Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
97s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240705-en -
resource tags
-
submitted
06/07/2024, 00:39
General
-
Target
9939f0759f4abd4856a0300e2d92cc427f877a1851f02cf311de99293f88244b.exe
-
Size
1.0MB
-
MD5
d0bcac4da3a6de1274c3803f1859f0e6
-
SHA1
e536d602aa55999c965f7b892484f80591c2a611
-
SHA256
9939f0759f4abd4856a0300e2d92cc427f877a1851f02cf311de99293f88244b
-
SHA512
f2b3a1cd9c330969a06b90e9110a43898a22810b4c4615a5f7aa08ddd2868028e1af6f349fb4f030b3ca555bba9a8b4c0edbba7593a5ec62e6a2d675d2019faa
-
SSDEEP
24576:FqOMFH5BhM6RwleQktOot0h9HyrOOfGOAY:4OMFHa6meHt0jSrOk
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\9939f0759f4abd4856a0300e2d92cc427f877a1851f02cf311de99293f88244b.exe"C:\Users\Admin\AppData\Local\Temp\9939f0759f4abd4856a0300e2d92cc427f877a1851f02cf311de99293f88244b.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\5Q5YV.exe"C:\Users\Admin\AppData\Local\Temp\5Q5YV.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\A68IR.exe"C:\Users\Admin\AppData\Local\Temp\A68IR.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\BH40U.exe"C:\Users\Admin\AppData\Local\Temp\BH40U.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\885L6.exe"C:\Users\Admin\AppData\Local\Temp\885L6.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\63Q55.exe"C:\Users\Admin\AppData\Local\Temp\63Q55.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\JY26X.exe"C:\Users\Admin\AppData\Local\Temp\JY26X.exe"7⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\XVNWJ.exe"C:\Users\Admin\AppData\Local\Temp\XVNWJ.exe"8⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\JDZV6.exe"C:\Users\Admin\AppData\Local\Temp\JDZV6.exe"9⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\0LH7Q.exe"C:\Users\Admin\AppData\Local\Temp\0LH7Q.exe"10⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\RO5ZG.exe"C:\Users\Admin\AppData\Local\Temp\RO5ZG.exe"11⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\GCE34.exe"C:\Users\Admin\AppData\Local\Temp\GCE34.exe"12⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\5JHN1.exe"C:\Users\Admin\AppData\Local\Temp\5JHN1.exe"13⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\D02CR.exe"C:\Users\Admin\AppData\Local\Temp\D02CR.exe"14⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\609F1.exe"C:\Users\Admin\AppData\Local\Temp\609F1.exe"15⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\54085.exe"C:\Users\Admin\AppData\Local\Temp\54085.exe"16⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\18XQF.exe"C:\Users\Admin\AppData\Local\Temp\18XQF.exe"17⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\20TFB.exe"C:\Users\Admin\AppData\Local\Temp\20TFB.exe"18⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\05421.exe"C:\Users\Admin\AppData\Local\Temp\05421.exe"19⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\IDR3M.exe"C:\Users\Admin\AppData\Local\Temp\IDR3M.exe"20⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\Z3806.exe"C:\Users\Admin\AppData\Local\Temp\Z3806.exe"21⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\9NLE7.exe"C:\Users\Admin\AppData\Local\Temp\9NLE7.exe"22⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\R55A6.exe"C:\Users\Admin\AppData\Local\Temp\R55A6.exe"23⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\N5DBO.