Analysis
-
max time kernel
150s -
max time network
53s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
12/06/2024, 15:32
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
2024-06-12_e350de10e878a287b29414d24e2075c0_mafia.exe
Resource
win7-20231129-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
2024-06-12_e350de10e878a287b29414d24e2075c0_mafia.exe
Resource
win10v2004-20240508-en
2 signatures
150 seconds
General
-
Target
2024-06-12_e350de10e878a287b29414d24e2075c0_mafia.exe
-
Size
520KB
-
MD5
e350de10e878a287b29414d24e2075c0
-
SHA1
e7d01191c383d0f8f8fdd633272aa0fceffb5d76
-
SHA256
da982ebb14536fe0ee0b115639c62cf2ad9a0121f581aceb864c978ffdfc5ebf
-
SHA512
ccdb19835a02776992ab1e387dfb42509e0afc000abe9249036a7264f0fc52376f584f319fd3c298937b64d68c40fafb05091a289ae6141628f1a6106ba08953
-
SSDEEP
12288:gj8fuxR21t5i8fZNr8Ky310OZ5TlfaVZNJ9nNZ:gj8fuK1GYZNrRK10+lYlDnN
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 64 IoCs
pid Process 2556 5A55.tmp 2184 5AC2.tmp 4136 5B30.tmp 396 5BCC.tmp 3664 5C39.tmp 2312 5CB6.tmp 3568 5D14.tmp 4880 5D62.tmp 4036 5DC0.tmp 4680 5E4C.tmp 920 5EAA.tmp 4712 5F08.tmp 2860 5F85.tmp 1548 5FF2.tmp 2764 6060.tmp 3120 60DD.tmp 516 614A.tmp 2580 61B7.tmp 4084 6206.tmp 4528 6283.tmp 4888 6300.tmp 3076 637D.tmp 2740 63DA.tmp 2856 6448.tmp 3172 64A5.tmp 1544 6522.tmp 3136 6590.tmp 4144 65DE.tmp 4688 662C.tmp 1392 667A.tmp 1784 66C8.tmp 3708 6745.tmp 3680 67B3.tmp 1596 6810.tmp 4432 686E.tmp 2336 68BC.tmp 1492 691A.tmp 2288 6968.tmp 2528 69B6.tmp 4580 6A04.tmp 3472 6A62.tmp 2280 6AC0.tmp 856 6B0E.tmp 3264 6B5C.tmp 4060 6BAA.tmp 3116 6BF8.tmp 3100 6C56.tmp 2268 6C95.tmp 3540 6CE3.tmp 2020 6D41.tmp 5084 6D8F.tmp 2004 6DEC.tmp 3420 6E3B.tmp 4628 6E89.tmp 2836 6ED7.tmp 4408 6F25.tmp 1496 6F83.tmp 2840 6FE0.tmp 3296 703E.tmp 3672 708C.tmp 3308 70DA.tmp 3668 7129.tmp 380 7177.tmp 1120 71C5.tmp -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3152 wrote to memory of 2556 3152 2024-06-12_e350de10e878a287b29414d24e2075c0_mafia.exe 82 PID 3152 wrote to memory of 2556 3152 2024-06-12_e350de10e878a287b29414d24e2075c0_mafia.exe 82 PID 3152 wrote to memory of 2556 3152 2024-06-12_e350de10e878a287b29414d24e2075c0_mafia.exe 82 PID 2556 wrote to memory of 2184 2556 5A55.tmp 84 PID 2556 wrote to memory of 2184 2556 5A55.tmp 84 PID 2556 wrote to memory of 2184 2556 5A55.tmp 84 PID 2184 wrote to memory of 4136 2184 5AC2.tmp 86 PID 2184 wrote to memory of 4136 2184 5AC2.tmp 86 PID 2184 wrote to memory of 4136 2184 5AC2.tmp 86 PID 4136 wrote to memory of 396 4136 5B30.tmp 87 PID 4136 wrote to memory of 396 4136 5B30.tmp 87 PID 4136 wrote to memory of 396 4136 5B30.tmp 87 PID 396 wrote to memory of 3664 396 5BCC.tmp 89 PID 396 wrote to memory of 3664 396 5BCC.tmp 89 PID 396 wrote to memory of 3664 396 5BCC.tmp 89 PID 3664 wrote to memory of 2312 3664 5C39.tmp 90 PID 3664 wrote to memory of 2312 3664 5C39.tmp 90 PID 3664 wrote to memory of 2312 3664 5C39.tmp 90 PID 2312 wrote to memory of 3568 2312 5CB6.tmp 91 PID 2312 wrote to memory of 3568 2312 5CB6.tmp 91 PID 2312 wrote to memory of 3568 2312 5CB6.tmp 91 PID 3568 wrote to memory of 4880 3568 5D14.tmp 92 PID 3568 wrote to memory of 4880 3568 5D14.tmp 92 PID 3568 wrote to memory of 4880 3568 5D14.tmp 92 PID 4880 wrote to memory of 4036 4880 5D62.tmp 93 PID 4880 wrote to memory of 4036 4880 5D62.tmp 93 PID 4880 wrote to memory of 4036 4880 5D62.tmp 93 PID 4036 wrote to memory of 4680 4036 5DC0.tmp 94 PID 4036 wrote to memory of 4680 4036 5DC0.tmp 94 PID 4036 wrote to memory of 4680 4036 5DC0.tmp 94 PID 4680 wrote to memory of 920 4680 5E4C.tmp 95 PID 4680 wrote to memory of 920 