdjp.exe 1560 vjvvd.exe 1416 fxfrlfl.exe 1472 fxflflx.exe 2044 bntntn.exe 2020 3nbhnn.exe 1196 1jvpv.exe 2324 jvddj.exe 2200 fxrrffl.exe 2208 rlrxllr.exe 672 thhnbn.exe 764 hbbbtt.exe 648 pdjjv.exe 572 ppjpj.exe 1884 5xllrxf.exe 1204 ffrxrrx.exe -
Processes:
resource yara_rule behavioral1/memory/2668-13-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2664-24-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2820-34-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/3024-44-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2740-6-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1712-60-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2576-65-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2576-64-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2576-63-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2900-79-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2900-86-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2900-77-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2900-76-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2576-74-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1484-90-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2756-115-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2348-123-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/560-133-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1872-151-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2196-187-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2188-205-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1640-223-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1704-241-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2856-249-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1508-258-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2280-277-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2852-303-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
41316551ecde40de59fef32f6e68f5e48461ac39cc6c388abaae36b37cc44717_NeikiAnalytics.exelxfxflr.exennhttt.exebbtbnt.exe1jpvj.exe7jdjj.exe1lxxlfr.exevvpdp.exevppjd.exetnhhnn.exepjvvp.exe9jppd.exefxrflxf.exe5btbhh.exenbtnbh.exe5jjpp.exedescription pid process target process PID 2740 wrote to memory of 2668 2740 41316551ecde40de59fef32f6e68f5e48461ac39cc6c388abaae36b37cc44717_NeikiAnalytics.exe lxfxflr.exe PID 2740 wrote to memory of 2668 2740 41316551ecde40de59fef32f6e68f5e48461ac39cc6c388abaae36b37cc44717_NeikiAnalytics.exe lxfxflr.exe PID 2740 wrote to memory of 2668 2740 41316551ecde40de59fef32f6e68f5e48461ac39cc6c388abaae36b37cc44717_NeikiAnalytics.exe lxfxflr.exe PID 2740 wrote to memory of 2668 2740 41316551ecde40de59fef32f6e68f5e48461ac39cc6c388abaae36b37cc44717_NeikiAnalytics.exe lxfxflr.exe