exe"C:\Users\Admin\AppData\Local\Temp\N5DBO.exe"24⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\9TCD8.exe"C:\Users\Admin\AppData\Local\Temp\9TCD8.exe"25⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\LP426.exe"C:\Users\Admin\AppData\Local\Temp\LP426.exe"26⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\R3M02.exe"C:\Users\Admin\AppData\Local\Temp\R3M02.exe"27⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\4SLO7.exe"C:\Users\Admin\AppData\Local\Temp\4SLO7.exe"28⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\333X9.exe"C:\Users\Admin\AppData\Local\Temp\333X9.exe"29⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\KUS86.exe"C:\Users\Admin\AppData\Local\Temp\KUS86.exe"30⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\HG85O.exe"C:\Users\Admin\AppData\Local\Temp\HG85O.exe"31⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\C7392.exe"C:\Users\Admin\AppData\Local\Temp\C7392.exe"32⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\K905K.exe"C:\Users\Admin\AppData\Local\Temp\K905K.exe"33⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\A8O3R.exe"C:\Users\Admin\AppData\Local\Temp\A8O3R.exe"34⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5C1H7.exe"C:\Users\Admin\AppData\Local\Temp\5C1H7.exe"35⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\GZ9M6.exe"C:\Users\Admin\AppData\Local\Temp\GZ9M6.exe"36⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\56A2T.exe"C:\Users\Admin\AppData\Local\Temp\56A2T.exe"37⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Z3090.exe"C:\Users\Admin\AppData\Local\Temp\Z3090.exe"38⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\C2TUB.exe"C:\Users\Admin\AppData\Local\Temp\C2TUB.exe"39⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\7VEBD.exe"C:\Users\Admin\AppData\Local\Temp\7VEBD.exe"40⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\Y1CV7.exe"C:\Users\Admin\AppData\Local\Temp\Y1CV7.exe"41⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\124G2.exe"C:\Users\Admin\AppData\Local\Temp\124G2.exe"42⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\U48D9.exe"C:\Users\Admin\AppData\Local\Temp\U48D9.exe"43⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\18XW3.exe"C:\Users\Admin\AppData\Local\Temp\18XW3.exe"44⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4IQOM.exe"C:\Users\Admin\AppData\Local\Temp\4IQOM.exe"45⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\YB61Q.exe"C:\Users\Admin\AppData\Local\Temp\YB61Q.exe"46⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\56484.exe"C:\Users\Admin\AppData\Local\Temp\56484.exe"47⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\9EEJG.exe"C:\Users\Admin\AppData\Local\Temp\9EEJG.exe"48⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\BP931.exe"C:\Users\Admin\AppData\Local\Temp\BP931.exe"49⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\AW1S6.exe"C:\Users\Admin\AppData\Local\Temp\AW1S6.exe"50⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\I6ZLA.exe"C:\Users\Admin\AppData\Local\Temp\I6ZLA.exe"51⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\55KZ8.exe"C:\Users\Admin\AppData\Local\Temp\55KZ8.exe"52⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\OJ9LZ.exe"C:\Users\Admin\AppData\Local\Temp\OJ9LZ.exe"53⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