Analysis
-
max time kernel
150s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
21-06-2024 06:53
Behavioral task
behavioral1
Sample
4b8d4ddb2418257fec9a45aa19dbe1894a60551810053b3aea342dd62504b92e_NeikiAnalytics.exe
Resource
win7-20240611-en
5 signatures
150 seconds
General
-
Target
4b8d4ddb2418257fec9a45aa19dbe1894a60551810053b3aea342dd62504b92e_NeikiAnalytics.exe
-
Size
227KB
-
MD5
e383ed08023312a2d0037ca9dd673f30
-
SHA1
743c1332fab467425ef9eb203295c68f347b3d6c
-
SHA256
4b8d4ddb2418257fec9a45aa19dbe1894a60551810053b3aea342dd62504b92e
-
SHA512
14c49644bc487c44f1227aa40fdb6b9171f65ebb08c527accfb8fa1f16b411cc3342f4402c4977d09a8650f017783690418dde254922aa15ad6db934e529fa5b
-
SSDEEP
6144:Jcm4FmowdHoS3dGmS4Z1hraHcpOaKHpaztyzl+Sj:T4wFHoS3dJS4ZzeFaKHpCcT
Malware Config
Signatures
-
Detect Blackmoon payload 37 IoCs
Processes:
resource yara_rule behavioral1/memory/1916-0-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral1/memory/2200-9-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral1/memory/2220-19-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral1/memory/2228-28-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral1/memory/2228-30-0x0000000000440000-0x0000000000475000-memory.dmp family_blackmoon behavioral1/memory/2984-38-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral1/memory/2640-56-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral1/memory/2700-54-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral1/memory/2500-72-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral1/memory/2592-80-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral1/memory/2628-89-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral1/memory/2508-99-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral1/memory/2948-109-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral1/memory/340-112-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral1/memory/2144-147-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral1/memory/2376-144-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral1/memory/1904-187-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral1/memory/2000-214-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral1/memory/1352-250-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral1/memory/2196-258-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral1/memory/2872-267-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral1/memory/2364-270-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral1/memory/2040-286-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral1/memory/2676-325-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral1/memory/2620-349-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral1/memory/2616-363-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral1/memory/2300-364-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral1/memory/2580-371-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral1/memory/2372-415-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral1/memory/2376-434-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral1/memory/1556-454-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral1/memory/1764-497-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral1/memory/1520-522-0x0000000000250000-0x0000000000285000-memory.dmp