Analysis
-
max time kernel
150s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
21-06-2024 06:59
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
4c20d4407364090d3a90f9019c4d43ec8d38020ad476fd3e3e9aaf801f3a9dc9_NeikiAnalytics.exe
Resource
win7-20240611-en
5 signatures
150 seconds
General
-
Target
4c20d4407364090d3a90f9019c4d43ec8d38020ad476fd3e3e9aaf801f3a9dc9_NeikiAnalytics.exe
-
Size
83KB
-
MD5
34680cf08293ea8697505d8d7ceb3d80
-
SHA1
0a8665164ec7a3a38f20024adde1fe9b821cee26
-
SHA256
4c20d4407364090d3a90f9019c4d43ec8d38020ad476fd3e3e9aaf801f3a9dc9
-
SHA512
1d689c518ec96cd61f2e267c5416cfb12d9d22c6d6e26c66107fdcece07dc5e36f529f09e11d30d56e0bca046b4d41d2f00bebd4a17f0940efda2f065bb96f92
-
SSDEEP
1536:9Q8hoOAesfYvcyjfS3H9yl8Q1pmdBcxedLxNDoAXPfgr2hKmdbcPi2vP:ymb3NkkiQ3mdBjFo6Pfgy3dbc/P
Malware Config
Signatures
-
Detect Blackmoon payload 26 IoCs
Processes:
resource yara_rule behavioral1/memory/2960-3-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2960-10-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2576-25-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2968-20-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2968-19-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2912-35-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/3028-44-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2516-69-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2516-76-0x0000000000401000-0x0000000000427000-memory.dmp family_blackmoon behavioral1/memory/2868-63-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2540-89-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1500-116-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2816-126-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2848-134-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/388-152-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2768-161-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1484-170-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2164-188-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2908-197-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2160-206-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1836-216-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/772-224-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1628-242-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/1436-260-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/3044-278-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon behavioral1/memory/2392-305-0x0000000000400000-0x0000000000429000-memory.dmp family_blackmoon -
Executes dropped EXE 64 IoCs
Processes:
