Analysis
-
max time kernel
142s -
max time network
123s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
10/07/2024, 20:37
General
-
Target
36493a4522ce937a0e3232d2d9765b4e_JaffaCakes118.exe
-
Size
59KB
-
MD5
36493a4522ce937a0e3232d2d9765b4e
-
SHA1
56d5cfc8c020a6dd39926f6c0806b96c8e0a262f
-
SHA256
2d07afed31f5d8febc3cbcdd406f101f5230bc0bbe6f60ff28b3a63b617e8a8e
-
SHA512
7930ca6144517fdd032bf09d1a321eb0bc798df8776404c6772f8062afa56929e84a558c73bdc3408b3d4bb478266b628efc161c0be7cd524dc75adcc70971e1
-
SSDEEP
384:jYxWwue/4youZfWkXiWgEiSZexdiHsd2E0S8NrjpWKV:jYx+6dWailEl0iMk6ErkA
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\36493a4522ce937a0e3232d2d9765b4e_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\36493a4522ce937a0e3232d2d9765b4e_JaffaCakes118.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI90B7.tmpC:\Users\Admin\AppData\Local\Temp\VI90B7.tmp2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI90E6.tmpC:\Users\Admin\AppData\Local\Temp\VI90E6.tmp3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI9114.tmpC:\Users\Admin\AppData\Local\Temp\VI9114.tmp4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI9134.tmpC:\Users\Admin\AppData\Local\Temp\VI9134.tmp5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI9172.tmpC:\Users\Admin\AppData\Local\Temp\VI9172.tmp6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI91A1.tmpC:\Users\Admin\AppData\Local\Temp\VI91A1.tmp7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI91D0.tmpC:\Users\Admin\AppData\Local\Temp\VI91D0.tmp8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI920E.tmpC:\Users\Admin\AppData\Local\Temp\VI920E.tmp9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI924D.tmpC:\Users\Admin\AppData\Local\Temp\VI924D.tmp10⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI928B.tmpC:\Users\Admin\AppData\Local\Temp\VI928B.tmp11⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI92BA.tmpC:\Users\Admin\AppData\Local\Temp\VI92BA.tmp12⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI9308.tmpC:\Users\Admin\AppData\Local\Temp\VI9308.tmp13⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI9347.tmpC:\Users\Admin\AppData\Local\Temp\VI9347.tmp14⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI9376.tmpC:\Users\Admin\AppData\Local\Temp\VI9376.tmp15⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI93A5.tmpC:\Users\Admin\AppData\Local\Temp\VI93A5.tmp16⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI93C4.tmpC:\Users\Admin\AppData\Local\Temp\VI93C4.tmp17⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI93F3.tmpC:\Users\Admin\AppData\Local\Temp\VI93F3.tmp18⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI9422.tmpC:\Users\Admin\AppData\Local\Temp\VI9422.tmp19⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI9451.tmpC:\Users\Admin\AppData\Local\Temp\VI9451.tmp20⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI947F.tmpC:\Users\Admin\AppData\Local\Temp\VI947F.tmp21⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI94AE.tmpC:\Users\Admin\AppData\Local\Temp\VI94AE.tmp22⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI94CE.tmpC:\Users\Admin\AppData\Local\Temp\VI94CE.tmp23⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI94FC.tmpC:\Users\Admin\AppData\Local\Temp\VI94FC.tmp24⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI952B.tmpC:\Users\Admin\AppData\Local\Temp\VI952B.tmp25⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI956A.tmpC:\Users\Admin\AppData\Local\Temp\VI956A.tmp26⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI9589.tmpC:\Users\Admin\AppData\Local\Temp\VI9589.tmp27⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI95B8.tmpC:\Users\Admin\AppData\Local\Temp\VI95B8.tmp28⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI95D7.tmpC:\Users\Admin\AppData\Local\Temp\VI95D7.tmp29⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI9606.tmpC:\Users\Admin\AppData\Local\Temp\VI9606.tmp30⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI9635.tmpC:\Users\Admin\AppData\Local\Temp\VI9635.tmp31⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI9654.tmpC:\Users\Admin\AppData\Local\Temp\VI9654.tmp32⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI9683.tmpC:\Users\Admin\AppData\Local\Temp\VI9683.tmp33⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI96B2.tmpC:\Users\Admin\AppData\Local\Temp\VI96B2.tmp34⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI96E1.tmpC:\Users\Admin\AppData\Local\Temp\VI96E1.tmp35⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI9700.tmpC:\Users\Admin\AppData\Local\Temp\VI9700.tmp36⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI972F.tmpC:\Users\Admin\AppData\Local\Temp\VI972F.tmp37⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI975E.tmpC:\Users\Admin\AppData\Local\Temp\VI975E.tmp38⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI978D.tmpC:\Users\Admin\AppData\Local\Temp\VI978D.tmp39⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI97BC.tmpC:\Users\Admin\AppData\Local\Temp\VI97BC.tmp40⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI97DB.tmpC:\Users\Admin\AppData\Local\Temp\VI97DB.tmp41⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI97FA.tmpC:\Users\Admin\AppData\Local\Temp\VI97FA.tmp42⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI9819.tmpC:\Users\Admin\AppData\Local\Temp\VI9819.tmp43⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI9848.tmpC:\Users\Admin\AppData\Local\Temp\VI9848.tmp44⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI9877.tmpC:\Users\Admin\AppData\Local\Temp\VI9877.tmp45⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI98A6.tmpC:\Users\Admin\AppData\Local\Temp\VI98A6.tmp46⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI98C5.tmpC:\Users\Admin\AppData\Local\Temp\VI98C5.tmp47⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI98E4.tmpC:\Users\Admin\AppData\Local\Temp\VI98E4.tmp48⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI9913.tmpC:\Users\Admin\AppData\Local\Temp\VI9913.tmp49⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI9933.tmpC:\Users\Admin\AppData\Local\Temp\VI9933.tmp50⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI9961.tmpC:\Users\Admin\AppData\Local\Temp\VI9961.tmp51⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI9981.tmpC:\Users\Admin\AppData\Local\Temp\VI9981.tmp52⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI99B0.tmpC:\Users\Admin\AppData\Local\Temp\VI99B0.tmp53⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI99CF.tmpC:\Users\Admin\AppData\Local\Temp\VI99CF.tmp54⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI9AD8.tmpC:\Users\Admin\AppData\Local\Temp\VI9AD8.tmp55⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI9B07.tmpC:\Users\Admin\AppData\Local\Temp\VI9B07.tmp56⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI9B27.tmpC:\Users\Admin\AppData\Local\Temp\VI9B27.tmp57⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI9B46.tmpC:\Users\Admin\AppData\Local\Temp\VI9B46.tmp58⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI9B94.tmpC:\Users\Admin\AppData\Local\Temp\VI9B94.tmp59⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI9BB3.tmpC:\Users\Admin\AppData\Local\Temp\VI9BB3.tmp60⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI9BE2.tmpC:\Users\Admin\AppData\Local\Temp\VI9BE2.tmp61⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI9C11.tmpC:\Users\Admin\AppData\Local\Temp\VI9C11.tmp62⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI9C40.tmpC:\Users\Admin\AppData\Local\Temp\VI9C40.tmp63⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI9C6F.tmpC:\Users\Admin\AppData\Local\Temp\VI9C6F.tmp64⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI9C9E.tmpC:\Users\Admin\AppData\Local\Temp\VI9C9E.tmp65⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\VI9CCC.tmpC:\Users\Admin\AppData\Local\Temp\VI9CCC.tmp66⤵
-
C:\Users\Admin\AppData\Local\Temp\VI9CFB.tmpC:\Users\Admin\AppData\Local\Temp\VI9CFB.tmp67⤵
-
C:\Users\Admin\AppData\Local\Temp\VI9D1B.tmpC:\Users\Admin\AppData\Local\Temp\VI9D1B.tmp68⤵
-
C:\Users\Admin\AppData\Local\Temp\VI9D59.tmpC:\Users\Admin\AppData\Local\Temp\VI9D59.tmp69⤵
-
C:\Users\Admin\AppData\Local\Temp\VI9D78.tmpC:\Users\Admin\AppData\Local\Temp\VI9D78.tmp70⤵
-
C:\Users\Admin\AppData\Local\Temp\VI9DA7.tmpC:\Users\Admin\AppData\Local\Temp\VI9DA7.tmp71⤵
-
C:\Users\Admin\AppData\Local\Temp\VI9DD6.tmpC:\Users\Admin\AppData\Local\Temp\VI9DD6.tmp72⤵
-
C:\Users\Admin\AppData\Local\Temp\VI9E05.tmpC:\Users\Admin\AppData\Local\Temp\VI9E05.tmp73⤵
-
C:\Users\Admin\AppData\Local\Temp\VI9E34.tmpC:\Users\Admin\AppData\Local\Temp\VI9E34.tmp74⤵
-
C:\Users\Admin\AppData\Local\Temp\VI9E53.tmpC:\Users\Admin\AppData\Local\Temp\VI9E53.tmp75⤵
-
C:\Users\Admin\AppData\Local\Temp\VI9E82.tmpC:\Users\Admin\AppData\Local\Temp\VI9E82.tmp76⤵
-
C:\Users\Admin\AppData\Local\Temp\VI9EC0.tmpC:\Users\Admin\AppData\Local\Temp\VI9EC0.tmp77⤵
-
C:\Users\Admin\AppData\Local\Temp\VI9EFF.tmpC:\Users\Admin\AppData\Local\Temp\VI9EFF.tmp78⤵
-
C:\Users\Admin\AppData\Local\Temp\VI9F3D.tmpC:\Users\Admin\AppData\Local\Temp\VI9F3D.tmp79⤵
-
C:\Users\Admin\AppData\Local\Temp\VI9F6C.tmpC:\Users\Admin\AppData\Local\Temp\VI9F6C.tmp80⤵
-
C:\Users\Admin\AppData\Local\Temp\VI9F9B.tmpC:\Users\Admin\AppData\Local\Temp\VI9F9B.tmp81⤵
-
C:\Users\Admin\AppData\Local\Temp\VI9FCA.tmpC:\Users\Admin\AppData\Local\Temp\VI9FCA.tmp82⤵
-
C:\Users\Admin\AppData\Local\Temp\VI9FF9.tmpC:\Users\Admin\AppData\Local\Temp\VI9FF9.tmp83⤵
-
C:\Users\Admin\AppData\Local\Temp\VIA028.tmpC:\Users\Admin\AppData\Local\Temp\VIA028.tmp84⤵
-
C:\Users\Admin\AppData\Local\Temp\VIA047.tmpC:\Users\Admin\AppData\Local\Temp\VIA047.tmp85⤵
-
C:\Users\Admin\AppData\Local\Temp\VIA076.tmpC:\Users\Admin\AppData\Local\Temp\VIA076.tmp86⤵
-
C:\Users\Admin\AppData\Local\Temp\VIA0A5.tmpC:\Users\Admin\AppData\Local\Temp\VIA0A5.tmp87⤵