family_blackmoon behavioral1/memory/1908-557-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral1/memory/1692-606-0x0000000000400000-0x0000000000435000-memory.dmp family_blackmoon behavioral1/memory/2520-657-0x0000000000220000-0x0000000000255000-memory.dmp family_blackmoon behavioral1/memory/2288-766-0x0000000000250000-0x0000000000285000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
Processes:
5djdj.exe3xlxxrx.exettbnhb.exedpppj.exefxlxlrl.exehntntt.exejdvvp.exeflfllll.exebttbtt.exe5vjpv.exe3rxxxxf.exehbnntt.exedvvdv.exe1frrxxf.exe7fxxffl.exedvpvd.exevpdjd.exerlfrxfr.exe3thttt.exepjvvj.exexrfrfxf.exehntthn.exeppddj.exefxrffrl.exerxflxrx.exe3ntbnb.exejvvpp.exebnbbhb.exevpvvd.exelfrxflx.exebbnhnh.exejpvvp.exepjpjv.exe5lxxflr.exe1tbttn.exenhnhhh.exevddpj.exefxlflfl.exelrfflfl.exebhnhtn.exedpdpv.exe3djjp.exe7lfxfxf.exebtnhtt.exe7hbhhb.exepdpvd.exefxlxrrx.exelfxxxxf.exe5ntnbh.exebbtnnb.exedvjjp.exefrffflx.exeffrfxrf.exethnnnn.exeppvdj.exe9jddj.exe3lrxxrx.exe7hthnh.exenbbbbh.exe9jpjj.exejvppj.exe1lfllxf.exehtbttb.exe9ntbhn.exepid process 2200 5djdj.exe 2220 3xlxxrx.exe 2228 ttbnhb.exe 2984 dpppj.exe 2700 fxlxlrl.exe 2640 hntntt.exe 2500 jdvvp.exe 2592 flfllll.exe 2628 bttbtt.exe 2508 5vjpv.exe 2948 3rxxxxf.exe 340 hbnntt.exe 2796 dvvdv.exe 2420 1frrxxf.exe 2376 7fxxffl.exe 2144 dvpvd.exe 912 vpdjd.exe 2412 rlfrxfr.exe 2800 3thttt.exe 1904 pjvvj.exe 2904 xrfrfxf.exe 2256 hntthn.exe 2000 ppddj.exe 2280 fxrffrl.exe 1464 rxflxrx.exe 1716 3ntbnb.exe 1352 jvvpp.exe 2196 bnbbhb.exe 2872 vpvvd.exe 2364 lfrxflx.exe 2040 bbnhnh.exe 2972 jpvvp.exe 2840 pjpjv.exe 2052 5lxxflr.exe 1688 1tbttn.exe 1692 nhnhhh.exe 2220 vddpj.exe 2676 fxlflfl.exe 1780 lrfflfl.exe 2984 bhnhtn.exe 2620 dpdpv.exe 2696 3djjp.exe 2616 7lfxfxf.exe 2300 btnhtt.exe 2580 7hbhhb.exe 2744 pdpvd.exe 2628 fxlxrrx.exe 2924 lfxxxxf.exe 2932 5ntnbh.exe 2552 bbtnnb.exe 2372 dvjjp.exe 620 frffflx.exe 804 ffrfxrf.exe 876 thnnnn.exe 2376 ppvdj.exe 2296 9jddj.exe 1556 3lrxxrx.exe 852 7hthnh.exe 1300 nbbbbh.exe 848 9jpjj.exe 2816 jvppj.exe 320 1lfllxf.exe 2904 htbttb.exe 1764 9ntbhn.exe -
Processes:
resource yara_rule behavioral1/memory/1916-0-0x0000000000400000-0x0000000000435000-memory.dmp upx C:\5djdj.exe upx behavioral1/memory/2200-9-0x0000000000400000-0x0000000000435000-memory.dmp upx \??\c:\3xlxxrx.exe upx behavioral1/memory/2220-19-0x0000000000400000-0x0000000000435000-memory.dmp upx \??