Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
-
submitted
18/01/2024, 23:11
General
-
Target
2024-01-18_a5f95038b51dc9adba9aeb47dac5d133_mafia.exe
-
Size
486KB
-
MD5
a5f95038b51dc9adba9aeb47dac5d133
-
SHA1
e5ee9a4c3cff5cf14838fd7efc3f5403432ad991
-
SHA256
a8ea778350cf763851756351301e355344816a329c25888cafc3d45e6b20a35a
-
SHA512
b57bd28c711cb9d879b61fa5657e8305d9c9a65d56f6be71d2895d257608f2dc7f792a87c382dce077c506ab66ae0126ade1ef9e0cb5e8dd8e94737f58abd07c
-
SSDEEP
6144:Sorf3lPvovsgZnqG2C7mOTeiLfD7KJBkuKCLnWDG/x24p5Qt/FIpAkUjuxnZN0E4:/U5rCOTeiDKvxrSgekg+ZN0E2NZ
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-01-18_a5f95038b51dc9adba9aeb47dac5d133_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-01-18_a5f95038b51dc9adba9aeb47dac5d133_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4631.tmp"C:\Users\Admin\AppData\Local\Temp\4631.tmp"2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\46AE.tmp"C:\Users\Admin\AppData\Local\Temp\46AE.tmp"3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\472B.tmp"C:\Users\Admin\AppData\Local\Temp\472B.tmp"4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4779.tmp"C:\Users\Admin\AppData\Local\Temp\4779.tmp"5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\47D6.tmp"C:\Users\Admin\AppData\Local\Temp\47D6.tmp"6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4844.tmp"C:\Users\Admin\AppData\Local\Temp\4844.tmp"7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4892.tmp"C:\Users\Admin\AppData\Local\Temp\4892.tmp"8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\48F0.tmp"C:\Users\Admin\AppData\Local\Temp\48F0.tmp"9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\493E.tmp"C:\Users\Admin\AppData\Local\Temp\493E.tmp"10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\498C.tmp"C:\Users\Admin\AppData\Local\Temp\498C.tmp"11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\49EA.tmp"C:\Users\Admin\AppData\Local\Temp\49EA.tmp"12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4A38.tmp"C:\Users\Admin\AppData\Local\Temp\4A38.tmp"13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4A86.tmp"C:\Users\Admin\AppData\Local\Temp\4A86.tmp"14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4AF3.tmp"C:\Users\Admin\AppData\Local\Temp\4AF3.tmp"15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4B41.tmp"C:\Users\Admin\AppData\Local\Temp\4B41.tmp"16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4B9F.tmp"C:\Users\Admin\AppData\Local\Temp\4B9F.tmp"17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4BED.tmp"C:\Users\Admin\AppData\Local\Temp\4BED.tmp"18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4C4B.tmp"C:\Users\Admin\AppData\Local\Temp\4C4B.tmp"19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4C99.tmp"C:\Users\Admin\AppData\Local\Temp\4C99.tmp"20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4D16.tmp"C:\Users\Admin\AppData\Local\Temp\4D16.tmp"21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\4D64.tmp"C:\Users\Admin\AppData\