Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240319-en -
resource tags
-
submitted
29/03/2024, 15:26
General
-
Target
25941a832d7f008e2269b13d5fa35a89_JaffaCakes118.exe
-
Size
351KB
-
MD5
25941a832d7f008e2269b13d5fa35a89
-
SHA1
69afc975de66d7cce925cac2af448833c8f4c343
-
SHA256
17c09eeabb674a0de1a1616892c02560b9a420170159d1e42bbb272f95ed691d
-
SHA512
9d0154f60aac19d9c812ebf66067d81017c9f8deaec17e62000db7c68b0f8fcc537f33da704f8a14877853f08fe50d627217fcdb806877fb86229ee3599512cd
-
SSDEEP
384:jYxWwue/4youZfWkXiWgEiSZexdiHsd2E0S8NrjpWKV:jYx+6dWailEl0iMk6ErkA
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\25941a832d7f008e2269b13d5fa35a89_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\25941a832d7f008e2269b13d5fa35a89_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI2CDA.tmpC:\Users\Admin\AppData\Local\Temp\VI2CDA.tmp2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI2DB5.tmpC:\Users\Admin\AppData\Local\Temp\VI2DB5.tmp3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI2E8F.tmpC:\Users\Admin\AppData\Local\Temp\VI2E8F.tmp4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI2F2B.tmpC:\Users\Admin\AppData\Local\Temp\VI2F2B.tmp5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI2FF6.tmpC:\Users\Admin\AppData\Local\Temp\VI2FF6.tmp6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI30D0.tmpC:\Users\Admin\AppData\Local\Temp\VI30D0.tmp7⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI31AB.tmpC:\Users\Admin\AppData\Local\Temp\VI31AB.tmp8⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI3266.tmpC:\Users\Admin\AppData\Local\Temp\VI3266.tmp9⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI3302.tmpC:\Users\Admin\AppData\Local\Temp\VI3302.tmp10⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI339E.tmpC:\Users\Admin\AppData\Local\Temp\VI339E.tmp11⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI34A7.tmpC:\Users\Admin\AppData\Local\Temp\VI34A7.tmp12⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI3582.tmpC:\Users\Admin\AppData\Local\Temp\VI3582.tmp13⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI363D.tmpC:\Users\Admin\AppData\Local\Temp\VI363D.tmp14⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI36E8.tmpC:\Users\Admin\AppData\Local\Temp\VI36E8.tmp15⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI37C3.tmpC:\Users\Admin\AppData\Local\Temp\VI37C3.tmp16⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI3840.tmpC:\Users\Admin\AppData\Local\Temp\VI3840.tmp17⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI3949.tmpC:\Users\Admin\AppData\Local\Temp\VI3949.tmp18⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI3997.tmpC:\Users\Admin\AppData\Local\Temp\VI3997.tmp19⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI3A04.tmpC:\Users\Admin\AppData\Local\Temp\VI3A04.tmp20⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI3A52.tmpC:\Users\Admin\AppData\Local\Temp\VI3A52.tmp21⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI3AA0.tmpC:\Users\Admin\AppData\Local\Temp\VI3AA0.tmp22⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI3ADE.tmpC:\Users\Admin\AppData\Local\Temp\VI3ADE.tmp23⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI3B1D.tmpC:\Users\Admin\AppData\Local\Temp\VI3B1D.tmp24⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI3B5B.tmpC:\Users\Admin\AppData\Local\Temp\VI3B5B.tmp25⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI3BA9.tmpC:\Users\Admin\AppData\Local\Temp\VI3BA9.tmp26⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI3BE8.tmpC:\Users\Admin\AppData\Local\Temp\VI3BE8.tmp27⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI3C36.tmpC:\Users\Admin\AppData\Local\Temp\VI3C36.tmp28⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI3C84.tmpC:\Users\Admin\AppData\Local\Temp\VI3C84.tmp29⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI3CB2.tmpC:\Users\Admin\AppData\Local\Temp\VI3CB2.tmp30⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI3D10.tmpC:\Users\Admin\AppData\Local\Temp\VI3D10.tmp31⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI3D5E.tmpC:\Users\Admin\AppData\Local\Temp\VI3D5E.tmp32⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI3E29.tmpC:\Users\Admin\AppData\Local\Temp\VI3E29.tmp33⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI3EB5.tmpC:\Users\Admin\AppData\Local\Temp\VI3EB5.tmp34⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI3F13.tmpC:\Users\Admin\AppData\Local\Temp\VI3F13.tmp35⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI3F9F.tmpC:\Users\Admin\AppData\Local\Temp\VI3F9F.tmp36⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI3FED.tmpC:\Users\Admin\AppData\Local\Temp\VI3FED.tmp37⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI402C.tmpC:\Users\Admin\AppData\Local\Temp\VI402C.tmp38⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI406A.tmpC:\Users\Admin\AppData\Local\Temp\VI406A.tmp39⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI407A.tmpC:\Users\Admin\AppData\Local\Temp\VI407A.tmp40⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI40D7.tmpC:\Users\Admin\AppData\Local\Temp\VI40D7.tmp41⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI4116.tmpC:\Users\Admin\AppData\Local\Temp\VI4116.tmp42⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI4154.tmpC:\Users\Admin\AppData\Local\Temp\VI4154.tmp43⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI4192.tmpC:\Users\Admin\AppData\Local\Temp\VI4192.tmp44⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI41E0.tmpC:\Users\Admin\AppData\Local\Temp\VI41E0.tmp45⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI420F.tmpC:\Users\Admin\AppData\Local\Temp\VI420F.tmp46⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI424E.tmpC:\Users\Admin\AppData\Local\Temp\VI424E.tmp47⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI428C.tmpC:\Users\Admin\AppData\Local\Temp\VI428C.tmp48⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI42BB.tmpC:\Users\Admin\AppData\Local\Temp\VI42BB.tmp49⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI42F9.tmpC:\Users\Admin\AppData\Local\Temp\VI42F9.tmp50⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI4347.tmpC:\Users\Admin\AppData\Local\Temp\VI4347.tmp51⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI4395.tmpC:\Users\Admin\AppData\Local\Temp\VI4395.tmp52⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI43D4.tmpC:\Users\Admin\AppData\Local\Temp\VI43D4.tmp53⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI4412.tmpC:\Users\Admin\AppData\Local\Temp\VI4412.tmp54⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI4470.tmpC:\Users\Admin\AppData\Local\Temp\VI4470.tmp55⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI44BE.tmpC:\Users\Admin\AppData\Local\Temp\VI44BE.tmp56⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI450C.tmpC:\Users\Admin\AppData\Local\Temp\VI450C.tmp57⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI452B.tmpC:\Users\Admin\AppData\Local\Temp\VI452B.tmp58⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI4588.tmpC:\Users\Admin\AppData\Local\Temp\VI4588.tmp59⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI45C7.tmpC:\Users\Admin\AppData\Local\Temp\VI45C7.tmp60⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI4605.tmpC:\Users\Admin\AppData\Local\Temp\VI4605.tmp61⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI4653.tmpC:\Users\Admin\AppData\Local\Temp\VI4653.tmp62⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI46A1.tmpC:\Users\Admin\AppData\Local\Temp\VI46A1.tmp63⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI46EF.tmpC:\Users\Admin\AppData\Local\Temp\VI46EF.tmp64⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI472E.tmpC:\Users\Admin\AppData\Local\Temp\VI472E.tmp65⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\VI478B.tmpC:\Users\Admin\AppData\Local\Temp\VI478B.tmp66⤵
-
C:\Users\Admin\AppData\Local\Temp\VI47D9.tmpC:\Users\Admin\AppData\Local\Temp\VI47D9.tmp67⤵
-
C:\Users\Admin\AppData\Local\Temp\VI4808.tmpC:\Users\Admin\AppData\Local\Temp\VI4808.tmp68⤵
-
C:\Users\Admin\AppData\Local\Temp\VI4818.tmpC:\Users\Admin\AppData\Local\Temp\VI4818.tmp69⤵
-
C:\Users\Admin\AppData\Local\Temp\VI4856.tmpC:\Users\Admin\AppData\Local\Temp\VI4856.tmp70⤵
-
C:\Users\Admin\AppData\Local\Temp\VI48A4.tmpC:\Users\Admin\AppData\Local\Temp\VI48A4.tmp71⤵
-
C:\Users\Admin\AppData\Local\Temp\VI48F2.tmpC:\Users\Admin\AppData\Local\Temp\VI48F2.tmp72⤵
-
C:\Users\Admin\AppData\Local\Temp\VI4921.tmpC:\Users\Admin\AppData\Local\Temp\VI4921.tmp73⤵
-
C:\Users\Admin\AppData\Local\Temp\VI496F.tmpC:\Users\Admin\AppData\Local\Temp\VI496F.tmp74⤵
-
C:\Users\Admin\AppData\Local\Temp\VI49DC.tmpC:\Users\Admin\AppData\Local\Temp\VI49DC.tmp75⤵
-
C:\Users\Admin\AppData\Local\Temp\VI4A0B.tmpC:\Users\Admin\AppData\Local\Temp\VI4A0B.tmp76⤵
-
C:\Users\Admin\AppData\Local\Temp\VI4A49.tmpC:\Users\Admin\AppData\Local\Temp\VI4A49.tmp77⤵
-
C:\Users\Admin\AppData\Local\Temp\VI4A97.tmpC:\Users\Admin\AppData\Local\Temp\VI4A97.tmp78⤵
-
C:\Users\Admin\AppData\Local\Temp\VI4AE5.tmpC:\Users\Admin\AppData\Local\Temp\VI4AE5.tmp79⤵
-
C:\Users\Admin\AppData\Local\Temp\VI4B24.tmpC:\Users\Admin\AppData\Local\Temp\VI4B24.tmp80⤵
-
C:\Users\Admin\AppData\Local\Temp\VI4B52.tmpC:\Users\Admin\AppData\Local\Temp\VI4B52.tmp81⤵
-
C:\Users\Admin\AppData\Local\Temp\VI4B91.tmpC:\Users\Admin\AppData\Local\Temp\VI4B91.tmp82⤵
-
C:\Users\Admin\AppData\Local\Temp\VI4BDF.tmpC:\Users\Admin\AppData\Local\Temp\VI4BDF.tmp83⤵
-
C:\Users\Admin\AppData\Local\Temp\VI4C1D.tmpC:\Users\Admin\AppData\Local\Temp\VI4C1D.tmp84⤵
-
C:\Users\Admin\AppData\Local\Temp\VI4C5C.tmpC:\Users\Admin\AppData\Local\Temp\VI4C5C.tmp85⤵
-
C:\Users\Admin\AppData\Local\Temp\VI4CAA.tmpC:\Users\Admin\AppData\Local\Temp\VI4CAA.tmp86⤵
-
C:\Users\Admin\AppData\Local\Temp\VI4CE8.tmpC:\Users\Admin\AppData\Local\Temp\VI4CE8.tmp87⤵
-