lrprr.exebnffbj.exefpfnj.exextdtjv.exexbbtp.exednrrrj.exernjnrjb.exetjjjr.exebdbbfn.exebdbvx.exedjlrtxf.exetvpbbv.exefbjtrb.exethnpnhv.exelvvvx.exehftbnn.exevvjbj.exebjxnhnn.exevjxlx.exeplnvxf.exejpbdv.exepdrrrvf.exenvxbbd.exepnnhdpx.exexlvjfhv.exerpddrd.exejjnrpb.exedvxvth.exedtbbtx.exejxpjllh.exejjrlrfr.exejfhvd.exelvllb.exejtbxx.exehprdblr.exelnjjjnf.exetnpftvr.exehllhnvl.exeplnvrl.exexvnpj.exehvpplvh.exelhnxffl.exevxxfn.exevxhfjb.exeplbprr.exedlpdt.exetdnprdf.exelrnvl.exetpthjrx.exehxlrnpb.exepflbj.exetpllfbb.exenbbrln.exerxvhlfh.exepdhdxj.exedbxnjdf.exevdrvnn.exefjdhj.exednbrt.exebfvhl.exebjjbp.exehprxxvh.exexljhf.exebbrrfr.exepid process 2968 lrprr.exe 2576 bnffbj.exe 2912 fpfnj.exe 3028 xtdtjv.exe 2868 xbbtp.exe 2516 dnrrrj.exe 2540 rnjnrjb.exe 788 tjjjr.exe 2380 bdbbfn.exe 1500 bdbvx.exe 2816 djlrtxf.exe 2848 tvpbbv.exe 1932 fbjtrb.exe 388 thnpnhv.exe 2768 lvvvx.exe 1484 hftbnn.exe 1272 vvjbj.exe 2164 bjxnhnn.exe 2908 vjxlx.exe 2160 plnvxf.exe 1836 jpbdv.exe 772 pdrrrvf.exe 1992 nvxbbd.exe 1628 pnnhdpx.exe 1340 xlvjfhv.exe 1436 rpddrd.exe 336 jjnrpb.exe 3044 dvxvth.exe 2292 dtbbtx.exe 2032 jxpjllh.exe 2392 jjrlrfr.exe 1984 jfhvd.exe 2964 lvllb.exe 2612 jtbxx.exe 1188 hprdblr.exe 1584 lnjjjnf.exe 2708 tnpftvr.exe 2672 hllhnvl.exe 2476 plnvrl.exe 1292 xvnpj.exe 2664 hvpplvh.exe 2500 lhnxffl.exe 2488 vxxfn.exe 2984 vxhfjb.exe 464 plbprr.exe 576 dlpdt.exe 1492 tdnprdf.exe 2796 lrnvl.exe 2800 tpthjrx.exe 2752 hxlrnpb.exe 2508 pflbj.exe 2232 tpllfbb.exe 2788 nbbrln.exe 2756 rxvhlfh.exe 1552 pdhdxj.exe 2004 dbxnjdf.exe 1772 vdrvnn.exe 2928 fjdhj.exe 2316 dnbrt.exe 1268 bfvhl.exe 2124 bjjbp.exe 2236 hprxxvh.exe 1752 xljhf.exe 1880 bbrrfr.exe -
Processes:
resource yara_rule behavioral1/memory/2960-3-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2960-10-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2576-25-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2968-19-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2912-35-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/3028-44-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2868-56-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2868-54-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2868-53-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2516-67-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2516-69-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2868-63-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2540-80-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2540-79-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/788-92-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2540-89-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1500-116-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2816-126-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2848-134-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/388-152-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2768-161-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1484-170-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2164-188-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2908-197-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2160-206-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1836-216-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/772-224-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1628-242-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/1436-260-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/3044-278-0x0000000000400000-0x0000000000429000-memory.dmp upx behavioral1/memory/2392-305-0x0000000000400000-0x0000000000429000-memory.dmp upx -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