Local\Temp\4D64.tmp"22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\4DB2.tmp"C:\Users\Admin\AppData\Local\Temp\4DB2.tmp"1⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4E10.tmp"C:\Users\Admin\AppData\Local\Temp\4E10.tmp"2⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4E7E.tmp"C:\Users\Admin\AppData\Local\Temp\4E7E.tmp"3⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4EDB.tmp"C:\Users\Admin\AppData\Local\Temp\4EDB.tmp"4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\4F29.tmp"C:\Users\Admin\AppData\Local\Temp\4F29.tmp"5⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\51C9.tmp"C:\Users\Admin\AppData\Local\Temp\51C9.tmp"6⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5246.tmp"C:\Users\Admin\AppData\Local\Temp\5246.tmp"7⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5294.tmp"C:\Users\Admin\AppData\Local\Temp\5294.tmp"8⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\52F2.tmp"C:\Users\Admin\AppData\Local\Temp\52F2.tmp"9⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5350.tmp"C:\Users\Admin\AppData\Local\Temp\5350.tmp"10⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\53AE.tmp"C:\Users\Admin\AppData\Local\Temp\53AE.tmp"11⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\53FC.tmp"C:\Users\Admin\AppData\Local\Temp\53FC.tmp"12⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\544A.tmp"C:\Users\Admin\AppData\Local\Temp\544A.tmp"13⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\54F6.tmp"C:\Users\Admin\AppData\Local\Temp\54F6.tmp"14⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5544.tmp"C:\Users\Admin\AppData\Local\Temp\5544.tmp"15⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5592.tmp"C:\Users\Admin\AppData\Local\Temp\5592.tmp"16⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\55E0.tmp"C:\Users\Admin\AppData\Local\Temp\55E0.tmp"17⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\562E.tmp"C:\Users\Admin\AppData\Local\Temp\562E.tmp"18⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\568C.tmp"C:\Users\Admin\AppData\Local\Temp\568C.tmp"19⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\56DA.tmp"C:\Users\Admin\AppData\Local\Temp\56DA.tmp"20⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5738.tmp"C:\Users\Admin\AppData\Local\Temp\5738.tmp"21⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5786.tmp"C:\Users\Admin\AppData\Local\Temp\5786.tmp"22⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\57E4.tmp"C:\Users\Admin\AppData\Local\Temp\57E4.tmp"23⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5842.tmp"C:\Users\Admin\AppData\Local\Temp\5842.tmp"24⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\589F.tmp"C:\Users\Admin\AppData\Local\Temp\589F.tmp"25⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\58ED.tmp"C:\Users\Admin\AppData\Local\Temp\58ED.tmp"26⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\594B.tmp"C:\Users\Admin\AppData\Local\Temp\594B.tmp"27⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