Analysis
-
max time kernel
143s -
max time network
105s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
-
submitted
15/10/2024, 01:07
General
-
Target
4513c22a2d12f54c67f84df16a930bd6_JaffaCakes118.exe
-
Size
220KB
-
MD5
4513c22a2d12f54c67f84df16a930bd6
-
SHA1
bc410ee0b166f74331ecb13a4cc8ec0bad88cc36
-
SHA256
1552015b034519d05226cb204c5034965264571c8480c0d0ef6b5a472ecbf84c
-
SHA512
e6c200e2981b9b63b35e37c90fa864f157e296e7d16340953d68c36738cb9b6542d390c2a1b9125b8cb79ff79c2b34e0d4af47b7dd3d1dc28ede1e2921a3e5a0
-
SSDEEP
384:jYxWwue/4youZfWkXiWgEiSZexdiHsd2E0S8NrjpWKV:jYx+6dWailEl0iMk6ErkA
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\4513c22a2d12f54c67f84df16a930bd6_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\4513c22a2d12f54c67f84df16a930bd6_JaffaCakes118.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI7271.tmpC:\Users\Admin\AppData\Local\Temp\VI7271.tmp2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI72CE.tmpC:\Users\Admin\AppData\Local\Temp\VI72CE.tmp3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI730D.tmpC:\Users\Admin\AppData\Local\Temp\VI730D.tmp4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI735B.tmpC:\Users\Admin\AppData\Local\Temp\VI735B.tmp5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI739A.tmpC:\Users\Admin\AppData\Local\Temp\VI739A.tmp6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI73E8.tmpC:\Users\Admin\AppData\Local\Temp\VI73E8.tmp7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI7436.tmpC:\Users\Admin\AppData\Local\Temp\VI7436.tmp8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI7465.tmpC:\Users\Admin\AppData\Local\Temp\VI7465.tmp9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI74B3.tmpC:\Users\Admin\AppData\Local\Temp\VI74B3.tmp10⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI74F1.tmpC:\Users\Admin\AppData\Local\Temp\VI74F1.tmp11⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI7530.tmpC:\Users\Admin\AppData\Local\Temp\VI7530.tmp12⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI755F.tmpC:\Users\Admin\AppData\Local\Temp\VI755F.tmp13⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI759D.tmpC:\Users\Admin\AppData\Local\Temp\VI759D.tmp14⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI75EB.tmpC:\Users\Admin\AppData\Local\Temp\VI75EB.tmp15⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI762A.tmpC:\Users\Admin\AppData\Local\Temp\VI762A.tmp16⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI7668.tmpC:\Users\Admin\AppData\Local\Temp\VI7668.tmp17⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI76A7.tmpC:\Users\Admin\AppData\Local\Temp\VI76A7.tmp18⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI76D6.tmpC:\Users\Admin\AppData\Local\Temp\VI76D6.tmp19⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI7705.tmpC:\Users\Admin\AppData\Local\Temp\VI7705.tmp20⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI7733.tmpC:\Users\Admin\AppData\Local\Temp\VI7733.tmp21⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI7772.tmpC:\Users\Admin\AppData\Local\Temp\VI7772.tmp22⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\VI77B0.tmpC:\Users\Admin\AppData\Local\Temp\VI77B0.tmp23⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI77EF.tmpC:\Users\Admin\AppData\Local\Temp\VI77EF.tmp24⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI783D.tmpC:\Users\Admin\AppData\Local\Temp\VI783D.tmp25⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI78BA.tmpC:\Users\Admin\AppData\Local\Temp\VI78BA.tmp26⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI78F9.tmpC:\Users\Admin\AppData\Local\Temp\VI78F9.tmp27⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI7966.tmpC:\Users\Admin\AppData\Local\Temp\VI7966.tmp28⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI79A4.tmpC:\Users\Admin\AppData\Local\Temp\VI79A4.tmp29⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI79E3.tmpC:\Users\Admin\AppData\Local\Temp\VI79E3.tmp30⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI7A31.tmpC:\Users\Admin\AppData\Local\Temp\VI7A31.tmp31⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI7A70.tmpC:\Users\Admin\AppData\Local\Temp\VI7A70.tmp32⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI7ACD.tmpC:\Users\Admin\AppData\Local\Temp\VI7ACD.tmp33⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI7AED.tmpC:\Users\Admin\AppData\Local\Temp\VI7AED.tmp34⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI7B1B.tmpC:\Users\Admin\AppData\Local\Temp\VI7B1B.tmp35⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI7B5A.tmpC:\Users\Admin\AppData\Local\Temp\VI7B5A.tmp36⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI7B98.tmpC:\Users\Admin\AppData\Local\Temp\VI7B98.tmp37⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI7BC7.tmpC:\Users\Admin\AppData\Local\Temp\VI7BC7.tmp38⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI7BF6.tmpC:\Users\Admin\AppData\Local\Temp\VI7BF6.tmp39⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI7C35.tmpC:\Users\Admin\AppData\Local\Temp\VI7C35.tmp40⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI7C64.tmpC:\Users\Admin\AppData\Local\Temp\VI7C64.tmp41⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI7C92.tmpC:\Users\Admin\AppData\Local\Temp\VI7C92.tmp42⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI7CC1.tmpC:\Users\Admin\AppData\Local\Temp\VI7CC1.tmp43⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI7CF0.tmpC:\Users\Admin\AppData\Local\Temp\VI7CF0.tmp44⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI7D0F.tmpC:\Users\Admin\AppData\Local\Temp\VI7D0F.tmp45⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI7D2F.tmpC:\Users\Admin\AppData\Local\Temp\VI7D2F.tmp46⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI7D6D.tmpC:\Users\Admin\AppData\Local\Temp\VI7D6D.tmp47⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI7DBB.tmpC:\Users\Admin\AppData\Local\Temp\VI7DBB.tmp48⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI7DEA.tmpC:\Users\Admin\AppData\Local\Temp\VI7DEA.tmp49⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI7E19.tmpC:\Users\Admin\AppData\Local\Temp\VI7E19.tmp50⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI7E48.tmpC:\Users\Admin\AppData\Local\Temp\VI7E48.tmp51⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI7E77.tmpC:\Users\Admin\AppData\Local\Temp\VI7E77.tmp52⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI7E96.tmpC:\Users\Admin\AppData\Local\Temp\VI7E96.tmp53⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI7EC5.tmpC:\Users\Admin\AppData\Local\Temp\VI7EC5.tmp54⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI7EF4.tmpC:\Users\Admin\AppData\Local\Temp\VI7EF4.tmp55⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI7F23.tmpC:\Users\Admin\AppData\Local\Temp\VI7F23.tmp56⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI7F52.tmpC:\Users\Admin\AppData\Local\Temp\VI7F52.tmp57⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI7F80.tmpC:\Users\Admin\AppData\Local\Temp\VI7F80.tmp58⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI7FCF.tmpC:\Users\Admin\AppData\Local\Temp\VI7FCF.tmp59⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI7FFD.tmpC:\Users\Admin\AppData\Local\Temp\VI7FFD.tmp60⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI803C.tmpC:\Users\Admin\AppData\Local\Temp\VI803C.tmp61⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI808A.tmpC:\Users\Admin\AppData\Local\Temp\VI808A.tmp62⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI80C9.tmpC:\Users\Admin\AppData\Local\Temp\VI80C9.tmp63⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI80F7.tmpC:\Users\Admin\AppData\Local\Temp\VI80F7.tmp64⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\VI8126.tmpC:\Users\Admin\AppData\Local\Temp\VI8126.tmp65⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\VI8155.tmpC:\Users\Admin\AppData\Local\Temp\VI8155.tmp66⤵
-
C:\Users\Admin\AppData\Local\Temp\VI8194.tmpC:\Users\Admin\AppData\Local\Temp\VI8194.tmp67⤵
-
C:\Users\Admin\AppData\Local\Temp\VI81C3.tmpC:\Users\Admin\AppData\Local\Temp\VI81C3.tmp68⤵
-
C:\Users\Admin\AppData\Local\Temp\VI8201.tmpC:\Users\Admin\AppData\Local\Temp\VI8201.tmp69⤵
-
C:\Users\Admin\AppData\Local\Temp\VI8230.tmpC:\Users\Admin\AppData\Local\Temp\VI8230.tmp70⤵
-
C:\Users\Admin\AppData\Local\Temp\VI824F.tmpC:\Users\Admin\AppData\Local\Temp\VI824F.tmp71⤵
-
C:\Users\Admin\AppData\Local\Temp\VI828E.tmpC:\Users\Admin\AppData\Local\Temp\VI828E.tmp72⤵
-
C:\Users\Admin\AppData\Local\Temp\VI82AD.tmpC:\Users\Admin\AppData\Local\Temp\VI82AD.tmp73⤵
-
C:\Users\Admin\AppData\Local\Temp\VI82CC.tmpC:\Users\Admin\AppData\Local\Temp\VI82CC.tmp74⤵
-
C:\Users\Admin\AppData\Local\Temp\VI82FB.tmpC:\Users\Admin\AppData\Local\Temp\VI82FB.tmp75⤵
-
C:\Users\Admin\AppData\Local\Temp\VI832A.tmpC:\Users\Admin\AppData\Local\Temp\VI832A.tmp76⤵
-
C:\Users\Admin\AppData\Local\Temp\VI8359.tmpC:\Users\Admin\AppData\Local\Temp\VI8359.tmp77⤵
-
C:\Users\Admin\AppData\Local\Temp\VI8388.tmpC:\Users\Admin\AppData\Local\Temp\VI8388.tmp78⤵
-
C:\Users\Admin\AppData\Local\Temp\VI83A7.tmpC:\Users\Admin\AppData\Local\Temp\VI83A7.tmp79⤵
-
C:\Users\Admin\AppData\Local\Temp\VI83D6.tmpC:\Users\Admin\AppData\Local\Temp\VI83D6.tmp80⤵
-
C:\Users\Admin\AppData\Local\Temp\VI83F5.tmpC:\Users\Admin\AppData\Local\Temp\VI83F5.tmp81⤵
-
C:\Users\Admin\AppData\Local\Temp\VI8434.tmpC:\Users\Admin\AppData\Local\Temp\VI8434.tmp82⤵
-
C:\Users\Admin\AppData\Local\Temp\VI8482.tmpC:\Users\Admin\AppData\Local\Temp\VI8482.tmp83⤵
-
C:\Users\Admin\AppData\Local\Temp\VI84B1.tmpC:\Users\Admin\AppData\Local\Temp\VI84B1.tmp84⤵
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\VI853D.tmpC:\Users\Admin\AppData\Local\Temp\VI853D.tmp85⤵
-
C:\Users\Admin\AppData\Local\Temp\VI857C.tmpC:\Users\Admin\AppData\Local\Temp\VI857C.tmp86⤵
-
C:\Users\Admin\AppData\Local\Temp\VI85AB.tmpC:\Users\Admin\AppData\Local\Temp\VI85AB.tmp87⤵
-