\c:\ttbnhb.exe upx behavioral1/memory/2228-28-0x0000000000400000-0x0000000000435000-memory.dmp upx C:\dpppj.exe upx behavioral1/memory/2984-38-0x0000000000400000-0x0000000000435000-memory.dmp upx behavioral1/memory/2700-45-0x0000000000400000-0x0000000000435000-memory.dmp upx C:\fxlxlrl.exe upx C:\hntntt.exe upx behavioral1/memory/2640-56-0x0000000000400000-0x0000000000435000-memory.dmp upx behavioral1/memory/2700-54-0x0000000000400000-0x0000000000435000-memory.dmp upx C:\jdvvp.exe upx \??\c:\flfllll.exe upx behavioral1/memory/2500-72-0x0000000000400000-0x0000000000435000-memory.dmp upx C:\bttbtt.exe upx behavioral1/memory/2592-80-0x0000000000400000-0x0000000000435000-memory.dmp upx behavioral1/memory/2508-90-0x0000000000400000-0x0000000000435000-memory.dmp upx behavioral1/memory/2628-89-0x0000000000400000-0x0000000000435000-memory.dmp upx C:\5vjpv.exe upx C:\3rxxxxf.exe upx behavioral1/memory/2508-99-0x0000000000400000-0x0000000000435000-memory.dmp upx behavioral1/memory/2948-100-0x0000000000400000-0x0000000000435000-memory.dmp upx \??\c:\hbnntt.exe upx behavioral1/memory/2948-109-0x0000000000400000-0x0000000000435000-memory.dmp upx behavioral1/memory/340-112-0x0000000000400000-0x0000000000435000-memory.dmp upx C:\dvvdv.exe upx C:\1frrxxf.exe upx C:\7fxxffl.exe upx behavioral1/memory/2376-135-0x0000000000400000-0x0000000000435000-memory.dmp upx C:\dvpvd.exe upx behavioral1/memory/2144-147-0x0000000000400000-0x0000000000435000-memory.dmp upx behavioral1/memory/2376-144-0x0000000000400000-0x0000000000435000-memory.dmp upx C:\vpdjd.exe upx behavioral1/memory/912-154-0x0000000000400000-0x0000000000435000-memory.dmp upx C:\rlfrxfr.exe upx C:\3thttt.exe upx behavioral1/memory/2800-171-0x0000000000400000-0x0000000000435000-memory.dmp upx C:\pjvvj.exe upx C:\xrfrfxf.exe upx behavioral1/memory/1904-187-0x0000000000400000-0x0000000000435000-memory.dmp upx C:\hntthn.exe upx C:\ppddj.exe upx behavioral1/memory/2000-205-0x0000000000400000-0x0000000000435000-memory.dmp upx C:\fxrffrl.exe upx behavioral1/memory/2280-215-0x0000000000400000-0x0000000000435000-memory.dmp upx behavioral1/memory/2000-214-0x0000000000400000-0x0000000000435000-memory.dmp upx \??\c:\rxflxrx.exe upx C:\3ntbnb.exe upx behavioral1/memory/1716-233-0x0000000000400000-0x0000000000435000-memory.dmp upx C:\jvvpp.exe upx \??\c:\bnbbhb.exe upx behavioral1/memory/1352-250-0x0000000000400000-0x0000000000435000-memory.dmp upx behavioral1/memory/2196-258-0x0000000000400000-0x0000000000435000-memory.dmp upx C:\vpvvd.exe upx behavioral1/memory/2872-267-0x0000000000400000-0x0000000000435000-memory.dmp upx behavioral1/memory/2364-270-0x0000000000400000-0x0000000000435000-memory.dmp upx \??\c:\lfrxflx.exe upx C:\bbnhnh.exe upx C:\jpvvp.exe upx behavioral1/memory/2040-286-0x0000000000400000-0x0000000000435000-memory.dmp upx behavioral1/memory/2676-325-0x0000000000400000-0x0000000000435000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
