Analysis
-
max time kernel
124s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
15-05-2024 05:43
General
-
Target
8da7fa0137a085abce43d26397705430_NeikiAnalytics.exe
-
Size
1.2MB
-
MD5
8da7fa0137a085abce43d26397705430
-
SHA1
11813df913bc67c6232a316579864885af472a7d
-
SHA256
8f860ee6af1353ae0cc08ef7aa07279562baef40b6f16cf7e2f7abe49019955c
-
SHA512
3e5091d4865063d6d22a6a12ccdcc2896aa590bc4babe9ddd4748c7d635e308b99ef69339c4fe624ec52952dc61d4a55a501c25e426af8b08c6c7758026c1ed8
-
SSDEEP
24576:1qylFH50Dv6RwyeQvt6ot0h9HyrOgiruAG:IylFHUv6ReIt0jSrOo
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8da7fa0137a085abce43d26397705430_NeikiAnalytics.exe"C:\Users\Admin\AppData\Local\Temp\8da7fa0137a085abce43d26397705430_NeikiAnalytics.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\9Q05G.exe"C:\Users\Admin\AppData\Local\Temp\9Q05G.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\054BW.exe"C:\Users\Admin\AppData\Local\Temp\054BW.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\9R5BB.exe"C:\Users\Admin\AppData\Local\Temp\9R5BB.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\43D77.exe"C:\Users\Admin\AppData\Local\Temp\43D77.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\FX04H.exe"C:\Users\Admin\AppData\Local\Temp\FX04H.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\T9Y28.exe"C:\Users\Admin\AppData\Local\Temp\T9Y28.exe"7⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\N95LN.exe"C:\Users\Admin\AppData\Local\Temp\N95LN.exe"8⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\Q2401.exe"C:\Users\Admin\AppData\Local\Temp\Q2401.exe"9⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\2324B.exe"C:\Users\Admin\AppData\Local\Temp\2324B.exe"10⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\L0WD8.exe"C:\Users\Admin\AppData\Local\Temp\L0WD8.exe"11⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\CO5DC.exe"C:\Users\Admin\AppData\Local\Temp\CO5DC.exe"12⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\90602.exe"C:\Users\Admin\AppData\Local\Temp\90602.exe"13⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\00805.exe"C:\Users\Admin\AppData\Local\Temp\00805.exe"14⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\3M16N.exe"C:\Users\Admin\AppData\Local\Temp\3M16N.exe"15⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\QJY42.exe"C:\Users\Admin\AppData\Local\Temp\QJY42.exe"16⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\TX3FQ.exe"C:\Users\Admin\AppData\Local\Temp\TX3FQ.exe"17⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\68JQ6.exe"C:\Users\Admin\AppData\Local\Temp\68JQ6.exe"18⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\QYXOD.exe"C:\Users\Admin\AppData\Local\Temp\QYXOD.exe"19⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\J0O71.exe"C:\Users\Admin\AppData\Local\Temp\J0O71.exe"20⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\284Q4.exe"C:\Users\Admin\AppData\Local\Temp\284Q4.exe"21⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\12I3F.exe"C:\Users\Admin\AppData\Local\Temp\12I3F.exe"22⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\RLW5B.exe"C:\Users\Admin\AppData\Local\Temp\RLW5B.exe"23⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\55NH5.exe"C:\Users\Admin\AppData\Local\Temp\55NH5.exe"24⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