PID 2668 wrote to memory of 2664 2668 lxfxflr.exe nnhttt.exe PID 2668 wrote to memory of 2664 2668 lxfxflr.exe nnhttt.exe PID 2668 wrote to memory of 2664 2668 lxfxflr.exe nnhttt.exe PID 2668 wrote to memory of 2664 2668 lxfxflr.exe nnhttt.exe PID 2664 wrote to memory of 2820 2664 nnhttt.exe bbtbnt.exe PID 2664 wrote to memory of 2820 2664 nnhttt.exe bbtbnt.exe PID 2664 wrote to memory of 2820 2664 nnhttt.exe bbtbnt.exe PID 2664 wrote to memory of 2820 2664 nnhttt.exe bbtbnt.exe PID 2820 wrote to memory of 3024 2820 bbtbnt.exe 1jpvj.exe PID 2820 wrote to memory of 3024 2820 bbtbnt.exe 1jpvj.exe PID 2820 wrote to memory of 3024 2820 bbtbnt.exe 1jpvj.exe PID 2820 wrote to memory of 3024 2820 bbtbnt.exe 1jpvj.exe PID 3024 wrote to memory of 1712 3024 1jpvj.exe 7jdjj.exe PID 3024 wrote to memory of 1712 3024 1jpvj.exe 7jdjj.exe PID 3024 wrote to memory of 1712 3024 1jpvj.exe 7jdjj.exe PID 3024 wrote to memory of 1712 3024 1jpvj.exe 7jdjj.exe PID 1712 wrote to memory of 2576 1712 7jdjj.exe 1lxxlfr.exe PID 1712 wrote to memory of 2576 1712 7jdjj.exe 1lxxlfr.exe PID 1712 wrote to memory of 2576 1712 7jdjj.exe 1lxxlfr.exe PID 1712 wrote to memory of 2576 1712 7jdjj.exe 1lxxlfr.exe PID 2576 wrote to memory of 2900 2576 1lxxlfr.exe vvpdp.exe PID 2576 wrote to memory of 2900 2576 1lxxlfr.exe vvpdp.exe PID 2576 wrote to memory of 2900 2576 1lxxlfr.exe vvpdp.exe PID 2576 wrote to memory of 2900 2576 1lxxlfr.exe vvpdp.exe PID 2900 wrote to memory of 1484 2900 vvpdp.exe vppjd.exe PID 2900 wrote to memory of 1484 2900 vvpdp.exe vppjd.exe PID 2900 wrote to memory of 1484 2900 vvpdp.exe vppjd.exe PID 2900 wrote to memory of 1484 2900 vvpdp.exe vppjd.exe PID 1484 wrote to memory of 1228 1484 vppjd.exe tnhhnn.exe PID 1484 wrote to memory of 1228 1484 vppjd.exe tnhhnn.exe PID 1484 wrote to memory of 1228 1484 vppjd.exe tnhhnn.exe PID 1484 wrote to memory of 1228 1484 vppjd.exe tnhhnn.exe PID 1228 wrote to memory of 2756 1228 tnhhnn.exe pjvvp.exe PID 1228 wrote to memory of 2756 1228 tnhhnn.exe pjvvp.exe PID 1228 wrote to memory of 2756 1228 tnhhnn.exe pjvvp.exe PID 1228 wrote to memory of 2756 1228 tnhhnn.exe pjvvp.exe PID 2756 wrote to memory of 2348 2756 pjvvp.exe 9jppd.exe PID 2756 wrote to memory of 2348 2756 pjvvp.exe 9jppd.exe PID 2756 wrote to memory of 2348 2756 pjvvp.exe 9jppd.exe PID 2756 wrote to memory of 2348 2756 pjvvp.exe 9jppd.exe PID 2348 wrote to memory of 560 2348 9jppd.exe fxrflxf.exe PID 2348 wrote to memory of 560 2348 9jppd.exe fxrflxf.exe PID 2348 wrote to memory of 560 2348 9jppd.exe fxrflxf.exe PID 2348 wrote to memory of 560 2348 9jppd.exe fxrflxf.exe PID 560 wrote to memory of 2140 560 fxrflxf.exe 5btbhh.exe PID 560 wrote to memory of 2140 560 fxrflxf.exe 5btbhh.exe PID 560 wrote to memory of 2140 560 