4c20d4407364090d3a90f9019c4d43ec8d38020ad476fd3e3e9aaf801f3a9dc9_NeikiAnalytics.exelrprr.exebnffbj.exefpfnj.exextdtjv.exexbbtp.exednrrrj.exernjnrjb.exetjjjr.exebdbbfn.exebdbvx.exedjlrtxf.exetvpbbv.exefbjtrb.exethnpnhv.exelvvvx.exedescription pid process target process PID 2960 wrote to memory of 2968 2960 4c20d4407364090d3a90f9019c4d43ec8d38020ad476fd3e3e9aaf801f3a9dc9_NeikiAnalytics.exe lrprr.exe PID 2960 wrote to memory of 2968 2960 4c20d4407364090d3a90f9019c4d43ec8d38020ad476fd3e3e9aaf801f3a9dc9_NeikiAnalytics.exe lrprr.exe PID 2960 wrote to memory of 2968 2960 4c20d4407364090d3a90f9019c4d43ec8d38020ad476fd3e3e9aaf801f3a9dc9_NeikiAnalytics.exe lrprr.exe PID 2960 wrote to memory of 2968 2960 4c20d4407364090d3a90f9019c4d43ec8d38020ad476fd3e3e9aaf801f3a9dc9_NeikiAnalytics.exe lrprr.exe PID 2968 wrote to memory of 2576 2968 lrprr.exe bnffbj.exe PID 2968 wrote to memory of 2576 2968 lrprr.exe bnffbj.exe PID 2968 wrote to memory of 2576 2968 lrprr.exe bnffbj.exe PID 2968 wrote to memory of 2576 2968 lrprr.exe bnffbj.exe PID 2576 wrote to memory of 2912 2576 bnffbj.exe fpfnj.exe PID 2576 wrote to memory of 2912 2576 bnffbj.exe fpfnj.exe PID 2576 wrote to memory of 2912 2576 bnffbj.exe fpfnj.exe PID 2576 wrote to memory of 2912 2576 bnffbj.exe fpfnj.exe PID 2912 wrote to memory of 3028 2912 fpfnj.exe xtdtjv.exe PID 2912 wrote to memory of 3028 2912 fpfnj.exe xtdtjv.exe PID 2912 wrote to memory of 3028 2912 fpfnj.exe xtdtjv.exe PID 2912 wrote to memory of 3028 2912 fpfnj.exe xtdtjv.exe PID 3028 wrote to memory of 2868 3028 xtdtjv.exe xbbtp.exe PID 3028 wrote to memory of 2868 3028 xtdtjv.exe xbbtp.exe PID 3028 wrote to memory of 2868 3028 xtdtjv.exe xbbtp.exe PID 3028 wrote to memory of 2868 3028 xtdtjv.exe xbbtp.exe PID 2868 wrote to memory of 2516 2868 xbbtp.exe dnrrrj.exe PID 2868 wrote to memory of 2516 2868 xbbtp.exe dnrrrj.exe PID 2868 wrote to memory of 2516 2868 xbbtp.exe dnrrrj.exe PID 2868 wrote to memory of 2516 2868 xbbtp.exe dnrrrj.exe PID 2516 wrote to memory of 2540 2516 dnrrrj.exe rnjnrjb.exe PID 2516 wrote to memory of 2540 2516 dnrrrj.exe rnjnrjb.exe PID 2516 wrote to memory of 2540 2516 dnrrrj.exe rnjnrjb.exe PID 2516 wrote to memory of 2540 2516 dnrrrj.exe rnjnrjb.exe PID 2540 wrote to memory of 788 2540 rnjnrjb.exe tjjjr.exe PID 2540 wrote to memory of 788 2540 rnjnrjb.exe tjjjr.exe PID 2540 wrote to memory of 788 2540 rnjnrjb.exe tjjjr.exe PID 2540 wrote to memory of 788 2540 rnjnrjb.exe tjjjr.exe PID 788 wrote to memory of 2380 788 tjjjr.exe bdbbfn.exe PID 788 wrote to memory of 2380 788 tjjjr.exe bdbbfn.exe PID 788 wrote to memory of 2380 788 tjjjr.exe bdbbfn.exe PID 788 wrote to memory of 2380 788 tjjjr.exe bdbbfn.exe PID 2380 wrote to memory of 1500 2380 bdbbfn.exe bdbvx.exe PID 2380 wrote to memory