\59A9.tmp"C:\Users\Admin\AppData\Local\Temp\59A9.tmp"28⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5A07.tmp"C:\Users\Admin\AppData\Local\Temp\5A07.tmp"29⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5A64.tmp"C:\Users\Admin\AppData\Local\Temp\5A64.tmp"30⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5AB3.tmp"C:\Users\Admin\AppData\Local\Temp\5AB3.tmp"31⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5B10.tmp"C:\Users\Admin\AppData\Local\Temp\5B10.tmp"32⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5B5E.tmp"C:\Users\Admin\AppData\Local\Temp\5B5E.tmp"33⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5BBC.tmp"C:\Users\Admin\AppData\Local\Temp\5BBC.tmp"34⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5C1A.tmp"C:\Users\Admin\AppData\Local\Temp\5C1A.tmp"35⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5C68.tmp"C:\Users\Admin\AppData\Local\Temp\5C68.tmp"36⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5CB6.tmp"C:\Users\Admin\AppData\Local\Temp\5CB6.tmp"37⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5D04.tmp"C:\Users\Admin\AppData\Local\Temp\5D04.tmp"38⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5D62.tmp"C:\Users\Admin\AppData\Local\Temp\5D62.tmp"39⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5DB0.tmp"C:\Users\Admin\AppData\Local\Temp\5DB0.tmp"40⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5E0E.tmp"C:\Users\Admin\AppData\Local\Temp\5E0E.tmp"41⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5E6C.tmp"C:\Users\Admin\AppData\Local\Temp\5E6C.tmp"42⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5EBA.tmp"C:\Users\Admin\AppData\Local\Temp\5EBA.tmp"43⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\5F08.tmp"C:\Users\Admin\AppData\Local\Temp\5F08.tmp"44⤵
-
C:\Users\Admin\AppData\Local\Temp\5F66.tmp"C:\Users\Admin\AppData\Local\Temp\5F66.tmp"45⤵
-
C:\Users\Admin\AppData\Local\Temp\5FB4.tmp"C:\Users\Admin\AppData\Local\Temp\5FB4.tmp"46⤵
-
C:\Users\Admin\AppData\Local\Temp\6002.tmp"C:\Users\Admin\AppData\Local\Temp\6002.tmp"47⤵
-
C:\Users\Admin\AppData\Local\Temp\6060.tmp"C:\Users\Admin\AppData\Local\Temp\6060.tmp"48⤵
-
C:\Users\Admin\AppData\Local\Temp\60AE.tmp"C:\Users\Admin\AppData\Local\Temp\60AE.tmp"49⤵
-
C:\Users\Admin\AppData\Local\Temp\60FC.tmp"C:\Users\Admin\AppData\Local\Temp\60FC.tmp"50⤵
-
C:\Users\Admin\AppData\Local\Temp\614A.tmp"C:\Users\Admin\AppData\Local\Temp\614A.tmp"51⤵
-
C:\Users\Admin\AppData\Local\Temp\6198.tmp"C:\Users\Admin\AppData\Local\Temp\6198.tmp"52⤵
-
C:\Users\Admin\AppData\Local\Temp\61F6.tmp"C:\Users\Admin\AppData\Local\Temp\61F6.tmp"53⤵
-
C:\Users\Admin\AppData\Local\Temp\6244.tmp"C:\Users\Admin\AppData\Local\Temp\6244.tmp"54⤵
-
C:\Users\Admin\AppData\Local\Temp\6292.tmp"C:\Users\Admin\AppData\Local\Temp\6292.tmp"55⤵
-
C:\Users\Admin\AppData\Local\Temp\62E0.tmp"C:\Users\Admin\AppData\Local\Temp\62E0.tmp"56⤵
-
C:\Users\Admin\AppData\Local\Temp\632E.tmp"C:\Users\Admin\AppData\Local\Temp\632E.tmp"57⤵
