Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
26s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
11/05/2024, 05:35
General
-
Target
89aeda2b5ff11c6de9ca54eb250e9f20_NeikiAnalytics.exe
-
Size
86KB
-
MD5
89aeda2b5ff11c6de9ca54eb250e9f20
-
SHA1
c54b301764ee6159812e80a8df181c7f1b122a05
-
SHA256
56ab50b1f56e2a71871ee855c07f4f720dd57855e2adaa3f4407c3fe32c50c9f
-
SHA512
58476b0b4bd0bec73290a80167606622e7781d63c051d7dac4d766fc900c77cb18f53d90e849f8356f336e89fc6c2c26b887efb695a4d29753a3556dc28c4f1a
-
SSDEEP
1536:TYjIyeC1eUfKjkhBYJ7mTCbqODiC1ZsyHZK0FjlqsS5eHyG9LU3YG8nxw:0dEUfKj8BYbDiC1ZTK7sxtLUIGP
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
UPX packed file 60 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\89aeda2b5ff11c6de9ca54eb250e9f20_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\89aeda2b5ff11c6de9ca54eb250e9f20_NeikiAnalytics.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Sysqemsemsk.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemsemsk.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Sysqempqifi.exe"C:\Users\Admin\AppData\Local\Temp\Sysqempqifi.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Sysqemtgeae.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemtgeae.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Sysqemjabno.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemjabno.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Sysqembkpfn.exe"C:\Users\Admin\AppData\Local\Temp\Sysqembkpfn.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Sysqemwntdt.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemwntdt.exe"7⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Sysqemlkbdg.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemlkbdg.exe"8⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Sysqemgmxae.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemgmxae.exe"9⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Sysqemvjfiq.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemvjfiq.exe"10⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Sysqemnfefb.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemnfefb.exe"11⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Sysqemihadz.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemihadz.exe"12⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Sysqembsndh.exe"C:\Users\Admin\AppData\Local\Temp\Sysqembsndh.exe"13⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Sysqemskpnm.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemskpnm.exe"14⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Sysqemnmtls.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemnmtls.exe"15⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Sysqemfisqv.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemfisqv.exe"16⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Sysqemakwnb.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemakwnb.exe"17⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\Sysqemvqdyc.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemvqdyc.exe"18⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\Sysqemkrplr.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemkrplr.exe"19⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\Sysqemfpivu.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemfpivu.exe"20⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\Sysqemuybij.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemuybij.exe"21⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\Sysqemhwute.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemhwute.exe"22⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\Sysqemzlkyp.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemzlkyp.exe"23⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\Sysqemrcuqu.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemrcuqu.exe"24⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\Sysqemmbnby.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemmbnby.exe"25⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\Sysqemhpvly.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemhpvly.exe"26⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\Sysqemzdtqj.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemzdtqj.exe"27⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\Sysqemrrkvu.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemrrkvu.exe"28⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\Sysqemgosvg.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemgosvg.exe"29⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\Sysqembnlgb.exe"C:\Users\Admin\AppData\Local\Temp\Sysqembnlgb.exe"30⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\Sysqemqktgo.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemqktgo.exe"31⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\Sysqemlyaqo.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemlyaqo.exe"32⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\Sysqemdioiw.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemdioiw.exe"33⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Sysqemvaqbk.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemvaqbk.exe"34⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Sysqemqzilf.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemqzilf.exe"35⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Sysqemlnywg.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemlnywg.exe"36⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Sysqemfsfgo.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemfsfgo.exe"37⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Sysqemayujp.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemayujp.exe"38⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Sysqemsywbd.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemsywbd.exe"39⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Sysqemnabyb.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemnabyb.exe"40⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Sysqemeadqo.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemeadqo.exe"41⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Sysqemctxtk.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemctxtk.exe"42⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Sysqemuioyv.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemuioyv.exe"43⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Sysqempvdbe.exe"C:\Users\Admin\AppData\Local\Temp\Sysqempvdbe.exe"44⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Sysqemkbllf.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemkbllf.exe"45⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Sysqemfdpjd.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemfdpjd.exe"46⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Sysqemzretl.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemzretl.exe"47⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Sysqemuaxjp.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemuaxjp.exe"48⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Sysqemooety.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemooety.exe"49⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Sysqemjqirw.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemjqirw.exe"50⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Sysqemewybf.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemewybf.exe"51⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Sysqemznqri.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemznqri.exe"52⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Sysqemupmoo.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemupmoo.exe"53⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Sysqemovczp.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemovczp.exe"54⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Sysqemgvejc.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemgvejc.exe"55⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Sysqemeozmz.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemeozmz.exe"56⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Sysqemvobem.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemvobem.exe"57⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Sysqemqqfbk.