4b8d4ddb2418257fec9a45aa19dbe1894a60551810053b3aea342dd62504b92e_NeikiAnalytics.exe5djdj.exe3xlxxrx.exettbnhb.exedpppj.exefxlxlrl.exehntntt.exejdvvp.exeflfllll.exebttbtt.exe5vjpv.exe3rxxxxf.exehbnntt.exedvvdv.exe1frrxxf.exe7fxxffl.exedescription pid process target process PID 1916 wrote to memory of 2200 1916 4b8d4ddb2418257fec9a45aa19dbe1894a60551810053b3aea342dd62504b92e_NeikiAnalytics.exe 5djdj.exe PID 1916 wrote to memory of 2200 1916 4b8d4ddb2418257fec9a45aa19dbe1894a60551810053b3aea342dd62504b92e_NeikiAnalytics.exe 5djdj.exe PID 1916 wrote to memory of 2200 1916 4b8d4ddb2418257fec9a45aa19dbe1894a60551810053b3aea342dd62504b92e_NeikiAnalytics.exe 5djdj.exe PID 1916 wrote to memory of 2200 1916 4b8d4ddb2418257fec9a45aa19dbe1894a60551810053b3aea342dd62504b92e_NeikiAnalytics.exe 5djdj.exe PID 2200 wrote to memory of 2220 2200 5djdj.exe 3xlxxrx.exe PID 2200 wrote to memory of 2220 2200 5djdj.exe 3xlxxrx.exe PID 2200 wrote to memory of 2220 2200 5djdj.exe 3xlxxrx.exe PID 2200 wrote to memory of 2220 2200 5djdj.exe 3xlxxrx.exe PID 2220 wrote to memory of 2228 2220 3xlxxrx.exe ttbnhb.exe PID 2220 wrote to memory of 2228 2220 3xlxxrx.exe ttbnhb.exe PID 2220 wrote to memory of 2228 2220 3xlxxrx.exe ttbnhb.exe PID 2220 wrote to memory of 2228 2220 3xlxxrx.exe ttbnhb.exe PID 2228 wrote to memory of 2984 2228 ttbnhb.exe dpppj.exe PID 2228 wrote to memory of 2984 2228 ttbnhb.exe dpppj.exe PID 2228 wrote to memory of 2984 2228 ttbnhb.exe dpppj.exe PID 2228 wrote to memory of 2984 2228 ttbnhb.exe dpppj.exe PID 2984 wrote to memory of 2700 2984 dpppj.exe fxlxlrl.exe PID 2984 wrote to memory of 2700 2984 dpppj.exe fxlxlrl.exe PID 2984 wrote to memory of 2700 2984 dpppj.exe fxlxlrl.exe PID 2984 wrote to memory of 2700 2984 dpppj.exe fxlxlrl.exe PID 2700 wrote to memory of 2640 2700 fxlxlrl.exe hntntt.exe PID 2700 wrote to memory of 2640 2700 fxlxlrl.exe hntntt.exe PID 2700 wrote to memory of 2640 2700 fxlxlrl.exe hntntt.exe PID 2700 wrote to memory of 2640 2700 fxlxlrl.exe hntntt.exe PID 2640 wrote to memory of 2500 2640 hntntt.exe jdvvp.exe PID 2640 wrote to memory of 2500 2640 hntntt.exe jdvvp.exe PID 2640 wrote to memory of 2500 2640 hntntt.exe jdvvp.exe PID 2640 wrote to memory of 2500 2640 hntntt.exe jdvvp.exe PID 2500 wrote to memory of 2592 2500 jdvvp.exe flfllll.exe PID 2500 wrote to memory of 2592 2500 jdvvp.exe flfllll.exe PID 2500 wrote to memory of 2592 2500 jdvvp.exe flfllll.exe PID 2500 wrote to memory of 2592 2500 jdvvp.exe flfllll.exe PID 2592 wrote to memory of 2628 2592 flfllll.exe bttbtt.exe PID 2592 wrote to memory of 2628 2592 flfllll.exe bttbtt.exe PID 2592 wrote to memory of 2628 2592 flfllll.exe bttbtt.exe PID 2592 wrote to memory of 2628 2592 flfllll.exe bttbtt.exe PID 2628 wrote to memory of 2508 2628 bttbtt.exe 5vjpv.exe PID 2628 wrote to memory of 2508 2628 bttbtt.exe 5vjpv.exe PID 2628 wrote to memory of 2508 2628 bttbtt.exe 5vjpv.exe PID 2628 wrote to memory of 2508 2628 bttbtt.exe 5vjpv.exe PID 2508 wrote to memory of 2948 2508 5vjpv.exe 3rxxxxf.exe PID 2508 wrote to memory of 2948 2508 5vjpv.exe 3rxxxxf.exe PID 2508 wrote