Analysis
-
max time kernel
64s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
-
submitted
09/05/2024, 15:49
General
-
Target
7b102e6a145bbf2ec1d025f9394b5670_NeikiAnalytics.exe
-
Size
1021KB
-
MD5
7b102e6a145bbf2ec1d025f9394b5670
-
SHA1
e5b2dc9a05506a11da37602f7f1d30e3ccbf15ea
-
SHA256
5d23bdba50759d46747a509b2ff8cac1a5307be98979276dedae5b27d7e50669
-
SHA512
17ca28ad228446cc3a1dbfb60ea941c4a8e329e48f2722b75abc9a1c65fb561a257280b06acca41ee57b448fe585c7eeb5e9e92fba15ea67088044eccf71381f
-
SSDEEP
24576:1qylFH50Dv6RwyeQvt6ot0h9HyrOgiruAUV:IylFHUv6ReIt0jSrOu
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7b102e6a145bbf2ec1d025f9394b5670_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\7b102e6a145bbf2ec1d025f9394b5670_NeikiAnalytics.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\80GAW.exe"C:\Users\Admin\AppData\Local\Temp\80GAW.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\862AA.exe"C:\Users\Admin\AppData\Local\Temp\862AA.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\X8A91.exe"C:\Users\Admin\AppData\Local\Temp\X8A91.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\BO47C.exe"C:\Users\Admin\AppData\Local\Temp\BO47C.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\D5093.exe"C:\Users\Admin\AppData\Local\Temp\D5093.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\LA737.exe"C:\Users\Admin\AppData\Local\Temp\LA737.exe"7⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\685J0.exe"C:\Users\Admin\AppData\Local\Temp\685J0.exe"8⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\9I929.exe"C:\Users\Admin\AppData\Local\Temp\9I929.exe"9⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\M56QG.exe"C:\Users\Admin\AppData\Local\Temp\M56QG.exe"10⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\AEOM6.exe"C:\Users\Admin\AppData\Local\Temp\AEOM6.exe"11⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\685RN.exe"C:\Users\Admin\AppData\Local\Temp\685RN.exe"12⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\8936E.exe"C:\Users\Admin\AppData\Local\Temp\8936E.exe"13⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\1T12O.exe"C:\Users\Admin\AppData\Local\Temp\1T12O.exe"14⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Q2401.exe"C:\Users\Admin\AppData\Local\Temp\Q2401.exe"15⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\MEALS.exe"C:\Users\Admin\AppData\Local\Temp\MEALS.exe"16⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\RM8OG.exe"C:\Users\Admin\AppData\Local\Temp\RM8OG.exe"17⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\2CL19.exe"C:\Users\Admin\AppData\Local\Temp\2CL19.exe"18⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\2Q9WN.exe"C:\Users\Admin\AppData\Local\Temp\2Q9WN.exe"19⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\20H85.exe"C:\Users\Admin\AppData\Local\Temp\20H85.exe"20⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\880EU.exe"C:\Users\Admin\AppData\Local\Temp\880EU.exe"21⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\BV79L.exe"C:\Users\Admin\AppData\Local\Temp\BV79L.exe"22⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\00805.exe"C:\Users\Admin\AppData\Local\Temp\00805.exe"23⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\3U4NG.exe"C:\Users\Admin\AppData\Local\Temp\3U4NG.exe"24⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