of 1500 2380 bdbbfn.exe bdbvx.exe PID 2380 wrote to memory of 1500 2380 bdbbfn.exe bdbvx.exe PID 2380 wrote to memory of 1500 2380 bdbbfn.exe bdbvx.exe PID 1500 wrote to memory of 2816 1500 bdbvx.exe djlrtxf.exe PID 1500 wrote to memory of 2816 1500 bdbvx.exe djlrtxf.exe PID 1500 wrote to memory of 2816 1500 bdbvx.exe djlrtxf.exe PID 1500 wrote to memory of 2816 1500 bdbvx.exe djlrtxf.exe PID 2816 wrote to memory of 2848 2816 djlrtxf.exe tvpbbv.exe PID 2816 wrote to memory of 2848 2816 djlrtxf.exe tvpbbv.exe PID 2816 wrote to memory of 2848 2816 djlrtxf.exe tvpbbv.exe PID 2816 wrote to memory of 2848 2816 djlrtxf.exe tvpbbv.exe PID 2848 wrote to memory of 1932 2848 tvpbbv.exe fbjtrb.exe PID 2848 wrote to memory of 1932 2848 tvpbbv.exe fbjtrb.exe PID 2848 wrote to memory of 1932 2848 tvpbbv.exe fbjtrb.exe PID 2848 wrote to memory of 1932 2848 tvpbbv.exe fbjtrb.exe PID 1932 wrote to memory of 388 1932 fbjtrb.exe thnpnhv.exe PID 1932 wrote to memory of 388 1932 fbjtrb.exe thnpnhv.exe PID 1932 wrote to memory of 388 1932 fbjtrb.exe thnpnhv.exe PID 1932 wrote to memory of 388 1932 fbjtrb.exe thnpnhv.exe PID 388 wrote to memory of 2768 388 thnpnhv.exe lvvvx.exe PID 388 wrote to memory of 2768 388 thnpnhv.exe lvvvx.exe PID 388 wrote to memory of 2768 388 thnpnhv.exe lvvvx.exe PID 388 wrote to memory of 2768 388 thnpnhv.exe lvvvx.exe PID 2768 wrote to memory of 1484 2768 lvvvx.exe hftbnn.exe PID 2768 wrote to memory of 1484 2768 lvvvx.exe hftbnn.exe PID 2768 wrote to memory of 1484 2768 lvvvx.exe hftbnn.exe PID 2768 wrote to memory of 1484 2768 lvvvx.exe hftbnn.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\4c20d4407364090d3a90f9019c4d43ec8d38020ad476fd3e3e9aaf801f3a9dc9_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\4c20d4407364090d3a90f9019c4d43ec8d38020ad476fd3e3e9aaf801f3a9dc9_NeikiAnalytics.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2960 -
\??\c:\lrprr.exec:\lrprr.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2968 -
\??\c:\bnffbj.exec:\bnffbj.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2576 -
\??\c:\fpfnj.exec:\fpfnj.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2912 -
\??\c:\xtdtjv.exec:\xtdtjv.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3028 -
\??\c:\xbbtp.exec:\xbbtp.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2868 -
\??\c:\dnrrrj.exec:\dnrrrj.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2516 -
\??\c:\rnjnrjb.exec:\rnjnrjb.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2540 -
\??\c:\tjjjr.exec:\tjjjr.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:788 -
\??\c:\bdbbfn.exec:\bdbbfn.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2380 -
\??\c:\bdbvx.exec:\bdbvx.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1500 -
\??\c:\djlrtxf.exec:\djlrtxf.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2816 -
\??\c:\tvpbbv.exec:\tvpbbv.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2848 -
\??\c:\fbjtrb.exec:\fbjtrb.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1932 -