\71416.exe"C:\Users\Admin\AppData\Local\Temp\71416.exe"25⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\B2VPH.exe"C:\Users\Admin\AppData\Local\Temp\B2VPH.exe"26⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\II8K4.exe"C:\Users\Admin\AppData\Local\Temp\II8K4.exe"27⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\98M4X.exe"C:\Users\Admin\AppData\Local\Temp\98M4X.exe"28⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\PV7A5.exe"C:\Users\Admin\AppData\Local\Temp\PV7A5.exe"29⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\L50BM.exe"C:\Users\Admin\AppData\Local\Temp\L50BM.exe"30⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\HX281.exe"C:\Users\Admin\AppData\Local\Temp\HX281.exe"31⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\4CHHA.exe"C:\Users\Admin\AppData\Local\Temp\4CHHA.exe"32⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\IN6WZ.exe"C:\Users\Admin\AppData\Local\Temp\IN6WZ.exe"33⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\F5TFM.exe"C:\Users\Admin\AppData\Local\Temp\F5TFM.exe"34⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\KS3A4.exe"C:\Users\Admin\AppData\Local\Temp\KS3A4.exe"35⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\AON5F.exe"C:\Users\Admin\AppData\Local\Temp\AON5F.exe"36⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\27B95.exe"C:\Users\Admin\AppData\Local\Temp\27B95.exe"37⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\E586X.exe"C:\Users\Admin\AppData\Local\Temp\E586X.exe"38⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\BTMN2.exe"C:\Users\Admin\AppData\Local\Temp\BTMN2.exe"39⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\2XUVK.exe"C:\Users\Admin\AppData\Local\Temp\2XUVK.exe"40⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\D4L58.exe"C:\Users\Admin\AppData\Local\Temp\D4L58.exe"41⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\AI35N.exe"C:\Users\Admin\AppData\Local\Temp\AI35N.exe"42⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\VWAX7.exe"C:\Users\Admin\AppData\Local\Temp\VWAX7.exe"43⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\738M6.exe"C:\Users\Admin\AppData\Local\Temp\738M6.exe"44⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Y35IC.exe"C:\Users\Admin\AppData\Local\Temp\Y35IC.exe"45⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\90T71.exe"C:\Users\Admin\AppData\Local\Temp\90T71.exe"46⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\EYHJ8.exe"C:\Users\Admin\AppData\Local\Temp\EYHJ8.exe"47⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\R60FF.exe"C:\Users\Admin\AppData\Local\Temp\R60FF.exe"48⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\1L63W.exe"C:\Users\Admin\AppData\Local\Temp\1L63W.exe"49⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\89XG1.exe"C:\Users\Admin\AppData\Local\Temp\89XG1.exe"50⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\1740B.exe"C:\Users\Admin\AppData\Local\Temp\1740B.exe"51⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5U9WE.exe"C:\Users\Admin\AppData\Local\Temp\5U9WE.exe"52⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\86X80.exe"C:\Users\Admin\AppData\Local\Temp\86X80.exe"53⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\2WVPO.exe"C:\Users\Admin\AppData\Local\Temp\2WVPO.exe