\XO477.exe"C:\Users\Admin\AppData\Local\Temp\XO477.exe"54⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\8U43D.exe"C:\Users\Admin\AppData\Local\Temp\8U43D.exe"55⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\FS8PE.exe"C:\Users\Admin\AppData\Local\Temp\FS8PE.exe"56⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\GX2K8.exe"C:\Users\Admin\AppData\Local\Temp\GX2K8.exe"57⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\96HVN.exe"C:\Users\Admin\AppData\Local\Temp\96HVN.exe"58⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\48013.exe"C:\Users\Admin\AppData\Local\Temp\48013.exe"59⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4OAW5.exe"C:\Users\Admin\AppData\Local\Temp\4OAW5.exe"60⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\0O5IA.exe"C:\Users\Admin\AppData\Local\Temp\0O5IA.exe"61⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\X0CW0.exe"C:\Users\Admin\AppData\Local\Temp\X0CW0.exe"62⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\U4053.exe"C:\Users\Admin\AppData\Local\Temp\U4053.exe"63⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\909I5.exe"C:\Users\Admin\AppData\Local\Temp\909I5.exe"64⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\NOE37.exe"C:\Users\Admin\AppData\Local\Temp\NOE37.exe"65⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\HZ9P0.exe"C:\Users\Admin\AppData\Local\Temp\HZ9P0.exe"66⤵
-
C:\Users\Admin\AppData\Local\Temp\ZC50O.exe"C:\Users\Admin\AppData\Local\Temp\ZC50O.exe"67⤵
-
C:\Users\Admin\AppData\Local\Temp\1XD30.exe"C:\Users\Admin\AppData\Local\Temp\1XD30.exe"68⤵
-
C:\Users\Admin\AppData\Local\Temp\K570S.exe"C:\Users\Admin\AppData\Local\Temp\K570S.exe"69⤵
-
C:\Users\Admin\AppData\Local\Temp\O25FJ.exe"C:\Users\Admin\AppData\Local\Temp\O25FJ.exe"70⤵
-
C:\Users\Admin\AppData\Local\Temp\S9J58.exe"C:\Users\Admin\AppData\Local\Temp\S9J58.exe"71⤵
-
C:\Users\Admin\AppData\Local\Temp\KSLDF.exe"C:\Users\Admin\AppData\Local\Temp\KSLDF.exe"72⤵
-
C:\Users\Admin\AppData\Local\Temp\S9FN0.exe"C:\Users\Admin\AppData\Local\Temp\S9FN0.exe"73⤵
-
C:\Users\Admin\AppData\Local\Temp\LPG6I.exe"C:\Users\Admin\AppData\Local\Temp\LPG6I.exe"74⤵
-
C:\Users\Admin\AppData\Local\Temp\7E022.exe"C:\Users\Admin\AppData\Local\Temp\7E022.exe"75⤵
-
C:\Users\Admin\AppData\Local\Temp\15624.exe"C:\Users\Admin\AppData\Local\Temp\15624.exe"76⤵
-
C:\Users\Admin\AppData\Local\Temp\IHBQB.exe"C:\Users\Admin\AppData\Local\Temp\IHBQB.exe"77⤵
-
C:\Users\Admin\AppData\Local\Temp\2UKKI.exe"C:\Users\Admin\AppData\Local\Temp\2UKKI.exe"78⤵
-
C:\Users\Admin\AppData\Local\Temp\G25V7.exe"C:\Users\Admin\AppData\Local\Temp\G25V7.exe"79⤵
-
C:\Users\Admin\AppData\Local\Temp\730K2.exe"C:\Users\Admin\AppData\Local\Temp\730K2.exe"80⤵
-
C:\Users\Admin\AppData\Local\Temp\W2AC2.exe"C:\Users\Admin\AppData\Local\Temp\W2AC2.exe"81⤵
-
C:\Users\Admin\AppData\Local\Temp\H2506.exe"C:\Users\Admin\AppData\Local\Temp\H2506.exe"82⤵
-
C:\Users\Admin\AppData\Local\Temp\BS2LY.exe"C:\Users\Admin\AppData\Local\Temp\BS2LY.exe"83⤵
-
C:\Users\Admin\AppData\Local\Temp\5463A.exe"C:\Users\Admin\AppData\Local\Temp\5463A.exe"84⤵
-
C:\Users\Admin\AppData\Local\Temp\5GR05.exe"C:\Users\Admin\AppData\Local\Temp\5GR05.exe"85⤵
-
C:\Users\Admin\AppData\Local\Temp\FIV98.exe"C:\Users\Admin\AppData\Local\Temp\FIV98.exe"86⤵
-