\??\c:\thnpnhv.exec:\thnpnhv.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:388 -
\??\c:\lvvvx.exec:\lvvvx.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2768 -
\??\c:\hftbnn.exec:\hftbnn.exe17⤵
- Executes dropped EXE
PID:1484 -
\??\c:\vvjbj.exec:\vvjbj.exe18⤵
- Executes dropped EXE
PID:1272 -
\??\c:\bjxnhnn.exec:\bjxnhnn.exe19⤵
- Executes dropped EXE
PID:2164 -
\??\c:\vjxlx.exec:\vjxlx.exe20⤵
- Executes dropped EXE
PID:2908 -
\??\c:\plnvxf.exec:\plnvxf.exe21⤵
- Executes dropped EXE
PID:2160 -
\??\c:\jpbdv.exec:\jpbdv.exe22⤵
- Executes dropped EXE
PID:1836 -
\??\c:\pdrrrvf.exec:\pdrrrvf.exe23⤵
- Executes dropped EXE
PID:772 -
\??\c:\nvxbbd.exec:\nvxbbd.exe24⤵
- Executes dropped EXE
PID:1992 -
\??\c:\pnnhdpx.exec:\pnnhdpx.exe25⤵
- Executes dropped EXE
PID:1628 -
\??\c:\xlvjfhv.exec:\xlvjfhv.exe26⤵
- Executes dropped EXE
PID:1340 -
\??\c:\rpddrd.exec:\rpddrd.exe27⤵
- Executes dropped EXE
PID:1436 -
\??\c:\jjnrpb.exec:\jjnrpb.exe28⤵
- Executes dropped EXE
PID:336 -
\??\c:\dvxvth.exec:\dvxvth.exe29⤵
- Executes dropped EXE
PID:3044 -
\??\c:\dtbbtx.exec:\dtbbtx.exe30⤵
- Executes dropped EXE
PID:2292 -
\??\c:\jxpjllh.exec:\jxpjllh.exe31⤵
- Executes dropped EXE
PID:2032 -
\??\c:\jjrlrfr.exec:\jjrlrfr.exe32⤵
- Executes dropped EXE
PID:2392 -
\??\c:\jfhvd.exec:\jfhvd.exe33⤵
- Executes dropped EXE
PID:1984 -
\??\c:\lvllb.exec:\lvllb.exe34⤵
- Executes dropped EXE
PID:2964 -
\??\c:\jtbxx.exec:\jtbxx.exe35⤵
- Executes dropped EXE
PID:2612 -
\??\c:\hprdblr.exec:\hprdblr.exe36⤵
- Executes dropped EXE
PID:1188 -
\??\c:\lnjjjnf.exec:\lnjjjnf.exe37⤵
- Executes dropped EXE
PID:1584 -
\??\c:\tnpftvr.exec:\tnpftvr.exe38⤵
- Executes dropped EXE
PID:2708 -
\??\c:\hllhnvl.exec:\hllhnvl.exe39⤵
- Executes dropped EXE
PID:2672 -
\??\c:\plnvrl.exec:\plnvrl.exe40⤵
- Executes dropped EXE
PID:2476 -
\??\c:\xvnpj.exec:\xvnpj.exe41⤵
- Executes dropped EXE
PID:1292 -
\??\c:\hvpplvh.exec:\hvpplvh.exe42⤵
- Executes dropped EXE
PID:2664 -
\??\c:\lhnxffl.exec:\lhnxffl.exe43⤵
- Executes dropped EXE
PID:2500 -
\??\c:\vxxfn.exec:\vxxfn.exe44⤵
- Executes dropped EXE
PID:2488 -
\??\c:\vxhfjb.exec:\vxhfjb.exe45⤵
- Executes dropped EXE
PID:2984 -
\??\c:\plbprr.exec:\plbprr.exe46⤵
- Executes dropped EXE
PID:464 -
\??\c:\dlpdt.exec:\dlpdt.exe47⤵
- Executes dropped EXE
PID:576 -
\??\c:\tdnprdf.exec:\tdnprdf.exe48⤵
- Executes dropped EXE
PID:1492 -
\??\c:\lrnvl.exec:\lrnvl.exe49⤵
- Executes dropped EXE
PID:2796 -
\??\c:\tpthjrx.exec:\tpthjrx.exe50⤵
- Executes dropped EXE
PID:2800 -
\??\c:\hxlrnpb.exec:\hxlrnpb.exe51⤵
- Executes dropped EXE
PID:2752 -
\??\c:\pflbj.exec:\pflbj.exe52⤵
- Executes dropped EXE
PID:2508 -
\??\c:\tpllfbb.exec:\tpllfbb.exe53⤵
- Executes dropped EXE
PID:2232 -
\??\c:\nbbrln.exec:\nbbrln.exe54⤵
- Executes dropped EXE
PID:2788 -
\??\c:\rxvhlfh.exec:\rxvhlfh.exe55⤵
- Executes dropped EXE
PID:2756 -
\??\c:\pdhdxj.exec:\pdhdxj.exe56⤵
- Executes dropped EXE
PID:1552 -
\??\c:\dbxnjdf.exec:\dbxnjdf.exe57⤵
- Executes dropped EXE
PID:2004 -
\??\c:\vdrvnn.exec:\vdrvnn.exe58⤵
- Executes dropped EXE
PID:1772 -