-
C:\Users\Admin\AppData\Local\Temp\VIA0D4.tmpC:\Users\Admin\AppData\Local\Temp\VIA0D4.tmp88⤵
-
C:\Users\Admin\AppData\Local\Temp\VIA103.tmpC:\Users\Admin\AppData\Local\Temp\VIA103.tmp89⤵
-
C:\Users\Admin\AppData\Local\Temp\VIA122.tmpC:\Users\Admin\AppData\Local\Temp\VIA122.tmp90⤵
-
C:\Users\Admin\AppData\Local\Temp\VIA160.tmpC:\Users\Admin\AppData\Local\Temp\VIA160.tmp91⤵
-
C:\Users\Admin\AppData\Local\Temp\VIA18F.tmpC:\Users\Admin\AppData\Local\Temp\VIA18F.tmp92⤵
-
C:\Users\Admin\AppData\Local\Temp\VIA1BE.tmpC:\Users\Admin\AppData\Local\Temp\VIA1BE.tmp93⤵
-
C:\Users\Admin\AppData\Local\Temp\VIA1ED.tmpC:\Users\Admin\AppData\Local\Temp\VIA1ED.tmp94⤵
-
C:\Users\Admin\AppData\Local\Temp\VIA21C.tmpC:\Users\Admin\AppData\Local\Temp\VIA21C.tmp95⤵
-
C:\Users\Admin\AppData\Local\Temp\VIA24B.tmpC:\Users\Admin\AppData\Local\Temp\VIA24B.tmp96⤵
-
C:\Users\Admin\AppData\Local\Temp\VIA289.tmpC:\Users\Admin\AppData\Local\Temp\VIA289.tmp97⤵
-
C:\Users\Admin\AppData\Local\Temp\VIA2A8.tmpC:\Users\Admin\AppData\Local\Temp\VIA2A8.tmp98⤵
-
C:\Users\Admin\AppData\Local\Temp\VIA2D7.tmpC:\Users\Admin\AppData\Local\Temp\VIA2D7.tmp99⤵
-
C:\Users\Admin\AppData\Local\Temp\VIA316.tmpC:\Users\Admin\AppData\Local\Temp\VIA316.tmp100⤵
-
C:\Users\Admin\AppData\Local\Temp\VIA345.tmpC:\Users\Admin\AppData\Local\Temp\VIA345.tmp101⤵
-
C:\Users\Admin\AppData\Local\Temp\VIA364.tmpC:\Users\Admin\AppData\Local\Temp\VIA364.tmp102⤵
-
C:\Users\Admin\AppData\Local\Temp\VIA393.tmpC:\Users\Admin\AppData\Local\Temp\VIA393.tmp103⤵
-
C:\Users\Admin\AppData\Local\Temp\VIA3C2.tmpC:\Users\Admin\AppData\Local\Temp\VIA3C2.tmp104⤵
-
C:\Users\Admin\AppData\Local\Temp\VIA3F1.tmpC:\Users\Admin\AppData\Local\Temp\VIA3F1.tmp105⤵
-
C:\Users\Admin\AppData\Local\Temp\VIA41F.tmpC:\Users\Admin\AppData\Local\Temp\VIA41F.tmp106⤵
-
C:\Users\Admin\AppData\Local\Temp\VIA44E.tmpC:\Users\Admin\AppData\Local\Temp\VIA44E.tmp107⤵
-
C:\Users\Admin\AppData\Local\Temp\VIA47D.tmpC:\Users\Admin\AppData\Local\Temp\VIA47D.tmp108⤵
-
C:\Users\Admin\AppData\Local\Temp\VIA4AC.tmpC:\Users\Admin\AppData\Local\Temp\VIA4AC.tmp109⤵
-
C:\Users\Admin\AppData\Local\Temp\VIA4DB.tmpC:\Users\Admin\AppData\Local\Temp\VIA4DB.tmp110⤵
-
C:\Users\Admin\AppData\Local\Temp\VIA50A.tmpC:\Users\Admin\AppData\Local\Temp\VIA50A.tmp111⤵
-
C:\Users\Admin\AppData\Local\Temp\VIA539.tmpC:\Users\Admin\AppData\Local\Temp\VIA539.tmp112⤵
-
C:\Users\Admin\AppData\Local\Temp\VIA568.tmpC:\Users\Admin\AppData\Local\Temp\VIA568.tmp113⤵
-
C:\Users\Admin\AppData\Local\Temp\VIA596.tmpC:\Users\Admin\AppData\Local\Temp\VIA596.tmp114⤵
-
C:\Users\Admin\AppData\Local\Temp\VIA5C5.tmpC:\Users\Admin\AppData\Local\Temp\VIA5C5.tmp115⤵
-
C:\Users\Admin\AppData\Local\Temp\VIA604.tmpC:\Users\Admin\AppData\Local\Temp\VIA604.tmp116⤵
-
C:\Users\Admin\AppData\Local\Temp\VIA633.tmpC:\Users\Admin\AppData\Local\Temp\VIA633.tmp117⤵
-
C:\Users\Admin\AppData\Local\Temp\VIA652.tmpC:\Users\Admin\AppData\Local\Temp\VIA652.tmp118⤵
-
C:\Users\Admin\AppData\Local\Temp\VIA681.tmpC:\Users\Admin\AppData\Local\Temp\VIA681.tmp119⤵
-
C:\Users\Admin\AppData\Local\Temp\VIA6B0.tmpC:\Users\Admin\AppData\Local\Temp\VIA6B0.tmp120⤵
-
C:\Users\Admin\AppData\Local\Temp\VIA6DF.tmpC:\Users\Admin\AppData\Local\Temp\VIA6DF.tmp121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-