"54⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\W42UG.exe"C:\Users\Admin\AppData\Local\Temp\W42UG.exe"55⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\OI6A6.exe"C:\Users\Admin\AppData\Local\Temp\OI6A6.exe"56⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\97V70.exe"C:\Users\Admin\AppData\Local\Temp\97V70.exe"57⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\I7463.exe"C:\Users\Admin\AppData\Local\Temp\I7463.exe"58⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5SNSW.exe"C:\Users\Admin\AppData\Local\Temp\5SNSW.exe"59⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\175T7.exe"C:\Users\Admin\AppData\Local\Temp\175T7.exe"60⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\SF32D.exe"C:\Users\Admin\AppData\Local\Temp\SF32D.exe"61⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\1H6TL.exe"C:\Users\Admin\AppData\Local\Temp\1H6TL.exe"62⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\S92I3.exe"C:\Users\Admin\AppData\Local\Temp\S92I3.exe"63⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\G5C64.exe"C:\Users\Admin\AppData\Local\Temp\G5C64.exe"64⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\67RF9.exe"C:\Users\Admin\AppData\Local\Temp\67RF9.exe"65⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4X490.exe"C:\Users\Admin\AppData\Local\Temp\4X490.exe"66⤵
-
C:\Users\Admin\AppData\Local\Temp\5QVNZ.exe"C:\Users\Admin\AppData\Local\Temp\5QVNZ.exe"67⤵
-
C:\Users\Admin\AppData\Local\Temp\PX6LB.exe"C:\Users\Admin\AppData\Local\Temp\PX6LB.exe"68⤵
-
C:\Users\Admin\AppData\Local\Temp\46C4Y.exe"C:\Users\Admin\AppData\Local\Temp\46C4Y.exe"69⤵
-
C:\Users\Admin\AppData\Local\Temp\FE6V1.exe"C:\Users\Admin\AppData\Local\Temp\FE6V1.exe"70⤵
-
C:\Users\Admin\AppData\Local\Temp\F170I.exe"C:\Users\Admin\AppData\Local\Temp\F170I.exe"71⤵
-
C:\Users\Admin\AppData\Local\Temp\0G067.exe"C:\Users\Admin\AppData\Local\Temp\0G067.exe"72⤵
-
C:\Users\Admin\AppData\Local\Temp\X428M.exe"C:\Users\Admin\AppData\Local\Temp\X428M.exe"73⤵
-
C:\Users\Admin\AppData\Local\Temp\BNW57.exe"C:\Users\Admin\AppData\Local\Temp\BNW57.exe"74⤵
-
C:\Users\Admin\AppData\Local\Temp\OF2I2.exe"C:\Users\Admin\AppData\Local\Temp\OF2I2.exe"75⤵
-
C:\Users\Admin\AppData\Local\Temp\8A6D3.exe"C:\Users\Admin\AppData\Local\Temp\8A6D3.exe"76⤵
-
C:\Users\Admin\AppData\Local\Temp\05KA8.exe"C:\Users\Admin\AppData\Local\Temp\05KA8.exe"77⤵
-
C:\Users\Admin\AppData\Local\Temp\IA5CT.exe"C:\Users\Admin\AppData\Local\Temp\IA5CT.exe"78⤵
-
C:\Users\Admin\AppData\Local\Temp\N5VYF.exe"C:\Users\Admin\AppData\Local\Temp\N5VYF.exe"79⤵
-
C:\Users\Admin\AppData\Local\Temp\X4X58.exe"C:\Users\Admin\AppData\Local\Temp\X4X58.exe"80⤵
-
C:\Users\Admin\AppData\Local\Temp\MXAQK.exe"C:\Users\Admin\AppData\Local\Temp\MXAQK.exe"81⤵
-
C:\Users\Admin\AppData\Local\Temp\1P733.exe"C:\Users\Admin\AppData\Local\Temp\1P733.exe"82⤵
-
C:\Users\Admin\AppData\Local\Temp\0EBZ1.exe"C:\Users\Admin\AppData\Local\Temp\0EBZ1.exe"83⤵
-
C:\Users\Admin\AppData\Local\Temp\E71CK.exe"C:\Users\Admin\AppData\Local\Temp\E71CK.exe"84⤵
-
C:\Users\Admin\AppData\Local\Temp\9MIR2.exe"C:\Users\Admin\AppData\Local\Temp\9MIR2.exe"85⤵
-
C:\Users\Admin\AppData\Local\Temp\8JA0I.exe"C:\Users\Admin\AppData\Local\Temp\8JA0I.exe"86⤵
-
C:\Users\Admin\AppData\Local\Temp\T30TZ.exe"C:\Users\Admin\AppData\Local\Temp\T30TZ.exe"87⤵