to memory of 2948 2508 5vjpv.exe 3rxxxxf.exe PID 2508 wrote to memory of 2948 2508 5vjpv.exe 3rxxxxf.exe PID 2948 wrote to memory of 340 2948 3rxxxxf.exe hbnntt.exe PID 2948 wrote to memory of 340 2948 3rxxxxf.exe hbnntt.exe PID 2948 wrote to memory of 340 2948 3rxxxxf.exe hbnntt.exe PID 2948 wrote to memory of 340 2948 3rxxxxf.exe hbnntt.exe PID 340 wrote to memory of 2796 340 hbnntt.exe dvvdv.exe PID 340 wrote to memory of 2796 340 hbnntt.exe dvvdv.exe PID 340 wrote to memory of 2796 340 hbnntt.exe dvvdv.exe PID 340 wrote to memory of 2796 340 hbnntt.exe dvvdv.exe PID 2796 wrote to memory of 2420 2796 dvvdv.exe 1frrxxf.exe PID 2796 wrote to memory of 2420 2796 dvvdv.exe 1frrxxf.exe PID 2796 wrote to memory of 2420 2796 dvvdv.exe 1frrxxf.exe PID 2796 wrote to memory of 2420 2796 dvvdv.exe 1frrxxf.exe PID 2420 wrote to memory of 2376 2420 1frrxxf.exe 7fxxffl.exe PID 2420 wrote to memory of 2376 2420 1frrxxf.exe 7fxxffl.exe PID 2420 wrote to memory of 2376 2420 1frrxxf.exe 7fxxffl.exe PID 2420 wrote to memory of 2376 2420 1frrxxf.exe 7fxxffl.exe PID 2376 wrote to memory of 2144 2376 7fxxffl.exe dvpvd.exe PID 2376 wrote to memory of 2144 2376 7fxxffl.exe dvpvd.exe PID 2376 wrote to memory of 2144 2376 7fxxffl.exe dvpvd.exe PID 2376 wrote to memory of 2144 2376 7fxxffl.exe dvpvd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\4b8d4ddb2418257fec9a45aa19dbe1894a60551810053b3aea342dd62504b92e_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\4b8d4ddb2418257fec9a45aa19dbe1894a60551810053b3aea342dd62504b92e_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1916 -
\??\c:\5djdj.exec:\5djdj.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2200 -
\??\c:\3xlxxrx.exec:\3xlxxrx.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2220 -
\??\c:\ttbnhb.exec:\ttbnhb.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2228 -
\??\c:\dpppj.exec:\dpppj.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2984 -
\??\c:\fxlxlrl.exec:\fxlxlrl.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2700 -
\??\c:\hntntt.exec:\hntntt.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2640 -
\??\c:\jdvvp.exec:\jdvvp.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2500 -
\??\c:\flfllll.exec:\flfllll.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2592 -
\??\c:\bttbtt.exec:\bttbtt.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2628 -
\??\c:\5vjpv.exec:\5vjpv.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2508 -
\??\c:\3rxxxxf.exec:\3rxxxxf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2948 -
\??\c:\hbnntt.exec:\hbnntt.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:340 -
\??\c:\dvvdv.exec:\dvvdv.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2796 -
\??\c:\1frrxxf.exec:\1frrxxf.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2420 -
\??\c:\7fxxffl.exec:\7fxxffl.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2376 -
\??\c:\dvpvd.exec:\dvpvd.exe17⤵
