Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
98s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
19/09/2024, 16:59
General
-
Target
ebca9fa879db0393656dcab8b157f83b_JaffaCakes118.exe
-
Size
168KB
-
MD5
ebca9fa879db0393656dcab8b157f83b
-
SHA1
6ec35c95e835f5aabd52b4ff9c61cce2c55cb1b8
-
SHA256
323418a8f2b9a75fcafe1d3173a338c881f6c97db760cf33c8e223fcf67eaf07
-
SHA512
5be7f9fc0c79637f2f88a1c428567eab6c5f8c416a0c98a3eb07f969b5939de7aa1e28f7f99ab4d3a4f7f8f2f66fac5228d89595d235b414bc710abf96eda34b
-
SSDEEP
3072:n4LqsDP/vfP/vfP/I4oYII9IX7IrX5kMEdQvfbzizb7j7rOizodjoeyZGpmS2aWS:IrXa3QLib37rOizaGZsmS2bqg6L
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
-
VMProtect packed file 3 IoCs
Detects executables packed with VMProtect commercial packer.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ebca9fa879db0393656dcab8b157f83b_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\ebca9fa879db0393656dcab8b157f83b_JaffaCakes118.exe"1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE23⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE24⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE25⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE26⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE27⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE28⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE29⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE30⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE31⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE32⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE33⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE34⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE35⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE36⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE37⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE38⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE39⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE40⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE41⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE42⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE43⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE44⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE45⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE46⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE47⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE48⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE49⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE50⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE51⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE52⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE53⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE54⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE55⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE56⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE57⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE58⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE59⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE60⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE61⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE62⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE63⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE64⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE65⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE66⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE67⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE68⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE69⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE70⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE71⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE72⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE73⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE74⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE75⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE76⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE77⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE78⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE79⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE80⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE81⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE82⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE83⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE84⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE85⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE86⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE87⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE88⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE89⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE90⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE91⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE92⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE93⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE94⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE95⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE96⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE97⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE98⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE99⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE100⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE101⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE102⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE103⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE104⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE105⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE106⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE107⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE108⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE109⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE110⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE111⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE112⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE113⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE114⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE115⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE116⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE117⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE118⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE119⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE120⤵
-
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXEC:\Users\Admin\AppData\Local\Temp\IXP000.TMP\¸´¼þ1~1.EXE121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-