Analysis
-
max time kernel
148s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
29-03-2024 15:26
General
-
Target
25941a832d7f008e2269b13d5fa35a89_JaffaCakes118.exe
-
Size
351KB
-
MD5
25941a832d7f008e2269b13d5fa35a89
-
SHA1
69afc975de66d7cce925cac2af448833c8f4c343
-
SHA256
17c09eeabb674a0de1a1616892c02560b9a420170159d1e42bbb272f95ed691d
-
SHA512
9d0154f60aac19d9c812ebf66067d81017c9f8deaec17e62000db7c68b0f8fcc537f33da704f8a14877853f08fe50d627217fcdb806877fb86229ee3599512cd
-
SSDEEP
384:jYxWwue/4youZfWkXiWgEiSZexdiHsd2E0S8NrjpWKV:jYx+6dWailEl0iMk6ErkA
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\25941a832d7f008e2269b13d5fa35a89_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\25941a832d7f008e2269b13d5fa35a89_JaffaCakes118.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI445C.tmpC:\Users\Admin\AppData\Local\Temp\VI445C.tmp2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI44AA.tmpC:\Users\Admin\AppData\Local\Temp\VI44AA.tmp3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI4527.tmpC:\Users\Admin\AppData\Local\Temp\VI4527.tmp4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI45A4.tmpC:\Users\Admin\AppData\Local\Temp\VI45A4.tmp5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI4631.tmpC:\Users\Admin\AppData\Local\Temp\VI4631.tmp6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI469E.tmpC:\Users\Admin\AppData\Local\Temp\VI469E.tmp7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI471B.tmpC:\Users\Admin\AppData\Local\Temp\VI471B.tmp8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI4769.tmpC:\Users\Admin\AppData\Local\Temp\VI4769.tmp9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI47D6.tmpC:\Users\Admin\AppData\Local\Temp\VI47D6.tmp10⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI4844.tmpC:\Users\Admin\AppData\Local\Temp\VI4844.tmp11⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI4892.tmpC:\Users\Admin\AppData\Local\Temp\VI4892.tmp12⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI491F.tmpC:\Users\Admin\AppData\Local\Temp\VI491F.tmp13⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI499C.tmpC:\Users\Admin\AppData\Local\Temp\VI499C.tmp14⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI49F9.tmpC:\Users\Admin\AppData\Local\Temp\VI49F9.tmp15⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI4A96.tmpC:\Users\Admin\AppData\Local\Temp\VI4A96.tmp16⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI4B22.tmpC:\Users\Admin\AppData\Local\Temp\VI4B22.tmp17⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI4B80.tmpC:\Users\Admin\AppData\Local\Temp\VI4B80.tmp18⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI4C1C.tmpC:\Users\Admin\AppData\Local\Temp\VI4C1C.tmp19⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI4C99.tmpC:\Users\Admin\AppData\Local\Temp\VI4C99.tmp20⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI4D07.tmpC:\Users\Admin\AppData\Local\Temp\VI4D07.tmp21⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI4D64.tmpC:\Users\Admin\AppData\Local\Temp\VI4D64.tmp22⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI4DE1.tmpC:\Users\Admin\AppData\Local\Temp\VI4DE1.tmp23⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI4E3F.tmpC:\Users\Admin\AppData\Local\Temp\VI4E3F.tmp24⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI4EBC.tmpC:\Users\Admin\AppData\Local\Temp\VI4EBC.tmp25⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI4F1A.tmpC:\Users\Admin\AppData\Local\Temp\VI4F1A.tmp26⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI4FB6.tmpC:\Users\Admin\AppData\Local\Temp\VI4FB6.tmp27⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI5023.tmpC:\Users\Admin\AppData\Local\Temp\VI5023.tmp28⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI5091.tmpC:\Users\Admin\AppData\Local\Temp\VI5091.tmp29⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI50EF.tmpC:\Users\Admin\AppData\Local\Temp\VI50EF.tmp30⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI514C.tmpC:\Users\Admin\AppData\Local\Temp\VI514C.tmp31⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI51D9.tmpC:\Users\Admin\AppData\Local\Temp\VI51D9.tmp32⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI5246.tmpC:\Users\Admin\AppData\Local\Temp\VI5246.tmp33⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI5294.tmpC:\Users\Admin\AppData\Local\Temp\VI5294.tmp34⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI52C3.tmpC:\Users\Admin\AppData\Local\Temp\VI52C3.tmp35⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI5311.tmpC:\Users\Admin\AppData\Local\Temp\VI5311.tmp36⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI5360.tmpC:\Users\Admin\AppData\Local\Temp\VI5360.tmp37⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI539E.tmpC:\Users\Admin\AppData\Local\Temp\VI539E.tmp38⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI53EC.tmpC:\Users\Admin\AppData\Local\Temp\VI53EC.tmp39⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI544A.tmpC:\Users\Admin\AppData\Local\Temp\VI544A.tmp40⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI5479.tmpC:\Users\Admin\AppData\Local\Temp\VI5479.tmp41⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI54B7.tmpC:\Users\Admin\AppData\Local\Temp\VI54B7.tmp42⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI54E6.tmpC:\Users\Admin\AppData\Local\Temp\VI54E6.tmp43⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI5515.tmpC:\Users\Admin\AppData\Local\Temp\VI5515.tmp44⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI5544.tmpC:\Users\Admin\AppData\Local\Temp\VI5544.tmp45⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI5563.tmpC:\Users\Admin\AppData\Local\Temp\VI5563.tmp46⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI55A2.tmpC:\Users\Admin\AppData\Local\Temp\VI55A2.tmp47⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI55C1.tmpC:\Users\Admin\AppData\Local\Temp\VI55C1.tmp48⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI55F0.tmpC:\Users\Admin\AppData\Local\Temp\VI55F0.tmp49⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI561F.tmpC:\Users\Admin\AppData\Local\Temp\VI561F.tmp50⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI565D.tmpC:\Users\Admin\AppData\Local\Temp\VI565D.tmp51⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI569C.tmpC:\Users\Admin\AppData\Local\Temp\VI569C.tmp52⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI5709.tmpC:\Users\Admin\AppData\Local\Temp\VI5709.tmp53⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI5738.tmpC:\Users\Admin\AppData\Local\Temp\VI5738.tmp54⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI57A5.tmpC:\Users\Admin\AppData\Local\Temp\VI57A5.tmp55⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI5803.tmpC:\Users\Admin\AppData\Local\Temp\VI5803.tmp56⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI5832.tmpC:\Users\Admin\AppData\Local\Temp\VI5832.tmp57⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI5880.tmpC:\Users\Admin\AppData\Local\Temp\VI5880.tmp58⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI589F.tmpC:\Users\Admin\AppData\Local\Temp\VI589F.tmp59⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI58DE.tmpC:\Users\Admin\AppData\Local\Temp\VI58DE.tmp60⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI591C.tmpC:\Users\Admin\AppData\Local\Temp\VI591C.tmp61⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI595B.tmpC:\Users\Admin\AppData\Local\Temp\VI595B.tmp62⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI5999.tmpC:\Users\Admin\AppData\Local\Temp\VI5999.tmp63⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI59C8.tmpC:\Users\Admin\AppData\Local\Temp\VI59C8.tmp64⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI5A07.tmpC:\Users\Admin\AppData\Local\Temp\VI5A07.tmp65⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\VI5A45.tmpC:\Users\Admin\AppData\Local\Temp\VI5A45.tmp66⤵
-
C:\Users\Admin\AppData\Local\Temp\VI5A74.tmpC:\Users\Admin\AppData\Local\Temp\VI5A74.tmp67⤵
-
C:\Users\Admin\AppData\Local\Temp\VI5AA3.tmpC:\Users\Admin\AppData\Local\Temp\VI5AA3.tmp68⤵
-
C:\Users\Admin\AppData\Local\Temp\VI5AE1.tmpC:\Users\Admin\AppData\Local\Temp\VI5AE1.tmp69⤵
-
C:\Users\Admin\AppData\Local\Temp\VI5B10.tmpC:\Users\Admin\AppData\Local\Temp\VI5B10.tmp70⤵
-
C:\Users\Admin\AppData\Local\Temp\VI5B3F.tmpC:\Users\Admin\AppData\Local\Temp\VI5B3F.tmp71⤵
-
C:\Users\Admin\AppData\Local\Temp\VI5B7E.tmpC:\Users\Admin\AppData\Local\Temp\VI5B7E.tmp72⤵
-
C:\Users\Admin\AppData\Local\Temp\VI5B9D.tmpC:\Users\Admin\AppData\Local\Temp\VI5B9D.tmp73⤵
-
C:\Users\Admin\AppData\Local\Temp\VI5BEB.tmpC:\Users\Admin\AppData\Local\Temp\VI5BEB.tmp74⤵
-
C:\Users\Admin\AppData\Local\Temp\VI5C1A.tmpC:\Users\Admin\AppData\Local\Temp\VI5C1A.tmp75⤵
-
C:\Users\Admin\AppData\Local\Temp\VI5C58.tmpC:\Users\Admin\AppData\Local\Temp\VI5C58.tmp76⤵
-
C:\Users\Admin\AppData\Local\Temp\VI5CA7.tmpC:\Users\Admin\AppData\Local\Temp\VI5CA7.tmp77⤵
-
C:\Users\Admin\AppData\Local\Temp\VI5CE5.tmpC:\Users\Admin\AppData\Local\Temp\VI5CE5.tmp78⤵
-
C:\Users\Admin\AppData\Local\Temp\VI5D14.tmpC:\Users\Admin\AppData\Local\Temp\VI5D14.tmp79⤵
-
C:\Users\Admin\AppData\Local\Temp\VI5D43.tmpC:\Users\Admin\AppData\Local\Temp\VI5D43.tmp80⤵
-
C:\Users\Admin\AppData\Local\Temp\VI5D81.tmpC:\Users\Admin\AppData\Local\Temp\VI5D81.tmp81⤵
-
C:\Users\Admin\AppData\Local\Temp\VI5DA1.tmpC:\Users\Admin\AppData\Local\Temp\VI5DA1.tmp82⤵
-
C:\Users\Admin\AppData\Local\Temp\VI5DCF.tmpC:\Users\Admin\AppData\Local\Temp\VI5DCF.tmp83⤵
-
C:\Users\Admin\AppData\Local\Temp\VI5E0E.tmpC:\Users\Admin\AppData\Local\Temp\VI5E0E.tmp84⤵
-
C:\Users\Admin\AppData\Local\Temp\VI5E4C.tmpC:\Users\Admin\AppData\Local\Temp\VI5E4C.tmp85⤵
-
C:\Users\Admin\AppData\Local\Temp\VI5E7B.tmpC:\Users\Admin\AppData\Local\Temp\VI5E7B.tmp86⤵
-
C:\Users\Admin\AppData\Local\Temp\VI5EBA.tmpC:\Users\Admin\AppData\Local\Temp\VI5EBA.tmp87⤵
-