- Executes dropped EXE
PID:2144 -
\??\c:\vpdjd.exec:\vpdjd.exe18⤵
- Executes dropped EXE
PID:912 -
\??\c:\rlfrxfr.exec:\rlfrxfr.exe19⤵
- Executes dropped EXE
PID:2412 -
\??\c:\3thttt.exec:\3thttt.exe20⤵
- Executes dropped EXE
PID:2800 -
\??\c:\pjvvj.exec:\pjvvj.exe21⤵
- Executes dropped EXE
PID:1904 -
\??\c:\xrfrfxf.exec:\xrfrfxf.exe22⤵
- Executes dropped EXE
PID:2904 -
\??\c:\hntthn.exec:\hntthn.exe23⤵
- Executes dropped EXE
PID:2256 -
\??\c:\ppddj.exec:\ppddj.exe24⤵
- Executes dropped EXE
PID:2000 -
\??\c:\fxrffrl.exec:\fxrffrl.exe25⤵
- Executes dropped EXE
PID:2280 -
\??\c:\rxflxrx.exec:\rxflxrx.exe26⤵
- Executes dropped EXE
PID:1464 -
\??\c:\3ntbnb.exec:\3ntbnb.exe27⤵
- Executes dropped EXE
PID:1716 -
\??\c:\jvvpp.exec:\jvvpp.exe28⤵
- Executes dropped EXE
PID:1352 -
\??\c:\bnbbhb.exec:\bnbbhb.exe29⤵
- Executes dropped EXE
PID:2196 -
\??\c:\vpvvd.exec:\vpvvd.exe30⤵
- Executes dropped EXE
PID:2872 -
\??\c:\lfrxflx.exec:\lfrxflx.exe31⤵
- Executes dropped EXE
PID:2364 -
\??\c:\bbnhnh.exec:\bbnhnh.exe32⤵
- Executes dropped EXE
PID:2040 -
\??\c:\jpvvp.exec:\jpvvp.exe33⤵
- Executes dropped EXE
PID:2972 -
\??\c:\pjpjv.exec:\pjpjv.exe34⤵
- Executes dropped EXE
PID:2840 -
\??\c:\5lxxflr.exec:\5lxxflr.exe35⤵
- Executes dropped EXE
PID:2052 -
\??\c:\1tbttn.exec:\1tbttn.exe36⤵
- Executes dropped EXE
PID:1688 -
\??\c:\nhnhhh.exec:\nhnhhh.exe37⤵
- Executes dropped EXE
PID:1692 -
\??\c:\vddpj.exec:\vddpj.exe38⤵
- Executes dropped EXE
PID:2220 -
\??\c:\fxlflfl.exec:\fxlflfl.exe39⤵
- Executes dropped EXE
PID:2676 -
\??\c:\lrfflfl.exec:\lrfflfl.exe40⤵
- Executes dropped EXE
PID:1780 -
\??\c:\bhnhtn.exec:\bhnhtn.exe41⤵
- Executes dropped EXE
PID:2984 -
\??\c:\dpdpv.exec:\dpdpv.exe42⤵
- Executes dropped EXE
PID:2620 -
\??\c:\3djjp.exec:\3djjp.exe43⤵
- Executes dropped EXE
PID:2696 -
\??\c:\7lfxfxf.exec:\7lfxfxf.exe44⤵
- Executes dropped EXE
PID:2616 -
\??\c:\btnhtt.exec:\btnhtt.exe45⤵
- Executes dropped EXE
PID:2300 -
\??\c:\7hbhhb.exec:\7hbhhb.exe46⤵
- Executes dropped EXE
PID:2580 -
\??\c:\pdpvd.exec:\pdpvd.exe47⤵
- Executes dropped EXE
PID:2744 -
\??\c:\fxlxrrx.exec:\fxlxrrx.exe48⤵
- Executes dropped EXE
PID:2628 -
\??\c:\lfxxxxf.exec:\lfxxxxf.exe49⤵
- Executes dropped EXE
PID:2924 -
\??\c:\5ntnbh.exec:\5ntnbh.exe50⤵
- Executes dropped EXE
PID:2932 -
\??\c:\bbtnnb.exec:\bbtnnb.exe51⤵
- Executes dropped EXE
PID:2552 -
\??\c:\dvjjp.exec:\dvjjp.exe52⤵
- Executes dropped EXE
PID:2372 -
\??\c:\frffflx.exec:\frffflx.exe53⤵
- Executes dropped EXE
PID:620 -
\??\c:\ffrfxrf.exec:\ffrfxrf.exe54⤵
- Executes dropped EXE
PID:804 -
\??\c:\thnnnn.exec:\thnnnn.exe55⤵
- Executes dropped EXE
PID:876 -
\??\c:\ppvdj.exec:\ppvdj.exe56⤵
- Executes dropped EXE
PID:2376 -
\??\c:\9jddj.exec:\9jddj.exe57⤵
- Executes dropped EXE
PID:2296 -
\??\c:\3lrxxrx.exec:\3lrxxrx.exe58⤵
- Executes dropped EXE
PID:1556 -
\??\c:\7hthnh.exec:\7hthnh.exe59⤵
- Executes dropped EXE
PID:852 -
\??\c:\nbbbbh.exec:\nbbbbh.exe60⤵