fxrflxf.exe 5btbhh.exe PID 560 wrote to memory of 2140 560 fxrflxf.exe 5btbhh.exe PID 2140 wrote to memory of 1872 2140 5btbhh.exe nbtnbh.exe PID 2140 wrote to memory of 1872 2140 5btbhh.exe nbtnbh.exe PID 2140 wrote to memory of 1872 2140 5btbhh.exe nbtnbh.exe PID 2140 wrote to memory of 1872 2140 5btbhh.exe nbtnbh.exe PID 1872 wrote to memory of 2384 1872 nbtnbh.exe 5jjpp.exe PID 1872 wrote to memory of 2384 1872 nbtnbh.exe 5jjpp.exe PID 1872 wrote to memory of 2384 1872 nbtnbh.exe 5jjpp.exe PID 1872 wrote to memory of 2384 1872 nbtnbh.exe 5jjpp.exe PID 2384 wrote to memory of 1172 2384 5jjpp.exe vpjvj.exe PID 2384 wrote to memory of 1172 2384 5jjpp.exe vpjvj.exe PID 2384 wrote to memory of 1172 2384 5jjpp.exe vpjvj.exe PID 2384 wrote to memory of 1172 2384 5jjpp.exe vpjvj.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\41316551ecde40de59fef32f6e68f5e48461ac39cc6c388abaae36b37cc44717_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\41316551ecde40de59fef32f6e68f5e48461ac39cc6c388abaae36b37cc44717_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2740 -
\??\c:\lxfxflr.exec:\lxfxflr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2668 -
\??\c:\nnhttt.exec:\nnhttt.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2664 -
\??\c:\bbtbnt.exec:\bbtbnt.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2820 -
\??\c:\1jpvj.exec:\1jpvj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3024 -
\??\c:\7jdjj.exec:\7jdjj.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1712 -
\??\c:\1lxxlfr.exec:\1lxxlfr.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2576 -
\??\c:\vvpdp.exec:\vvpdp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2900 -
\??\c:\vppjd.exec:\vppjd.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1484 -
\??\c:\tnhhnn.exec:\tnhhnn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1228 -
\??\c:\pjvvp.exec:\pjvvp.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2756 -
\??\c:\9jppd.exec:\9jppd.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2348 -
\??\c:\fxrflxf.exec:\fxrflxf.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:560 -
\??\c:\5btbhh.exec:\5btbhh.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2140 -
\??\c:\nbtnbh.exec:\nbtnbh.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1872 -
\??\c:\5jjpp.exec:\5jjpp.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2384 -
\??\c:\vpjvj.exec:\vpjvj.exe17⤵
- Executes dropped EXE
PID:1172 -
\??\c:\lffflrr.exec:\lffflrr.exe18⤵
- Executes dropped EXE
PID:2560 -
\??\c:\xrflxfl.exec:\xrflxfl.exe19⤵
- Executes dropped EXE
PID:2196 -
\??\c:\tnhnnt.exec:\tnhnnt.exe20⤵
- Executes dropped EXE
PID:2448 -
\??\c:\7vpvj.exec:\7vpvj.exe21⤵
- Executes dropped EXE
PID:2188 -
\??\c:\vpvpv.exec:\vpvpv.exe22⤵