4680 5E4C.tmp 95 PID 4680 wrote to memory of 920 4680 5E4C.tmp 95 PID 920 wrote to memory of 4712 920 5EAA.tmp 96 PID 920 wrote to memory of 4712 920 5EAA.tmp 96 PID 920 wrote to memory of 4712 920 5EAA.tmp 96 PID 4712 wrote to memory of 2860 4712 5F08.tmp 97 PID 4712 wrote to memory of 2860 4712 5F08.tmp 97 PID 4712 wrote to memory of 2860 4712 5F08.tmp 97 PID 2860 wrote to memory of 1548 2860 5F85.tmp 98 PID 2860 wrote to memory of 1548 2860 5F85.tmp 98 PID 2860 wrote to memory of 1548 2860 5F85.tmp 98 PID 1548 wrote to memory of 2764 1548 5FF2.tmp 99 PID 1548 wrote to memory of 2764 1548 5FF2.tmp 99 PID 1548 wrote to memory of 2764 1548 5FF2.tmp 99 PID 2764 wrote to memory of 3120 2764 6060.tmp 100 PID 2764 wrote to memory of 3120 2764 6060.tmp 100 PID 2764 wrote to memory of 3120 2764 6060.tmp 100 PID 3120 wrote to memory of 516 3120 60DD.tmp 101 PID 3120 wrote to memory of 516 3120 60DD.tmp 101 PID 3120 wrote to memory of 516 3120 60DD.tmp 101 PID 516 wrote to memory of 2580 516 614A.tmp 102 PID 516 wrote to memory of 2580 516 614A.tmp 102 PID 516 wrote to memory of 2580 516 614A.tmp 102 PID 2580 wrote to memory of 4084 2580 61B7.tmp 103 PID 2580 wrote to memory of 4084 2580 61B7.tmp 103 PID 2580 wrote to memory of 4084 2580 61B7.tmp 103 PID 4084 wrote to memory of 4528 4084 6206.tmp 104 PID 4084 wrote to memory of 4528 4084 6206.tmp 104 PID 4084 wrote to memory of 4528 4084 6206.tmp 104 PID 4528 wrote to memory of 4888 4528 6283.tmp 105 PID 4528 wrote to memory of 4888 4528 6283.tmp 105 PID 4528 wrote to memory of 4888 4528 6283.tmp 105 PID 4888 wrote to memory of 3076 4888 6300.tmp 106
Processes
-
C:\Users\Admin\AppData\Local\Temp\2024-06-12_e350de10e878a287b29414d24e2075c0_mafia.exe"C:\Users\Admin\AppData\Local\Temp\2024-06-12_e350de10e878a287b29414d24e2075c0_mafia.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3152 -
C:\Users\Admin\AppData\Local\Temp\5A55.tmp"C:\Users\Admin\AppData\Local\Temp\5A55.tmp"2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2556 -
C:\Users\Admin\AppData\Local\Temp\5AC2.tmp"C:\Users\Admin\AppData\Local\Temp\5AC2.tmp"3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2184 -
C:\Users\Admin\AppData\Local\Temp\5B30.tmp"C:\Users\Admin\AppData\Local\Temp\5B30.tmp"4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4136 -
C:\Users\Admin\AppData\Local\Temp\5BCC.tmp"C:\Users\Admin\AppData\Local\Temp\5BCC.tmp"5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:396 -
C:\Users\Admin\AppData\Local\Temp\5C39.tmp"C:\Users\Admin\AppData\Local\Temp\5C39.tmp"6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3664 -
C:\Users\Admin\AppData\Local\Temp\5CB6.tmp"C:\Users\Admin\AppData\Local\Temp\5CB6.tmp"7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2312 -
C:\Users\Admin\AppData\Local\Temp\5D14.tmp"C:\Users\Admin\AppData\Local\Temp\5D14.tmp"8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3568 -
C:\Users\Admin\AppData\Local\Temp\5D62.tmp"C:\Users\Admin\AppData\Local\Temp\5D62.tmp"9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4880 -
C:\Users\Admin\AppData\Local\Temp\5DC0.tmp"C:\Users\Admin\AppData\Local\Temp\5DC0.tmp"10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4036 -
C:\Users\Admin\AppData\Local\Temp\5E4C.tmp"C:\Users\Admin\AppData\Local\Temp\5E4C.tmp"11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4680 -
C:\Users\Admin\AppData\Local\Temp\5EAA.tmp"C:\Users\Admin\AppData\Local\Temp\5EAA.tmp"12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:920 -
C:\Users\Admin\AppData\Local\Temp\5F08.tmp"C:\Users\Admin\AppData\Local\Temp\5F08.tmp"13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4712 -