- Executes dropped EXE
PID:1300 -
\??\c:\9jpjj.exec:\9jpjj.exe61⤵
- Executes dropped EXE
PID:848 -
\??\c:\jvppj.exec:\jvppj.exe62⤵
- Executes dropped EXE
PID:2816 -
\??\c:\1lfllxf.exec:\1lfllxf.exe63⤵
- Executes dropped EXE
PID:320 -
\??\c:\htbttb.exec:\htbttb.exe64⤵
- Executes dropped EXE
PID:2904 -
\??\c:\9ntbhn.exec:\9ntbhn.exe65⤵
- Executes dropped EXE
PID:1764 -
\??\c:\jvvpj.exec:\jvvpj.exe66⤵PID:1992
-
\??\c:\fxxxfff.exec:\fxxxfff.exe67⤵PID:2588
-
\??\c:\xfffxxf.exec:\xfffxxf.exe68⤵PID:2864
-
\??\c:\btnnbb.exec:\btnnbb.exe69⤵PID:1520
-
\??\c:\1thhtt.exec:\1thhtt.exe70⤵PID:1012
-
\??\c:\jdvvj.exec:\jdvvj.exe71⤵PID:1652
-
\??\c:\lxllrxf.exec:\lxllrxf.exe72⤵PID:1308
-
\??\c:\5ntbtt.exec:\5ntbtt.exe73⤵PID:2184
-
\??\c:\hbtnbh.exec:\hbtnbh.exe74⤵PID:1908
-
\??\c:\jpvdp.exec:\jpvdp.exe75⤵PID:1132
-
\??\c:\xrlrxfr.exec:\xrlrxfr.exe76⤵PID:2204
-
\??\c:\fxfxffr.exec:\fxfxffr.exe77⤵PID:1712
-
\??\c:\3thbnh.exec:\3thbnh.exe78⤵PID:2036
-
\??\c:\bthbbh.exec:\bthbbh.exe79⤵PID:2852
-
\??\c:\jdvdd.exec:\jdvdd.exe80⤵PID:2052
-
\??\c:\rfrrfxx.exec:\rfrrfxx.exe81⤵PID:2200
-
\??\c:\xrlrrrx.exec:\xrlrrrx.exe82⤵PID:1692
-
\??\c:\3bbbnh.exec:\3bbbnh.exe83⤵PID:2988
-
\??\c:\1nbhnn.exec:\1nbhnn.exe84⤵PID:2760
-
\??\c:\5vppp.exec:\5vppp.exe85⤵PID:2228
-
\??\c:\vjppd.exec:\vjppd.exe86⤵PID:2984
-
\??\c:\rfrrrrx.exec:\rfrrrrx.exe87⤵PID:2620
-
\??\c:\nbhbbh.exec:\nbhbbh.exe88⤵PID:2724
-
\??\c:\htbbnn.exec:\htbbnn.exe89⤵PID:2640
-
\??\c:\jvppp.exec:\jvppp.exe90⤵PID:2520
-
\??\c:\dvpvp.exec:\dvpvp.exe91⤵PID:2548
-
\??\c:\frlflfl.exec:\frlflfl.exe92⤵PID:2396
-
\??\c:\hbhnnn.exec:\hbhnnn.exe93⤵PID:2628
-
\??\c:\jvjdv.exec:\jvjdv.exe94⤵PID:1704
-
\??\c:\dvvdp.exec:\dvvdp.exe95⤵PID:2932
-
\??\c:\xllfflx.exec:\xllfflx.exe96⤵PID:2804
-
\??\c:\hbnthh.exec:\hbnthh.exe97⤵PID:2468
-
\??\c:\5nntnh.exec:\5nntnh.exe98⤵PID:620
-
\??\c:\1pdvp.exec:\1pdvp.exe99⤵PID:804
-
\??\c:\9jdjp.exec:\9jdjp.exe100⤵PID:876
-
\??\c:\xxxrrlx.exec:\xxxrrlx.exe101⤵PID:1980
-
\??\c:\bnnhhb.exec:\bnnhhb.exe102⤵PID:2296
-
\??\c:\nbnhnh.exec:\nbnhnh.exe103⤵PID:1292
-
\??\c:\9djdd.exec:\9djdd.exe104⤵PID:1304
-
\??\c:\pdjdd.exec:\pdjdd.exe105⤵PID:2532
-
\??\c:\flffxfr.exec:\flffxfr.exe106⤵PID:2800
-
\??\c:\htttbb.exec:\htttbb.exe107⤵PID:2288
-
\??\c:\hbtbhn.exec:\hbtbhn.exe108⤵PID:320
-
\??\c:\9vvdv.exec:\9vvdv.exe109⤵PID:788
-
\??\c:\pdvdv.exec:\pdvdv.exe110⤵PID:1764
-
\??\c:\rflrrll.exec:\rflrrll.exe111⤵PID:1992
-
\??\c:\nbhhhn.exec:\nbhhhn.exe112⤵PID:1092
-
\??\c:\3nbbhh.exec:\3nbbhh.exe113⤵PID:2472
-
\??\c:\1vjjj.exec:\1vjjj.exe114⤵PID:1756
-
\??\c:\ddjjp.exec:\ddjjp.exe115⤵PID:2252
-
\??\c:\5rflxxf.exec:\5rflxxf.exe116⤵PID:1352
-
\??\c:\nhbnnn.exec:\nhbnnn.exe117⤵PID:316
-
\??\c:\3tbbtb.exec:\3tbbtb.exe118⤵PID:1044
-
\??\c:\jdvpv.exec:\jdvpv.exe119⤵PID:2872
-
\??\c:\7pdvd.exec:\7pdvd.exe120⤵PID:2364
-
\??\c:\5rlxxxf.exec:\5rlxxxf.exe121⤵PID:2040
-
\??\c:\1tbbnb.exec:\1tbbnb.exe122⤵PID:2972
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-