- Executes dropped EXE
PID:1104 -
\??\c:\xrlrxxf.exec:\xrlrxxf.exe23⤵
- Executes dropped EXE
PID:1640 -
\??\c:\tnbbnt.exec:\tnbbnt.exe24⤵
- Executes dropped EXE
PID:520 -
\??\c:\5nhtbh.exec:\5nhtbh.exe25⤵
- Executes dropped EXE
PID:1704 -
\??\c:\9vjjv.exec:\9vjjv.exe26⤵
- Executes dropped EXE
PID:2856 -
\??\c:\rfrrfxf.exec:\rfrrfxf.exe27⤵
- Executes dropped EXE
PID:1508 -
\??\c:\nhttbh.exec:\nhttbh.exe28⤵
- Executes dropped EXE
PID:800 -
\??\c:\3bbtbh.exec:\3bbtbh.exe29⤵
- Executes dropped EXE
PID:2280 -
\??\c:\jvjpp.exec:\jvjpp.exe30⤵
- Executes dropped EXE
PID:2808 -
\??\c:\rrxfrfx.exec:\rrxfrfx.exe31⤵
- Executes dropped EXE
PID:2308 -
\??\c:\tnhnhn.exec:\tnhnhn.exe32⤵
- Executes dropped EXE
PID:2852 -
\??\c:\hbhnbh.exec:\hbhnbh.exe33⤵
- Executes dropped EXE
PID:2416 -
\??\c:\jjdvp.exec:\jjdvp.exe34⤵
- Executes dropped EXE
PID:2556 -
\??\c:\rlflffl.exec:\rlflffl.exe35⤵
- Executes dropped EXE
PID:1464 -
\??\c:\rlrrfff.exec:\rlrrfff.exe36⤵
- Executes dropped EXE
PID:2684 -
\??\c:\9nbhtt.exec:\9nbhtt.exe37⤵
- Executes dropped EXE
PID:2720 -
\??\c:\nhthnn.exec:\nhthnn.exe38⤵
- Executes dropped EXE
PID:2580 -
\??\c:\9jdjp.exec:\9jdjp.exe39⤵
- Executes dropped EXE
PID:2500 -
\??\c:\jvjjv.exec:\jvjjv.exe40⤵
- Executes dropped EXE
PID:2728 -
\??\c:\rlxrrrx.exec:\rlxrrrx.exe41⤵
- Executes dropped EXE
PID:2512 -
\??\c:\xrflrrf.exec:\xrflrrf.exe42⤵
- Executes dropped EXE
PID:2468 -
\??\c:\thtbnn.exec:\thtbnn.exe43⤵
- Executes dropped EXE
PID:2716 -
\??\c:\bnnnbt.exec:\bnnnbt.exe44⤵
- Executes dropped EXE
PID:2900 -
\??\c:\jjvvd.exec:\jjvvd.exe45⤵
- Executes dropped EXE
PID:1368 -
\??\c:\lrfxxxx.exec:\lrfxxxx.exe46⤵
- Executes dropped EXE
PID:836 -
\??\c:\1frlxxf.exec:\1frlxxf.exe47⤵
- Executes dropped EXE
PID:1228 -
\??\c:\3thntn.exec:\3thntn.exe48⤵
- Executes dropped EXE
PID:1212 -
\??\c:\3hhntt.exec:\3hhntt.exe49⤵
- Executes dropped EXE
PID:2652 -
\??\c:\vpdjp.exec:\vpdjp.exe50⤵
- Executes dropped EXE
PID:2128 -
\??\c:\vjvvd.exec:\vjvvd.exe51⤵
- Executes dropped EXE
PID:1560 -
\??\c:\fxfrlfl.exec:\fxfrlfl.exe52⤵
- Executes dropped EXE
PID:1416 -
\??\c:\fxflflx.exec:\fxflflx.exe53⤵
- Executes dropped EXE
PID:1472 -
\??\c:\bntntn.exec:\bntntn.exe54⤵
- Executes dropped EXE
PID:2044 -
\??\c:\3nbhnn.exec:\3nbhnn.exe55⤵
- Executes dropped EXE
PID:2020 -
\??\c:\1jvpv.exec:\1jvpv.exe56⤵
- Executes dropped EXE
PID:1196 -
\??\c:\jvddj.exec:\jvddj.exe57⤵
- Executes dropped EXE
PID:2324 -
\??\c:\fxrrffl.exec:\fxrrffl.exe58⤵
- Executes dropped EXE
PID:2200 -
\??\c:\rlrxllr.exec:\rlrxllr.exe59⤵
- Executes dropped EXE
PID:2208 -
\??\c:\thhnbn.exec:\thhnbn.exe60⤵
- Executes dropped EXE
PID:672 -
\??\c:\hbbbtt.exec:\hbbbtt.exe61⤵
- Executes dropped EXE
PID:764 -
\??\c:\pdjjv.exec:\pdjjv.exe62⤵
- Executes dropped EXE
PID:648 -