-
C:\Users\Admin\AppData\Local\Temp\638C.tmp"C:\Users\Admin\AppData\Local\Temp\638C.tmp"58⤵
-
C:\Users\Admin\AppData\Local\Temp\63DA.tmp"C:\Users\Admin\AppData\Local\Temp\63DA.tmp"59⤵
-
C:\Users\Admin\AppData\Local\Temp\6428.tmp"C:\Users\Admin\AppData\Local\Temp\6428.tmp"60⤵
-
C:\Users\Admin\AppData\Local\Temp\6477.tmp"C:\Users\Admin\AppData\Local\Temp\6477.tmp"61⤵
-
C:\Users\Admin\AppData\Local\Temp\64C5.tmp"C:\Users\Admin\AppData\Local\Temp\64C5.tmp"62⤵
-
C:\Users\Admin\AppData\Local\Temp\6513.tmp"C:\Users\Admin\AppData\Local\Temp\6513.tmp"63⤵
-
C:\Users\Admin\AppData\Local\Temp\6561.tmp"C:\Users\Admin\AppData\Local\Temp\6561.tmp"64⤵
-
C:\Users\Admin\AppData\Local\Temp\65AF.tmp"C:\Users\Admin\AppData\Local\Temp\65AF.tmp"65⤵
-
C:\Users\Admin\AppData\Local\Temp\65FD.tmp"C:\Users\Admin\AppData\Local\Temp\65FD.tmp"66⤵
-
C:\Users\Admin\AppData\Local\Temp\664B.tmp"C:\Users\Admin\AppData\Local\Temp\664B.tmp"67⤵
-
C:\Users\Admin\AppData\Local\Temp\6699.tmp"C:\Users\Admin\AppData\Local\Temp\6699.tmp"68⤵
-
C:\Users\Admin\AppData\Local\Temp\66E8.tmp"C:\Users\Admin\AppData\Local\Temp\66E8.tmp"69⤵
-
C:\Users\Admin\AppData\Local\Temp\6736.tmp"C:\Users\Admin\AppData\Local\Temp\6736.tmp"70⤵
-
C:\Users\Admin\AppData\Local\Temp\6784.tmp"C:\Users\Admin\AppData\Local\Temp\6784.tmp"71⤵
-
C:\Users\Admin\AppData\Local\Temp\67D2.tmp"C:\Users\Admin\AppData\Local\Temp\67D2.tmp"72⤵
-
C:\Users\Admin\AppData\Local\Temp\6820.tmp"C:\Users\Admin\AppData\Local\Temp\6820.tmp"73⤵
-
C:\Users\Admin\AppData\Local\Temp\686E.tmp"C:\Users\Admin\AppData\Local\Temp\686E.tmp"74⤵
-
C:\Users\Admin\AppData\Local\Temp\68BC.tmp"C:\Users\Admin\AppData\Local\Temp\68BC.tmp"75⤵
-
C:\Users\Admin\AppData\Local\Temp\690A.tmp"C:\Users\Admin\AppData\Local\Temp\690A.tmp"76⤵
-
C:\Users\Admin\AppData\Local\Temp\6949.tmp"C:\Users\Admin\AppData\Local\Temp\6949.tmp"77⤵
-
C:\Users\Admin\AppData\Local\Temp\6997.tmp"C:\Users\Admin\AppData\Local\Temp\6997.tmp"78⤵
-
C:\Users\Admin\AppData\Local\Temp\69E5.tmp"C:\Users\Admin\AppData\Local\Temp\69E5.tmp"79⤵
-
C:\Users\Admin\AppData\Local\Temp\6A33.tmp"C:\Users\Admin\AppData\Local\Temp\6A33.tmp"80⤵
-
C:\Users\Admin\AppData\Local\Temp\6A91.tmp"C:\Users\Admin\AppData\Local\Temp\6A91.tmp"81⤵
-
C:\Users\Admin\AppData\Local\Temp\6ADF.tmp"C:\Users\Admin\AppData\Local\Temp\6ADF.tmp"82⤵
-
C:\Users\Admin\AppData\Local\Temp\6B3D.tmp"C:\Users\Admin\AppData\Local\Temp\6B3D.tmp"83⤵
-
C:\Users\Admin\AppData\Local\Temp\6B9B.tmp"C:\Users\Admin\AppData\Local\Temp\6B9B.tmp"84⤵
-
C:\Users\Admin\AppData\Local\Temp\6BF8.tmp"C:\Users\Admin\AppData\Local\Temp\6BF8.tmp"85⤵
-
C:\Users\Admin\AppData\Local\Temp\6C47.tmp"C:\Users\Admin\AppData\Local\Temp\6C47.tmp"86⤵
-
C:\Users\Admin\AppData\Local\Temp\6C95.tmp"C:\Users\Admin\AppData\Local\Temp\6C95.tmp"87⤵
-
C:\Users\Admin\AppData\Local\Temp\6CE3.tmp"C:\Users\Admin\AppData\Local\Temp\6CE3.tmp"88⤵
-
C:\Users\Admin\AppData\Local\Temp\6D50.tmp"C:\Users\Admin\AppData\Local\Temp\6D50.tmp"89⤵
-