C:\Users\Admin\AppData\Local\Temp\VI85E9.tmpC:\Users\Admin\AppData\Local\Temp\VI85E9.tmp88⤵
-
C:\Users\Admin\AppData\Local\Temp\VI8618.tmpC:\Users\Admin\AppData\Local\Temp\VI8618.tmp89⤵
-
C:\Users\Admin\AppData\Local\Temp\VI8647.tmpC:\Users\Admin\AppData\Local\Temp\VI8647.tmp90⤵
-
C:\Users\Admin\AppData\Local\Temp\VI8676.tmpC:\Users\Admin\AppData\Local\Temp\VI8676.tmp91⤵
-
C:\Users\Admin\AppData\Local\Temp\VI86B4.tmpC:\Users\Admin\AppData\Local\Temp\VI86B4.tmp92⤵
-
C:\Users\Admin\AppData\Local\Temp\VI86D3.tmpC:\Users\Admin\AppData\Local\Temp\VI86D3.tmp93⤵
-
C:\Users\Admin\AppData\Local\Temp\VI8712.tmpC:\Users\Admin\AppData\Local\Temp\VI8712.tmp94⤵
-
C:\Users\Admin\AppData\Local\Temp\VI8741.tmpC:\Users\Admin\AppData\Local\Temp\VI8741.tmp95⤵
-
C:\Users\Admin\AppData\Local\Temp\VI8770.tmpC:\Users\Admin\AppData\Local\Temp\VI8770.tmp96⤵
-
C:\Users\Admin\AppData\Local\Temp\VI879F.tmpC:\Users\Admin\AppData\Local\Temp\VI879F.tmp97⤵
-
C:\Users\Admin\AppData\Local\Temp\VI87CD.tmpC:\Users\Admin\AppData\Local\Temp\VI87CD.tmp98⤵
-
C:\Users\Admin\AppData\Local\Temp\VI87FC.tmpC:\Users\Admin\AppData\Local\Temp\VI87FC.tmp99⤵
-
C:\Users\Admin\AppData\Local\Temp\VI882B.tmpC:\Users\Admin\AppData\Local\Temp\VI882B.tmp100⤵
-
C:\Users\Admin\AppData\Local\Temp\VI885A.tmpC:\Users\Admin\AppData\Local\Temp\VI885A.tmp101⤵
-
C:\Users\Admin\AppData\Local\Temp\VI8889.tmpC:\Users\Admin\AppData\Local\Temp\VI8889.tmp102⤵
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\VI88B8.tmpC:\Users\Admin\AppData\Local\Temp\VI88B8.tmp103⤵
-
C:\Users\Admin\AppData\Local\Temp\VI88E7.tmpC:\Users\Admin\AppData\Local\Temp\VI88E7.tmp104⤵
-
C:\Users\Admin\AppData\Local\Temp\VI8925.tmpC:\Users\Admin\AppData\Local\Temp\VI8925.tmp105⤵
-
C:\Users\Admin\AppData\Local\Temp\VI8954.tmpC:\Users\Admin\AppData\Local\Temp\VI8954.tmp106⤵
-
C:\Users\Admin\AppData\Local\Temp\VI8983.tmpC:\Users\Admin\AppData\Local\Temp\VI8983.tmp107⤵
-
C:\Users\Admin\AppData\Local\Temp\VI89B2.tmpC:\Users\Admin\AppData\Local\Temp\VI89B2.tmp108⤵
-
C:\Users\Admin\AppData\Local\Temp\VI89E1.tmpC:\Users\Admin\AppData\Local\Temp\VI89E1.tmp109⤵
-
C:\Users\Admin\AppData\Local\Temp\VI8A10.tmpC:\Users\Admin\AppData\Local\Temp\VI8A10.tmp110⤵
-
C:\Users\Admin\AppData\Local\Temp\VI8A3E.tmpC:\Users\Admin\AppData\Local\Temp\VI8A3E.tmp111⤵
-
C:\Users\Admin\AppData\Local\Temp\VI8A6D.tmpC:\Users\Admin\AppData\Local\Temp\VI8A6D.tmp112⤵
-
C:\Users\Admin\AppData\Local\Temp\VI8A9C.tmpC:\Users\Admin\AppData\Local\Temp\VI8A9C.tmp113⤵
-
C:\Users\Admin\AppData\Local\Temp\VI8ADB.tmpC:\Users\Admin\AppData\Local\Temp\VI8ADB.tmp114⤵
-
C:\Users\Admin\AppData\Local\Temp\VI8B0A.tmpC:\Users\Admin\AppData\Local\Temp\VI8B0A.tmp115⤵
-
C:\Users\Admin\AppData\Local\Temp\VI8B48.tmpC:\Users\Admin\AppData\Local\Temp\VI8B48.tmp116⤵
-
C:\Users\Admin\AppData\Local\Temp\VI8B77.tmpC:\Users\Admin\AppData\Local\Temp\VI8B77.tmp117⤵
-
C:\Users\Admin\AppData\Local\Temp\VI8BA6.tmpC:\Users\Admin\AppData\Local\Temp\VI8BA6.tmp118⤵
- System Location Discovery: System Language Discovery
-
C:\Users\Admin\AppData\Local\Temp\VI8BD5.tmpC:\Users\Admin\AppData\Local\Temp\VI8BD5.tmp119⤵
-
C:\Users\Admin\AppData\Local\Temp\VI8C04.tmpC:\Users\Admin\AppData\Local\Temp\VI8C04.tmp120⤵
-
C:\Users\Admin\AppData\Local\Temp\VI8C42.tmpC:\Users\Admin\AppData\Local\Temp\VI8C42.tmp121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-