C:\Users\Admin\AppData\Local\Temp\3BENM.exe"C:\Users\Admin\AppData\Local\Temp\3BENM.exe"87⤵
-
C:\Users\Admin\AppData\Local\Temp\993ZN.exe"C:\Users\Admin\AppData\Local\Temp\993ZN.exe"88⤵
-
C:\Users\Admin\AppData\Local\Temp\A2E04.exe"C:\Users\Admin\AppData\Local\Temp\A2E04.exe"89⤵
-
C:\Users\Admin\AppData\Local\Temp\JJDPT.exe"C:\Users\Admin\AppData\Local\Temp\JJDPT.exe"90⤵
-
C:\Users\Admin\AppData\Local\Temp\CSSG1.exe"C:\Users\Admin\AppData\Local\Temp\CSSG1.exe"91⤵
-
C:\Users\Admin\AppData\Local\Temp\8ZBIQ.exe"C:\Users\Admin\AppData\Local\Temp\8ZBIQ.exe"92⤵
-
C:\Users\Admin\AppData\Local\Temp\FCKT1.exe"C:\Users\Admin\AppData\Local\Temp\FCKT1.exe"93⤵
-
C:\Users\Admin\AppData\Local\Temp\2NG34.exe"C:\Users\Admin\AppData\Local\Temp\2NG34.exe"94⤵
-
C:\Users\Admin\AppData\Local\Temp\14702.exe"C:\Users\Admin\AppData\Local\Temp\14702.exe"95⤵
-
C:\Users\Admin\AppData\Local\Temp\21OBR.exe"C:\Users\Admin\AppData\Local\Temp\21OBR.exe"96⤵
-
C:\Users\Admin\AppData\Local\Temp\6FEU7.exe"C:\Users\Admin\AppData\Local\Temp\6FEU7.exe"97⤵
-
C:\Users\Admin\AppData\Local\Temp\05018.exe"C:\Users\Admin\AppData\Local\Temp\05018.exe"98⤵
-
C:\Users\Admin\AppData\Local\Temp\L5C7W.exe"C:\Users\Admin\AppData\Local\Temp\L5C7W.exe"99⤵
-
C:\Users\Admin\AppData\Local\Temp\32U6M.exe"C:\Users\Admin\AppData\Local\Temp\32U6M.exe"100⤵
-
C:\Users\Admin\AppData\Local\Temp\HT075.exe"C:\Users\Admin\AppData\Local\Temp\HT075.exe"101⤵
-
C:\Users\Admin\AppData\Local\Temp\G3Z4Z.exe"C:\Users\Admin\AppData\Local\Temp\G3Z4Z.exe"102⤵
-
C:\Users\Admin\AppData\Local\Temp\H2BGS.exe"C:\Users\Admin\AppData\Local\Temp\H2BGS.exe"103⤵
-
C:\Users\Admin\AppData\Local\Temp\9IYY2.exe"C:\Users\Admin\AppData\Local\Temp\9IYY2.exe"104⤵
-
C:\Users\Admin\AppData\Local\Temp\D913N.exe"C:\Users\Admin\AppData\Local\Temp\D913N.exe"105⤵
-
C:\Users\Admin\AppData\Local\Temp\YJE63.exe"C:\Users\Admin\AppData\Local\Temp\YJE63.exe"106⤵
-
C:\Users\Admin\AppData\Local\Temp\V072A.exe"C:\Users\Admin\AppData\Local\Temp\V072A.exe"107⤵
-
C:\Users\Admin\AppData\Local\Temp\4I199.exe"C:\Users\Admin\AppData\Local\Temp\4I199.exe"108⤵
-
C:\Users\Admin\AppData\Local\Temp\8H8HN.exe"C:\Users\Admin\AppData\Local\Temp\8H8HN.exe"109⤵
-
C:\Users\Admin\AppData\Local\Temp\Z856Z.exe"C:\Users\Admin\AppData\Local\Temp\Z856Z.exe"110⤵
-
C:\Users\Admin\AppData\Local\Temp\X5Q0B.exe"C:\Users\Admin\AppData\Local\Temp\X5Q0B.exe"111⤵
-
C:\Users\Admin\AppData\Local\Temp\7SIM0.exe"C:\Users\Admin\AppData\Local\Temp\7SIM0.exe"112⤵
-
C:\Users\Admin\AppData\Local\Temp\FATJ2.exe"C:\Users\Admin\AppData\Local\Temp\FATJ2.exe"113⤵
-
C:\Users\Admin\AppData\Local\Temp\0BP40.exe"C:\Users\Admin\AppData\Local\Temp\0BP40.exe"114⤵
-
C:\Users\Admin\AppData\Local\Temp\T6F2N.exe"C:\Users\Admin\AppData\Local\Temp\T6F2N.exe"115⤵
-
C:\Users\Admin\AppData\Local\Temp\17BPJ.exe"C:\Users\Admin\AppData\Local\Temp\17BPJ.exe"116⤵
-
C:\Users\Admin\AppData\Local\Temp\A8S95.exe"C:\Users\Admin\AppData\Local\Temp\A8S95.exe"117⤵
-
C:\Users\Admin\AppData\Local\Temp\5PD29.exe"C:\Users\Admin\AppData\Local\Temp\5PD29.exe"118⤵
-
C:\Users\Admin\AppData\Local\Temp\USME2.exe"C:\Users\Admin\AppData\Local\Temp\USME2.exe"119⤵
-
C:\Users\Admin\AppData\Local\Temp\92L2Q.exe"C:\Users\Admin\AppData\Local\Temp\92L2Q.exe"120⤵
-
C:\Users\Admin\AppData\Local\Temp\R1185.exe"C:\Users\Admin\AppData\Local\Temp\R1185.exe"121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-