\A156Q.exe"C:\Users\Admin\AppData\Local\Temp\A156Q.exe"25⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\0V8QV.exe"C:\Users\Admin\AppData\Local\Temp\0V8QV.exe"26⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\445W6.exe"C:\Users\Admin\AppData\Local\Temp\445W6.exe"27⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\EK8U2.exe"C:\Users\Admin\AppData\Local\Temp\EK8U2.exe"28⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\750HU.exe"C:\Users\Admin\AppData\Local\Temp\750HU.exe"29⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\TX3FQ.exe"C:\Users\Admin\AppData\Local\Temp\TX3FQ.exe"30⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\M5798.exe"C:\Users\Admin\AppData\Local\Temp\M5798.exe"31⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\655R3.exe"C:\Users\Admin\AppData\Local\Temp\655R3.exe"32⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\S2XFV.exe"C:\Users\Admin\AppData\Local\Temp\S2XFV.exe"33⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\1EL6A.exe"C:\Users\Admin\AppData\Local\Temp\1EL6A.exe"34⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\55166.exe"C:\Users\Admin\AppData\Local\Temp\55166.exe"35⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\XM9Y2.exe"C:\Users\Admin\AppData\Local\Temp\XM9Y2.exe"36⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\G904K.exe"C:\Users\Admin\AppData\Local\Temp\G904K.exe"37⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\RLW5B.exe"C:\Users\Admin\AppData\Local\Temp\RLW5B.exe"38⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\853Y0.exe"C:\Users\Admin\AppData\Local\Temp\853Y0.exe"39⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\XM115.exe"C:\Users\Admin\AppData\Local\Temp\XM115.exe"40⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\S5TC7.exe"C:\Users\Admin\AppData\Local\Temp\S5TC7.exe"41⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\6WKYX.exe"C:\Users\Admin\AppData\Local\Temp\6WKYX.exe"42⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\M5YOT.exe"C:\Users\Admin\AppData\Local\Temp\M5YOT.exe"43⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4T3M9.exe"C:\Users\Admin\AppData\Local\Temp\4T3M9.exe"44⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\529A7.exe"C:\Users\Admin\AppData\Local\Temp\529A7.exe"45⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\CHG4B.exe"C:\Users\Admin\AppData\Local\Temp\CHG4B.exe"46⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\9XCTF.exe"C:\Users\Admin\AppData\Local\Temp\9XCTF.exe"47⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\2P0Z8.exe"C:\Users\Admin\AppData\Local\Temp\2P0Z8.exe"48⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\I6315.exe"C:\Users\Admin\AppData\Local\Temp\I6315.exe"49⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\7XR1C.exe"C:\Users\Admin\AppData\Local\Temp\7XR1C.exe"50⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\2717B.exe"C:\Users\Admin\AppData\Local\Temp\2717B.exe"51⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\SR784.exe"C:\Users\Admin\AppData\Local\Temp\SR784.exe"52⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\678M0.exe"C:\Users\Admin\AppData\Local\Temp\678M0.exe"53⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\BO9JT.exe"C:\Users\Admin\AppData\Local\Temp\BO