-
C:\Users\Admin\AppData\Local\Temp\54AV4.exe"C:\Users\Admin\AppData\Local\Temp\54AV4.exe"88⤵
-
C:\Users\Admin\AppData\Local\Temp\5F3SY.exe"C:\Users\Admin\AppData\Local\Temp\5F3SY.exe"89⤵
-
C:\Users\Admin\AppData\Local\Temp\0N312.exe"C:\Users\Admin\AppData\Local\Temp\0N312.exe"90⤵
-
C:\Users\Admin\AppData\Local\Temp\Y16U5.exe"C:\Users\Admin\AppData\Local\Temp\Y16U5.exe"91⤵
-
C:\Users\Admin\AppData\Local\Temp\G07C2.exe"C:\Users\Admin\AppData\Local\Temp\G07C2.exe"92⤵
-
C:\Users\Admin\AppData\Local\Temp\3O179.exe"C:\Users\Admin\AppData\Local\Temp\3O179.exe"93⤵
-
C:\Users\Admin\AppData\Local\Temp\71UW0.exe"C:\Users\Admin\AppData\Local\Temp\71UW0.exe"94⤵
-
C:\Users\Admin\AppData\Local\Temp\40W8B.exe"C:\Users\Admin\AppData\Local\Temp\40W8B.exe"95⤵
-
C:\Users\Admin\AppData\Local\Temp\TV361.exe"C:\Users\Admin\AppData\Local\Temp\TV361.exe"96⤵
-
C:\Users\Admin\AppData\Local\Temp\N1S8N.exe"C:\Users\Admin\AppData\Local\Temp\N1S8N.exe"97⤵
-
C:\Users\Admin\AppData\Local\Temp\B8129.exe"C:\Users\Admin\AppData\Local\Temp\B8129.exe"98⤵
-
C:\Users\Admin\AppData\Local\Temp\5R445.exe"C:\Users\Admin\AppData\Local\Temp\5R445.exe"99⤵
-
C:\Users\Admin\AppData\Local\Temp\AU19E.exe"C:\Users\Admin\AppData\Local\Temp\AU19E.exe"100⤵
-
C:\Users\Admin\AppData\Local\Temp\5831I.exe"C:\Users\Admin\AppData\Local\Temp\5831I.exe"101⤵
-
C:\Users\Admin\AppData\Local\Temp\I0Z7L.exe"C:\Users\Admin\AppData\Local\Temp\I0Z7L.exe"102⤵
-
C:\Users\Admin\AppData\Local\Temp\9Z7YC.exe"C:\Users\Admin\AppData\Local\Temp\9Z7YC.exe"103⤵
-
C:\Users\Admin\AppData\Local\Temp\3E143.exe"C:\Users\Admin\AppData\Local\Temp\3E143.exe"104⤵
-
C:\Users\Admin\AppData\Local\Temp\10KZ6.exe"C:\Users\Admin\AppData\Local\Temp\10KZ6.exe"105⤵
-
C:\Users\Admin\AppData\Local\Temp\6240I.exe"C:\Users\Admin\AppData\Local\Temp\6240I.exe"106⤵
-
C:\Users\Admin\AppData\Local\Temp\SZA20.exe"C:\Users\Admin\AppData\Local\Temp\SZA20.exe"107⤵
-
C:\Users\Admin\AppData\Local\Temp\PU79A.exe"C:\Users\Admin\AppData\Local\Temp\PU79A.exe"108⤵
-
C:\Users\Admin\AppData\Local\Temp\99X9O.exe"C:\Users\Admin\AppData\Local\Temp\99X9O.exe"109⤵
-
C:\Users\Admin\AppData\Local\Temp\BEF8O.exe"C:\Users\Admin\AppData\Local\Temp\BEF8O.exe"110⤵
-
C:\Users\Admin\AppData\Local\Temp\43WQ0.exe"C:\Users\Admin\AppData\Local\Temp\43WQ0.exe"111⤵
-
C:\Users\Admin\AppData\Local\Temp\312U9.exe"C:\Users\Admin\AppData\Local\Temp\312U9.exe"112⤵
-
C:\Users\Admin\AppData\Local\Temp\JM6IX.exe"C:\Users\Admin\AppData\Local\Temp\JM6IX.exe"113⤵
-
C:\Users\Admin\AppData\Local\Temp\06OD2.exe"C:\Users\Admin\AppData\Local\Temp\06OD2.exe"114⤵
-
C:\Users\Admin\AppData\Local\Temp\1R5ZM.exe"C:\Users\Admin\AppData\Local\Temp\1R5ZM.exe"115⤵
-
C:\Users\Admin\AppData\Local\Temp\1448X.exe"C:\Users\Admin\AppData\Local\Temp\1448X.exe"116⤵
-
C:\Users\Admin\AppData\Local\Temp\XFRJ2.exe"C:\Users\Admin\AppData\Local\Temp\XFRJ2.exe"117⤵
-
C:\Users\Admin\AppData\Local\Temp\RE27K.exe"C:\Users\Admin\AppData\Local\Temp\RE27K.exe"118⤵
-
C:\Users\Admin\AppData\Local\Temp\D81RV.exe"C:\Users\Admin\AppData\Local\Temp\D81RV.exe"119⤵
-
C:\Users\Admin\AppData\Local\Temp\JY7SO.exe"C:\Users\Admin\AppData\Local\Temp\JY7SO.exe"120⤵
-
C:\Users\Admin\AppData\Local\Temp\0055X.exe"C:\Users\Admin\AppData\Local\Temp\0055X.exe"121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-