C:\Users\Admin\AppData\Local\Temp\VI4D26.tmpC:\Users\Admin\AppData\Local\Temp\VI4D26.tmp88⤵
-
C:\Users\Admin\AppData\Local\Temp\VI4D55.tmpC:\Users\Admin\AppData\Local\Temp\VI4D55.tmp89⤵
-
C:\Users\Admin\AppData\Local\Temp\VI4D94.tmpC:\Users\Admin\AppData\Local\Temp\VI4D94.tmp90⤵
-
C:\Users\Admin\AppData\Local\Temp\VI4DE2.tmpC:\Users\Admin\AppData\Local\Temp\VI4DE2.tmp91⤵
-
C:\Users\Admin\AppData\Local\Temp\VI4E20.tmpC:\Users\Admin\AppData\Local\Temp\VI4E20.tmp92⤵
-
C:\Users\Admin\AppData\Local\Temp\VI4E6E.tmpC:\Users\Admin\AppData\Local\Temp\VI4E6E.tmp93⤵
-
C:\Users\Admin\AppData\Local\Temp\VI4EAC.tmpC:\Users\Admin\AppData\Local\Temp\VI4EAC.tmp94⤵
-
C:\Users\Admin\AppData\Local\Temp\VI4EEB.tmpC:\Users\Admin\AppData\Local\Temp\VI4EEB.tmp95⤵
-
C:\Users\Admin\AppData\Local\Temp\VI4F39.tmpC:\Users\Admin\AppData\Local\Temp\VI4F39.tmp96⤵
-
C:\Users\Admin\AppData\Local\Temp\VI4F87.tmpC:\Users\Admin\AppData\Local\Temp\VI4F87.tmp97⤵
-
C:\Users\Admin\AppData\Local\Temp\VI4FC5.tmpC:\Users\Admin\AppData\Local\Temp\VI4FC5.tmp98⤵
-
C:\Users\Admin\AppData\Local\Temp\VI5013.tmpC:\Users\Admin\AppData\Local\Temp\VI5013.tmp99⤵
-
C:\Users\Admin\AppData\Local\Temp\VI5052.tmpC:\Users\Admin\AppData\Local\Temp\VI5052.tmp100⤵
-
C:\Users\Admin\AppData\Local\Temp\VI50A0.tmpC:\Users\Admin\AppData\Local\Temp\VI50A0.tmp101⤵
-
C:\Users\Admin\AppData\Local\Temp\VI50DE.tmpC:\Users\Admin\AppData\Local\Temp\VI50DE.tmp102⤵
-
C:\Users\Admin\AppData\Local\Temp\VI510D.tmpC:\Users\Admin\AppData\Local\Temp\VI510D.tmp103⤵
-
C:\Users\Admin\AppData\Local\Temp\VI514B.tmpC:\Users\Admin\AppData\Local\Temp\VI514B.tmp104⤵
-
C:\Users\Admin\AppData\Local\Temp\VI5199.tmpC:\Users\Admin\AppData\Local\Temp\VI5199.tmp105⤵
-
C:\Users\Admin\AppData\Local\Temp\VI51F7.tmpC:\Users\Admin\AppData\Local\Temp\VI51F7.tmp106⤵
-
C:\Users\Admin\AppData\Local\Temp\VI5245.tmpC:\Users\Admin\AppData\Local\Temp\VI5245.tmp107⤵
-
C:\Users\Admin\AppData\Local\Temp\VI537D.tmpC:\Users\Admin\AppData\Local\Temp\VI537D.tmp108⤵
-
C:\Users\Admin\AppData\Local\Temp\VI53DA.tmpC:\Users\Admin\AppData\Local\Temp\VI53DA.tmp109⤵
-
C:\Users\Admin\AppData\Local\Temp\VI5419.tmpC:\Users\Admin\AppData\Local\Temp\VI5419.tmp110⤵
-
C:\Users\Admin\AppData\Local\Temp\VI5457.tmpC:\Users\Admin\AppData\Local\Temp\VI5457.tmp111⤵
-
C:\Users\Admin\AppData\Local\Temp\VI5496.tmpC:\Users\Admin\AppData\Local\Temp\VI5496.tmp112⤵
-
C:\Users\Admin\AppData\Local\Temp\VI54D4.tmpC:\Users\Admin\AppData\Local\Temp\VI54D4.tmp113⤵
-
C:\Users\Admin\AppData\Local\Temp\VI5512.tmpC:\Users\Admin\AppData\Local\Temp\VI5512.tmp114⤵
-
C:\Users\Admin\AppData\Local\Temp\VI5560.tmpC:\Users\Admin\AppData\Local\Temp\VI5560.tmp115⤵
-
C:\Users\Admin\AppData\Local\Temp\VI55AE.tmpC:\Users\Admin\AppData\Local\Temp\VI55AE.tmp116⤵
-
C:\Users\Admin\AppData\Local\Temp\VI55FC.tmpC:\Users\Admin\AppData\Local\Temp\VI55FC.tmp117⤵
-
C:\Users\Admin\AppData\Local\Temp\VI564A.tmpC:\Users\Admin\AppData\Local\Temp\VI564A.tmp118⤵
-
C:\Users\Admin\AppData\Local\Temp\VI56A8.tmpC:\Users\Admin\AppData\Local\Temp\VI56A8.tmp119⤵
-
C:\Users\Admin\AppData\Local\Temp\VI56F6.tmpC:\Users\Admin\AppData\Local\Temp\VI56F6.tmp120⤵
-
C:\Users\Admin\AppData\Local\Temp\VI5734.tmpC:\Users\Admin\AppData\Local\Temp\VI5734.tmp121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-