9JT.exe"54⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\IN6WZ.exe"C:\Users\Admin\AppData\Local\Temp\IN6WZ.exe"55⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\EK91J.exe"C:\Users\Admin\AppData\Local\Temp\EK91J.exe"56⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\70490.exe"C:\Users\Admin\AppData\Local\Temp\70490.exe"57⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\L1888.exe"C:\Users\Admin\AppData\Local\Temp\L1888.exe"58⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\P805R.exe"C:\Users\Admin\AppData\Local\Temp\P805R.exe"59⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\2523Y.exe"C:\Users\Admin\AppData\Local\Temp\2523Y.exe"60⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\X86OC.exe"C:\Users\Admin\AppData\Local\Temp\X86OC.exe"61⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5882E.exe"C:\Users\Admin\AppData\Local\Temp\5882E.exe"62⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\XK14I.exe"C:\Users\Admin\AppData\Local\Temp\XK14I.exe"63⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\0K8PR.exe"C:\Users\Admin\AppData\Local\Temp\0K8PR.exe"64⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\DSI02.exe"C:\Users\Admin\AppData\Local\Temp\DSI02.exe"65⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\068HW.exe"C:\Users\Admin\AppData\Local\Temp\068HW.exe"66⤵
-
C:\Users\Admin\AppData\Local\Temp\33YYL.exe"C:\Users\Admin\AppData\Local\Temp\33YYL.exe"67⤵
-
C:\Users\Admin\AppData\Local\Temp\0UYX6.exe"C:\Users\Admin\AppData\Local\Temp\0UYX6.exe"68⤵
-
C:\Users\Admin\AppData\Local\Temp\D03ZI.exe"C:\Users\Admin\AppData\Local\Temp\D03ZI.exe"69⤵
-
C:\Users\Admin\AppData\Local\Temp\83T87.exe"C:\Users\Admin\AppData\Local\Temp\83T87.exe"70⤵
-
C:\Users\Admin\AppData\Local\Temp\7074C.exe"C:\Users\Admin\AppData\Local\Temp\7074C.exe"71⤵
-
C:\Users\Admin\AppData\Local\Temp\A7SZU.exe"C:\Users\Admin\AppData\Local\Temp\A7SZU.exe"72⤵
-
C:\Users\Admin\AppData\Local\Temp\1K0L7.exe"C:\Users\Admin\AppData\Local\Temp\1K0L7.exe"73⤵
-
C:\Users\Admin\AppData\Local\Temp\844KP.exe"C:\Users\Admin\AppData\Local\Temp\844KP.exe"74⤵
-
C:\Users\Admin\AppData\Local\Temp\RE355.exe"C:\Users\Admin\AppData\Local\Temp\RE355.exe"75⤵
-
C:\Users\Admin\AppData\Local\Temp\898B6.exe"C:\Users\Admin\AppData\Local\Temp\898B6.exe"76⤵
-
C:\Users\Admin\AppData\Local\Temp\0QLC1.exe"C:\Users\Admin\AppData\Local\Temp\0QLC1.exe"77⤵
-
C:\Users\Admin\AppData\Local\Temp\329NJ.exe"C:\Users\Admin\AppData\Local\Temp\329NJ.exe"78⤵
-
C:\Users\Admin\AppData\Local\Temp\3V9N4.exe"C:\Users\Admin\AppData\Local\Temp\3V9N4.exe"79⤵
-
C:\Users\Admin\AppData\Local\Temp\FOH3W.exe"C:\Users\Admin\AppData\Local\Temp\FOH3W.exe"80⤵
-
C:\Users\Admin\AppData\Local\Temp\SC1D9.exe"C:\Users\Admin\AppData\Local\Temp\SC1D9.exe"81⤵
-
C:\Users\Admin\AppData\Local\Temp\87566.exe"C:\Users\Admin\AppData\Local\Temp\87566.exe"82⤵
-
C:\Users\Admin\AppData\Local\Temp\562OK.exe"C:\Users\Admin\AppData\Local\Temp\562OK.exe"83⤵
-
C:\Users\Admin\AppData\Local\Temp\2J3W8.exe"C:\Users\Admin\AppData\Local\Temp\2J3W8.exe"84⤵
-
C:\Users\Admin\AppData\Local\Temp\I4UIH.exe"C:\Users\Admin\AppData\Local\Temp\I4UIH.exe"85⤵
-
C:\Users\Admin\AppData\Local\Temp\X428M.exe"C:\Users\Admin\AppData\Local\Temp\X428M.exe"86⤵
-
C:\Users\Admin\AppData\Local\Temp\D2O42.exe"C:\Users\Admin\AppData\Local\Temp\D2O42.exe"87⤵