C:\Users\Admin\AppData\Local\Temp\6D9E.tmp"C:\Users\Admin\AppData\Local\Temp\6D9E.tmp"90⤵
-
C:\Users\Admin\AppData\Local\Temp\6DFC.tmp"C:\Users\Admin\AppData\Local\Temp\6DFC.tmp"91⤵
-
C:\Users\Admin\AppData\Local\Temp\6E4A.tmp"C:\Users\Admin\AppData\Local\Temp\6E4A.tmp"92⤵
-
C:\Users\Admin\AppData\Local\Temp\6E98.tmp"C:\Users\Admin\AppData\Local\Temp\6E98.tmp"93⤵
-
C:\Users\Admin\AppData\Local\Temp\6EE6.tmp"C:\Users\Admin\AppData\Local\Temp\6EE6.tmp"94⤵
-
C:\Users\Admin\AppData\Local\Temp\6F44.tmp"C:\Users\Admin\AppData\Local\Temp\6F44.tmp"95⤵
-
C:\Users\Admin\AppData\Local\Temp\6F92.tmp"C:\Users\Admin\AppData\Local\Temp\6F92.tmp"96⤵
-
C:\Users\Admin\AppData\Local\Temp\6FF0.tmp"C:\Users\Admin\AppData\Local\Temp\6FF0.tmp"97⤵
-
C:\Users\Admin\AppData\Local\Temp\704E.tmp"C:\Users\Admin\AppData\Local\Temp\704E.tmp"98⤵
-
C:\Users\Admin\AppData\Local\Temp\709C.tmp"C:\Users\Admin\AppData\Local\Temp\709C.tmp"99⤵
-
C:\Users\Admin\AppData\Local\Temp\70EA.tmp"C:\Users\Admin\AppData\Local\Temp\70EA.tmp"100⤵
-
C:\Users\Admin\AppData\Local\Temp\7148.tmp"C:\Users\Admin\AppData\Local\Temp\7148.tmp"101⤵
-
C:\Users\Admin\AppData\Local\Temp\7196.tmp"C:\Users\Admin\AppData\Local\Temp\7196.tmp"102⤵
-
C:\Users\Admin\AppData\Local\Temp\71E4.tmp"C:\Users\Admin\AppData\Local\Temp\71E4.tmp"103⤵
-
C:\Users\Admin\AppData\Local\Temp\7232.tmp"C:\Users\Admin\AppData\Local\Temp\7232.tmp"104⤵
-
C:\Users\Admin\AppData\Local\Temp\7280.tmp"C:\Users\Admin\AppData\Local\Temp\7280.tmp"105⤵
-
C:\Users\Admin\AppData\Local\Temp\72DE.tmp"C:\Users\Admin\AppData\Local\Temp\72DE.tmp"106⤵
-
C:\Users\Admin\AppData\Local\Temp\732C.tmp"C:\Users\Admin\AppData\Local\Temp\732C.tmp"107⤵
-
C:\Users\Admin\AppData\Local\Temp\737A.tmp"C:\Users\Admin\AppData\Local\Temp\737A.tmp"108⤵
-
C:\Users\Admin\AppData\Local\Temp\73C8.tmp"C:\Users\Admin\AppData\Local\Temp\73C8.tmp"109⤵
-
C:\Users\Admin\AppData\Local\Temp\7426.tmp"C:\Users\Admin\AppData\Local\Temp\7426.tmp"110⤵
-
C:\Users\Admin\AppData\Local\Temp\7474.tmp"C:\Users\Admin\AppData\Local\Temp\7474.tmp"111⤵
-
C:\Users\Admin\AppData\Local\Temp\74D2.tmp"C:\Users\Admin\AppData\Local\Temp\74D2.tmp"112⤵
-
C:\Users\Admin\AppData\Local\Temp\7520.tmp"C:\Users\Admin\AppData\Local\Temp\7520.tmp"113⤵
-
C:\Users\Admin\AppData\Local\Temp\756E.tmp"C:\Users\Admin\AppData\Local\Temp\756E.tmp"114⤵
-
C:\Users\Admin\AppData\Local\Temp\75BC.tmp"C:\Users\Admin\AppData\Local\Temp\75BC.tmp"115⤵
-
C:\Users\Admin\AppData\Local\Temp\760B.tmp"C:\Users\Admin\AppData\Local\Temp\760B.tmp"116⤵
-
C:\Users\Admin\AppData\Local\Temp\7659.tmp"C:\Users\Admin\AppData\Local\Temp\7659.tmp"117⤵
-
C:\Users\Admin\AppData\Local\Temp\76A7.tmp"C:\Users\Admin\AppData\Local\Temp\76A7.tmp"118⤵
-
C:\Users\Admin\AppData\Local\Temp\7705.tmp"C:\Users\Admin\AppData\Local\Temp\7705.tmp"119⤵
-
C:\Users\Admin\AppData\Local\Temp\7753.tmp"C:\Users\Admin\AppData\Local\Temp\7753.tmp"120⤵
-
C:\Users\Admin\AppData\Local\Temp\77B0.tmp"C:\Users\Admin\AppData\Local\Temp\77B0.tmp"121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-