\??\c:\fjdhj.exec:\fjdhj.exe59⤵
- Executes dropped EXE
PID:2928 -
\??\c:\dnbrt.exec:\dnbrt.exe60⤵
- Executes dropped EXE
PID:2316 -
\??\c:\bfvhl.exec:\bfvhl.exe61⤵
- Executes dropped EXE
PID:1268 -
\??\c:\bjjbp.exec:\bjjbp.exe62⤵
- Executes dropped EXE
PID:2124 -
\??\c:\hprxxvh.exec:\hprxxvh.exe63⤵
- Executes dropped EXE
PID:2236 -
\??\c:\xljhf.exec:\xljhf.exe64⤵
- Executes dropped EXE
PID:1752 -
\??\c:\bbrrfr.exec:\bbrrfr.exe65⤵
- Executes dropped EXE
PID:1880 -
\??\c:\nxpblv.exec:\nxpblv.exe66⤵PID:960
-
\??\c:\nxxvdr.exec:\nxxvdr.exe67⤵PID:744
-
\??\c:\vpxvhp.exec:\vpxvhp.exe68⤵PID:2188
-
\??\c:\hjjdh.exec:\hjjdh.exe69⤵PID:1660
-
\??\c:\rvlbxbb.exec:\rvlbxbb.exe70⤵PID:884
-
\??\c:\tjlrdl.exec:\tjlrdl.exe71⤵PID:2216
-
\??\c:\ttnbf.exec:\ttnbf.exe72⤵PID:2892
-
\??\c:\trhjb.exec:\trhjb.exe73⤵PID:2220
-
\??\c:\rbxvr.exec:\rbxvr.exe74⤵PID:2196
-
\??\c:\fbxjrt.exec:\fbxjrt.exe75⤵PID:1520
-
\??\c:\hfdhr.exec:\hfdhr.exe76⤵PID:2656
-
\??\c:\jrfrxp.exec:\jrfrxp.exe77⤵PID:2404
-
\??\c:\vlxjb.exec:\vlxjb.exe78⤵PID:2560
-
\??\c:\jdrft.exec:\jdrft.exe79⤵PID:2608
-
\??\c:\vvrrd.exec:\vvrrd.exe80⤵PID:1692
-
\??\c:\rlptrh.exec:\rlptrh.exe81⤵PID:2600
-
\??\c:\rtbbjd.exec:\rtbbjd.exe82⤵PID:2652
-
\??\c:\fxjdh.exec:\fxjdh.exe83⤵PID:2660
-
\??\c:\llrtttp.exec:\llrtttp.exe84⤵PID:2640
-
\??\c:\jnxhhj.exec:\jnxhhj.exe85⤵PID:2468
-
\??\c:\rjfbl.exec:\rjfbl.exe86⤵PID:2972
-
\??\c:\hjjbprl.exec:\hjjbprl.exe87⤵PID:2736
-
\??\c:\lnvvflh.exec:\lnvvflh.exe88⤵PID:2540
-
\??\c:\hrlhnpv.exec:\hrlhnpv.exe89⤵PID:1236
-
\??\c:\fhlnj.exec:\fhlnj.exe90⤵PID:1960
-
\??\c:\bvpjdff.exec:\bvpjdff.exe91⤵PID:3008
-
\??\c:\jvvdp.exec:\jvvdp.exe92⤵PID:2828
-
\??\c:\pvrbtd.exec:\pvrbtd.exe93⤵PID:2820
-
\??\c:\ppfbj.exec:\ppfbj.exe94⤵PID:2848
-
\??\c:\vxrlvx.exec:\vxrlvx.exe95⤵PID:1788
-
\??\c:\dlfpd.exec:\dlfpd.exe96⤵PID:2384
-
\??\c:\pfflx.exec:\pfflx.exe97⤵PID:2320
-
\??\c:\lpbrfvf.exec:\lpbrfvf.exe98⤵PID:1512
-
\??\c:\ljnrrrb.exec:\ljnrrrb.exe99⤵PID:1428
-
\??\c:\blhpdv.exec:\blhpdv.exe100⤵PID:1744
-
\??\c:\ljfjtxp.exec:\ljfjtxp.exe101⤵PID:2648
-
\??\c:\fnvnl.exec:\fnvnl.exe102⤵PID:2924
-
\??\c:\hnjph.exec:\hnjph.exe103⤵PID:2428
-
\??\c:\ldbjr.exec:\ldbjr.exe104⤵PID:2264
-
\??\c:\dbtfrvh.exec:\dbtfrvh.exe105⤵PID:912
-
\??\c:\pdtbp.exec:\pdtbp.exe106⤵PID:3060
-
\??\c:\lfnlpt.exec:\lfnlpt.exe107⤵PID:772
-
\??\c:\xbxjpfv.exec:\xbxjpfv.exe108⤵PID:668
-
\??\c:\jpjddfh.exec:\jpjddfh.exe109⤵PID:1108
-
\??\c:\hjvff.exec:\hjvff.exe110⤵PID:1628
-
\??\c:\rnrfdfv.exec:\rnrfdfv.exe111⤵PID:1368
-
\??\c:\bxftb.exec:\bxftb.exe112⤵PID:1436
-
\??\c:\rvrjld.exec:\rvrjld.exe113⤵PID:2364
-
\??\c:\ttrffpb.exec:\ttrffpb.exe114⤵PID:1776
-
\??\c:\rfljbd.exec:\rfljbd.exe115⤵PID:1708
-
\??\c:\bjnrf.exec:\bjnrf.exe116⤵PID:340
-
\??\c:\ldhjjdf.exec:\ldhjjdf.exe117⤵PID:2296
-
\??\c:\xtphrxx.exec:\xtphrxx.exe118⤵PID:2552
-
\??\c:\rxjbvd.exec:\rxjbvd.exe119⤵PID:1000
-
\??\c:\hnpjn.exec:\hnpjn.exe120⤵PID:2024
-
\??\c:\lvfbjnd.exec:\lvfbjnd.exe121⤵PID:2668
-
\??\c:\ddlrft.exec:\ddlrft.exe122⤵PID:2744
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-