-
C:\Users\Admin\AppData\Local\Temp\UNT1F.exe"C:\Users\Admin\AppData\Local\Temp\UNT1F.exe"88⤵
-
C:\Users\Admin\AppData\Local\Temp\DSVY3.exe"C:\Users\Admin\AppData\Local\Temp\DSVY3.exe"89⤵
-
C:\Users\Admin\AppData\Local\Temp\3VEBO.exe"C:\Users\Admin\AppData\Local\Temp\3VEBO.exe"90⤵
-
C:\Users\Admin\AppData\Local\Temp\X4X58.exe"C:\Users\Admin\AppData\Local\Temp\X4X58.exe"91⤵
-
C:\Users\Admin\AppData\Local\Temp\WKU26.exe"C:\Users\Admin\AppData\Local\Temp\WKU26.exe"92⤵
-
C:\Users\Admin\AppData\Local\Temp\24IS2.exe"C:\Users\Admin\AppData\Local\Temp\24IS2.exe"93⤵
-
C:\Users\Admin\AppData\Local\Temp\CS485.exe"C:\Users\Admin\AppData\Local\Temp\CS485.exe"94⤵
-
C:\Users\Admin\AppData\Local\Temp\1922B.exe"C:\Users\Admin\AppData\Local\Temp\1922B.exe"95⤵
-
C:\Users\Admin\AppData\Local\Temp\DX8L7.exe"C:\Users\Admin\AppData\Local\Temp\DX8L7.exe"96⤵
-
C:\Users\Admin\AppData\Local\Temp\YPTZ0.exe"C:\Users\Admin\AppData\Local\Temp\YPTZ0.exe"97⤵
-
C:\Users\Admin\AppData\Local\Temp\1FP96.exe"C:\Users\Admin\AppData\Local\Temp\1FP96.exe"98⤵
-
C:\Users\Admin\AppData\Local\Temp\C29LX.exe"C:\Users\Admin\AppData\Local\Temp\C29LX.exe"99⤵
-
C:\Users\Admin\AppData\Local\Temp\2Z3H3.exe"C:\Users\Admin\AppData\Local\Temp\2Z3H3.exe"100⤵
-
C:\Users\Admin\AppData\Local\Temp\53XW1.exe"C:\Users\Admin\AppData\Local\Temp\53XW1.exe"101⤵
-
C:\Users\Admin\AppData\Local\Temp\KLOTE.exe"C:\Users\Admin\AppData\Local\Temp\KLOTE.exe"102⤵
-
C:\Users\Admin\AppData\Local\Temp\F778V.exe"C:\Users\Admin\AppData\Local\Temp\F778V.exe"103⤵
-
C:\Users\Admin\AppData\Local\Temp\9E037.exe"C:\Users\Admin\AppData\Local\Temp\9E037.exe"104⤵
-
C:\Users\Admin\AppData\Local\Temp\0BZ88.exe"C:\Users\Admin\AppData\Local\Temp\0BZ88.exe"105⤵
-
C:\Users\Admin\AppData\Local\Temp\T3N9C.exe"C:\Users\Admin\AppData\Local\Temp\T3N9C.exe"106⤵
-
C:\Users\Admin\AppData\Local\Temp\4A9M3.exe"C:\Users\Admin\AppData\Local\Temp\4A9M3.exe"107⤵
-
C:\Users\Admin\AppData\Local\Temp\94061.exe"C:\Users\Admin\AppData\Local\Temp\94061.exe"108⤵
-
C:\Users\Admin\AppData\Local\Temp\DDN66.exe"C:\Users\Admin\AppData\Local\Temp\DDN66.exe"109⤵
-
C:\Users\Admin\AppData\Local\Temp\47BMF.exe"C:\Users\Admin\AppData\Local\Temp\47BMF.exe"110⤵
-
C:\Users\Admin\AppData\Local\Temp\MHOKC.exe"C:\Users\Admin\AppData\Local\Temp\MHOKC.exe"111⤵
-
C:\Users\Admin\AppData\Local\Temp\J4O31.exe"C:\Users\Admin\AppData\Local\Temp\J4O31.exe"112⤵
-
C:\Users\Admin\AppData\Local\Temp\4Q8N5.exe"C:\Users\Admin\AppData\Local\Temp\4Q8N5.exe"113⤵
-
C:\Users\Admin\AppData\Local\Temp\D7TCH.exe"C:\Users\Admin\AppData\Local\Temp\D7TCH.exe"114⤵
-
C:\Users\Admin\AppData\Local\Temp\Y508Y.exe"C:\Users\Admin\AppData\Local\Temp\Y508Y.exe"115⤵
-
C:\Users\Admin\AppData\Local\Temp\18CE6.exe"C:\Users\Admin\AppData\Local\Temp\18CE6.exe"116⤵
-
C:\Users\Admin\AppData\Local\Temp\CJ253.exe"C:\Users\Admin\AppData\Local\Temp\CJ253.exe"117⤵
-
C:\Users\Admin\AppData\Local\Temp\8737Q.exe"C:\Users\Admin\AppData\Local\Temp\8737Q.exe"118⤵
-
C:\Users\Admin\AppData\Local\Temp\Y5N7Z.exe"C:\Users\Admin\AppData\Local\Temp\Y5N7Z.exe"119⤵
-
C:\Users\Admin\AppData\Local\Temp\4483E.exe"C:\Users\Admin\AppData\Local\Temp\4483E.exe"120⤵
-
C:\Users\Admin\AppData\Local\Temp\5R445.exe"C:\Users\Admin\AppData\Local\Temp\5R445.exe"121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-