\??\c:\ppjpj.exec:\ppjpj.exe63⤵
- Executes dropped EXE
PID:572 -
\??\c:\5xllrxf.exec:\5xllrxf.exe64⤵
- Executes dropped EXE
PID:1884 -
\??\c:\ffrxrrx.exec:\ffrxrrx.exe65⤵
- Executes dropped EXE
PID:1204 -
\??\c:\3tbttt.exec:\3tbttt.exe66⤵PID:3016
-
\??\c:\btbtbb.exec:\btbtbb.exe67⤵PID:2856
-
\??\c:\pjvvd.exec:\pjvvd.exe68⤵PID:2084
-
\??\c:\ddppd.exec:\ddppd.exe69⤵PID:904
-
\??\c:\1jddj.exec:\1jddj.exe70⤵PID:2932
-
\??\c:\rlxxffl.exec:\rlxxffl.exe71⤵PID:2356
-
\??\c:\bhtntn.exec:\bhtntn.exe72⤵PID:1064
-
\??\c:\1btbnn.exec:\1btbnn.exe73⤵PID:2120
-
\??\c:\dvjjp.exec:\dvjjp.exe74⤵PID:1080
-
\??\c:\jdvvv.exec:\jdvvv.exe75⤵PID:1852
-
\??\c:\9xrrxlr.exec:\9xrrxlr.exe76⤵PID:1716
-
\??\c:\fxrxxrx.exec:\fxrxxrx.exe77⤵PID:2892
-
\??\c:\fxflrxl.exec:\fxflrxl.exe78⤵PID:2672
-
\??\c:\nnbbnn.exec:\nnbbnn.exe79⤵PID:2592
-
\??\c:\1tnhtb.exec:\1tnhtb.exe80⤵PID:2820
-
\??\c:\9pddj.exec:\9pddj.exe81⤵PID:2696
-
\??\c:\jdpdp.exec:\jdpdp.exe82⤵PID:2472
-
\??\c:\rfrfffr.exec:\rfrfffr.exe83⤵PID:2712
-
\??\c:\xlrxfxf.exec:\xlrxfxf.exe84⤵PID:2464
-
\??\c:\nbbhtt.exec:\nbbhtt.exe85⤵PID:1588
-
\??\c:\htttbh.exec:\htttbh.exe86⤵PID:2908
-
\??\c:\hhbhhh.exec:\hhbhhh.exe87⤵PID:1360
-
\??\c:\vjpvj.exec:\vjpvj.exe88⤵PID:828
-
\??\c:\5vjvd.exec:\5vjvd.exe89⤵PID:2524
-
\??\c:\3flxllr.exec:\3flxllr.exe90⤵PID:2780
-
\??\c:\frfxffl.exec:\frfxffl.exe91⤵PID:348
-
\??\c:\thntbb.exec:\thntbb.exe92⤵PID:748
-
\??\c:\hthnbb.exec:\hthnbb.exe93⤵PID:1720
-
\??\c:\1vppp.exec:\1vppp.exe94⤵PID:1012
-
\??\c:\pdjjp.exec:\pdjjp.exe95⤵PID:1616
-
\??\c:\lfxxllx.exec:\lfxxllx.exe96⤵PID:1512
-
\??\c:\rlxrffl.exec:\rlxrffl.exe97⤵PID:2888
-
\??\c:\1nhbnh.exec:\1nhbnh.exe98⤵PID:2192
-
\??\c:\thhtht.exec:\thhtht.exe99⤵PID:3004
-
\??\c:\3htbhh.exec:\3htbhh.exe100⤵PID:1948
-
\??\c:\vpjjd.exec:\vpjjd.exe101⤵PID:2196
-
\??\c:\dpddd.exec:\dpddd.exe102⤵PID:2448
-
\??\c:\lfllxrf.exec:\lfllxrf.exe103⤵PID:756
-
\??\c:\9xlrxrr.exec:\9xlrxrr.exe104⤵PID:624
-
\??\c:\bbttbt.exec:\bbttbt.exe105⤵PID:900
-
\??\c:\3btnnn.exec:\3btnnn.exe106⤵PID:552
-
\??\c:\vpddd.exec:\vpddd.exe107⤵PID:908
-
\??\c:\5vjdd.exec:\5vjdd.exe108⤵PID:444
-
\??\c:\3xxfrxf.exec:\3xxfrxf.exe109⤵PID:412
-
\??\c:\lfrrrlr.exec:\lfrrrlr.exe110⤵PID:372
-
\??\c:\bnnhtb.exec:\bnnhtb.exe111⤵PID:1272
-
\??\c:\vpvpv.exec:\vpvpv.exe112⤵PID:2996
-
\??\c:\jdvvj.exec:\jdvvj.exe113⤵PID:1912
-
\??\c:\fxrrxxf.exec:\fxrrxxf.exe114⤵PID:2936
-
\??\c:\fxxxffr.exec:\fxxxffr.exe115⤵PID:1984
-
\??\c:\hbbbhh.exec:\hbbbhh.exe116⤵PID:1672
-
\??\c:\tnhnhb.exec:\tnhnhb.exe117⤵PID:1628
-
\??\c:\1dppv.exec:\1dppv.exe118⤵PID:1488
-
\??\c:\vdjdp.exec:\vdjdp.exe119⤵PID:2740
-
\??\c:\9xrfrxf.exec:\9xrfrxf.exe120⤵PID:2664
-
\??\c:\rlrlxxf.exec:\rlrlxxf.exe121⤵PID:2724
-
\??\c:\5bttbn.exec:\5bttbn.exe122⤵PID:2736
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-