C:\Users\Admin\AppData\Local\Temp\VI5EE9.tmpC:\Users\Admin\AppData\Local\Temp\VI5EE9.tmp88⤵
-
C:\Users\Admin\AppData\Local\Temp\VI5F27.tmpC:\Users\Admin\AppData\Local\Temp\VI5F27.tmp89⤵
-
C:\Users\Admin\AppData\Local\Temp\VI5F46.tmpC:\Users\Admin\AppData\Local\Temp\VI5F46.tmp90⤵
-
C:\Users\Admin\AppData\Local\Temp\VI5F85.tmpC:\Users\Admin\AppData\Local\Temp\VI5F85.tmp91⤵
-
C:\Users\Admin\AppData\Local\Temp\VI5FB4.tmpC:\Users\Admin\AppData\Local\Temp\VI5FB4.tmp92⤵
-
C:\Users\Admin\AppData\Local\Temp\VI5FF2.tmpC:\Users\Admin\AppData\Local\Temp\VI5FF2.tmp93⤵
-
C:\Users\Admin\AppData\Local\Temp\VI6021.tmpC:\Users\Admin\AppData\Local\Temp\VI6021.tmp94⤵
-
C:\Users\Admin\AppData\Local\Temp\VI6050.tmpC:\Users\Admin\AppData\Local\Temp\VI6050.tmp95⤵
-
C:\Users\Admin\AppData\Local\Temp\VI608F.tmpC:\Users\Admin\AppData\Local\Temp\VI608F.tmp96⤵
-
C:\Users\Admin\AppData\Local\Temp\VI60CD.tmpC:\Users\Admin\AppData\Local\Temp\VI60CD.tmp97⤵
-
C:\Users\Admin\AppData\Local\Temp\VI60FC.tmpC:\Users\Admin\AppData\Local\Temp\VI60FC.tmp98⤵
-
C:\Users\Admin\AppData\Local\Temp\VI612B.tmpC:\Users\Admin\AppData\Local\Temp\VI612B.tmp99⤵
-
C:\Users\Admin\AppData\Local\Temp\VI615A.tmpC:\Users\Admin\AppData\Local\Temp\VI615A.tmp100⤵
-
C:\Users\Admin\AppData\Local\Temp\VI6189.tmpC:\Users\Admin\AppData\Local\Temp\VI6189.tmp101⤵
-
C:\Users\Admin\AppData\Local\Temp\VI61B7.tmpC:\Users\Admin\AppData\Local\Temp\VI61B7.tmp102⤵
-
C:\Users\Admin\AppData\Local\Temp\VI61E6.tmpC:\Users\Admin\AppData\Local\Temp\VI61E6.tmp103⤵
-
C:\Users\Admin\AppData\Local\Temp\VI6215.tmpC:\Users\Admin\AppData\Local\Temp\VI6215.tmp104⤵
-
C:\Users\Admin\AppData\Local\Temp\VI6254.tmpC:\Users\Admin\AppData\Local\Temp\VI6254.tmp105⤵
-
C:\Users\Admin\AppData\Local\Temp\VI6283.tmpC:\Users\Admin\AppData\Local\Temp\VI6283.tmp106⤵
-
C:\Users\Admin\AppData\Local\Temp\VI62B1.tmpC:\Users\Admin\AppData\Local\Temp\VI62B1.tmp107⤵
-
C:\Users\Admin\AppData\Local\Temp\VI62E0.tmpC:\Users\Admin\AppData\Local\Temp\VI62E0.tmp108⤵
-
C:\Users\Admin\AppData\Local\Temp\VI630F.tmpC:\Users\Admin\AppData\Local\Temp\VI630F.tmp109⤵
-
C:\Users\Admin\AppData\Local\Temp\VI634E.tmpC:\Users\Admin\AppData\Local\Temp\VI634E.tmp110⤵
-
C:\Users\Admin\AppData\Local\Temp\VI637D.tmpC:\Users\Admin\AppData\Local\Temp\VI637D.tmp111⤵
-
C:\Users\Admin\AppData\Local\Temp\VI63AB.tmpC:\Users\Admin\AppData\Local\Temp\VI63AB.tmp112⤵
-
C:\Users\Admin\AppData\Local\Temp\VI63EA.tmpC:\Users\Admin\AppData\Local\Temp\VI63EA.tmp113⤵
-
C:\Users\Admin\AppData\Local\Temp\VI6428.tmpC:\Users\Admin\AppData\Local\Temp\VI6428.tmp114⤵
-
C:\Users\Admin\AppData\Local\Temp\VI6457.tmpC:\Users\Admin\AppData\Local\Temp\VI6457.tmp115⤵
-
C:\Users\Admin\AppData\Local\Temp\VI6496.tmpC:\Users\Admin\AppData\Local\Temp\VI6496.tmp116⤵
-
C:\Users\Admin\AppData\Local\Temp\VI64C5.tmpC:\Users\Admin\AppData\Local\Temp\VI64C5.tmp117⤵
-
C:\Users\Admin\AppData\Local\Temp\VI6503.tmpC:\Users\Admin\AppData\Local\Temp\VI6503.tmp118⤵
-
C:\Users\Admin\AppData\Local\Temp\VI6542.tmpC:\Users\Admin\AppData\Local\Temp\VI6542.tmp119⤵
-
C:\Users\Admin\AppData\Local\Temp\VI6571.tmpC:\Users\Admin\AppData\Local\Temp\VI6571.tmp120⤵
-
C:\Users\Admin\AppData\Local\Temp\VI65AF.tmpC:\Users\Admin\AppData\Local\Temp\VI65AF.tmp121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-