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemqqfbk.exe"58⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Sysqemiihtx.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemiihtx.exe"59⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Sysqemgkbou.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemgkbou.exe"60⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Sysqembpjzu.exe"C:\Users\Admin\AppData\Local\Temp\Sysqembpjzu.exe"61⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Sysqemvdyjd.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemvdyjd.exe"62⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Sysqemqjgme.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemqjgme.exe"63⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Sysqemlovwn.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemlovwn.exe"64⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Sysqemcoxos.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemcoxos.exe"65⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Sysqemxumzb.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemxumzb.exe"66⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqemsiubc.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemsiubc.exe"67⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqemmnjml.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemmnjml.exe"68⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqemhbqwl.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemhbqwl.exe"69⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqemcduur.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemcduur.exe"70⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqemxjcws.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemxjcws.exe"71⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqemsxrhb.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemsxrhb.exe"72⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqemmczrc.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemmczrc.exe"73⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqemhiobd.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemhiobd.exe"74⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqemzefhn.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemzefhn.exe"75⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqemrtdey.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemrtdey.exe"76⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqemmrwwt.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemmrwwt.exe"77⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqemhxezc.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemhxezc.exe"78⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqemcltjd.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemcltjd.exe"79⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqemwqaud.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemwqaud.exe"80⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqemoqkmr.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemoqkmr.exe"81⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqemjwsoa.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemjwsoa.exe"82⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqemdchza.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemdchza.exe"83⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqemymdwg.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemymdwg.exe"84⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqemtvemk.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemtvemk.exe"85⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqemoxaji.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemoxaji.exe"86⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqemgxkcw.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemgxkcw.exe"87⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqemazgzc.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemazgzc.exe"88⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqemvbkxa.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemvbkxa.exe"89⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqemnbmpn.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemnbmpn.exe"90⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqemhzcki.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemhzcki.exe"91⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqemxtzer.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemxtzer.exe"92⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqemphycc.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemphycc.exe"93⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqemkjcza.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemkjcza.exe"94⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqemzdruk.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemzdruk.exe"95⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqemrrpzu.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemrrpzu.exe"96⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqememhpa.exe"C:\Users\Admin\AppData\Local\Temp\Sysqememhpa.exe"97⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqemtmscp.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemtmscp.exe"98⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqemlxfux.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemlxfux.exe"99⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqemeeihu.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemeeihu.exe"100⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqemtyeue.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemtyeue.exe"101⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqemlqgmr.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemlqgmr.exe"102⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqemysmuc.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemysmuc.exe"103⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqemtqfny.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemtqfny.exe"104⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqemnagcj.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemnagcj.exe"105⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqeminnnk.exe"C:\Users\Admin\AppData\Local\Temp\Sysqeminnnk.exe"106⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqemdtdxt.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemdtdxt.exe"107⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqemyhkau.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemyhkau.exe"108⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqemsjoxa.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemsjoxa.exe"109⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqemkbqpf.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemkbqpf.exe"110⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqemfofao.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemfofao.exe"111⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqemauncp.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemauncp.exe"112⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqemuauny.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemuauny.exe"113⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqempnkxy.exe"C:\Users\Admin\AppData\Local\Temp\Sysqempnkxy.exe"114⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqemktrih.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemktrih.exe"115⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqemehgki.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemehgki.exe"116⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqemzmovj.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemzmovj.exe"117⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqemxgjxn.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemxgjxn.exe"118⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqempgkhs.exe"C:\Users\Admin\AppData\Local\Temp\Sysqempgkhs.exe"119⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqemjmasb.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemjmasb.exe"120⤵
-
C:\Users\Admin\AppData\Local\Temp\Sysqemttepm.exe"C:\Users\Admin\AppData\Local\Temp\Sysqemttepm.exe"121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-