C:\Users\Admin\AppData\Local\Temp\5F85.tmp"C:\Users\Admin\AppData\Local\Temp\5F85.tmp"14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2860 -
C:\Users\Admin\AppData\Local\Temp\5FF2.tmp"C:\Users\Admin\AppData\Local\Temp\5FF2.tmp"15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1548 -
C:\Users\Admin\AppData\Local\Temp\6060.tmp"C:\Users\Admin\AppData\Local\Temp\6060.tmp"16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2764 -
C:\Users\Admin\AppData\Local\Temp\60DD.tmp"C:\Users\Admin\AppData\Local\Temp\60DD.tmp"17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3120 -
C:\Users\Admin\AppData\Local\Temp\614A.tmp"C:\Users\Admin\AppData\Local\Temp\614A.tmp"18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:516 -
C:\Users\Admin\AppData\Local\Temp\61B7.tmp"C:\Users\Admin\AppData\Local\Temp\61B7.tmp"19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2580 -
C:\Users\Admin\AppData\Local\Temp\6206.tmp"C:\Users\Admin\AppData\Local\Temp\6206.tmp"20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4084 -
C:\Users\Admin\AppData\Local\Temp\6283.tmp"C:\Users\Admin\AppData\Local\Temp\6283.tmp"21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4528 -
C:\Users\Admin\AppData\Local\Temp\6300.tmp"C:\Users\Admin\AppData\Local\Temp\6300.tmp"22⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4888 -
C:\Users\Admin\AppData\Local\Temp\637D.tmp"C:\Users\Admin\AppData\Local\Temp\637D.tmp"23⤵
- Executes dropped EXE
PID:3076 -
C:\Users\Admin\AppData\Local\Temp\63DA.tmp"C:\Users\Admin\AppData\Local\Temp\63DA.tmp"24⤵
- Executes dropped EXE
PID:2740 -
C:\Users\Admin\AppData\Local\Temp\6448.tmp"C:\Users\Admin\AppData\Local\Temp\6448.tmp"25⤵
- Executes dropped EXE
PID:2856 -
C:\Users\Admin\AppData\Local\Temp\64A5.tmp"C:\Users\Admin\AppData\Local\Temp\64A5.tmp"26⤵
- Executes dropped EXE
PID:3172 -
C:\Users\Admin\AppData\Local\Temp\6522.tmp"C:\Users\Admin\AppData\Local\Temp\6522.tmp"27⤵
- Executes dropped EXE
PID:1544 -
C:\Users\Admin\AppData\Local\Temp\6590.tmp"C:\Users\Admin\AppData\Local\Temp\6590.tmp"28⤵
- Executes dropped EXE
PID:3136 -
C:\Users\Admin\AppData\Local\Temp\65DE.tmp"C:\Users\Admin\AppData\Local\Temp\65DE.tmp"29⤵
- Executes dropped EXE
PID:4144 -
C:\Users\Admin\AppData\Local\Temp\662C.tmp"C:\Users\Admin\AppData\Local\Temp\662C.tmp"30⤵
- Executes dropped EXE
PID:4688 -
C:\Users\Admin\AppData\Local\Temp\667A.tmp"C:\Users\Admin\AppData\Local\Temp\667A.tmp"31⤵
- Executes dropped EXE
PID:1392 -
C:\Users\Admin\AppData\Local\Temp\66C8.tmp"C:\Users\Admin\AppData\Local\Temp\66C8.tmp"32⤵
- Executes dropped EXE
PID:1784 -
C:\Users\Admin\AppData\Local\Temp\6745.tmp"C:\Users\Admin\AppData\Local\Temp\6745.tmp"33⤵
- Executes dropped EXE
PID:3708 -
C:\Users\Admin\AppData\Local\Temp\67B3.tmp"C:\Users\Admin\AppData\Local\Temp\67B3.tmp"34⤵
- Executes dropped EXE
PID:3680 -
C:\Users\Admin\AppData\Local\Temp\6810.tmp"C:\Users\Admin\AppData\Local\Temp\6810.tmp"35⤵
- Executes dropped EXE
PID:1596 -
C:\Users\Admin\AppData\Local\Temp\686E.tmp"C:\Users\Admin\AppData\Local\Temp\686E.tmp"36⤵
- Executes dropped EXE
PID:4432 -
C:\Users\Admin\AppData\Local\Temp\68BC.tmp"C:\Users\Admin\AppData\Local\Temp\68BC.tmp"37⤵
- Executes dropped EXE
PID:2336 -
C:\Users\Admin\AppData\Local\Temp\691A.tmp"C:\Users\Admin\AppData\Local\Temp\691A.tmp"38⤵
- Executes dropped EXE
PID:1492 -
C:\Users\Admin\AppData\Local\Temp\6968.tmp"C:\Users\Admin\AppData\Local\Temp\6968.tmp"39⤵
- Executes dropped EXE
PID:2288 -
C:\Users\Admin\AppData\Local\Temp\69B6.tmp"C:\Users\Admin\AppData\Local\Temp\69B6.tmp"40⤵
- Executes dropped EXE
PID:2528 -
C:\Users\Admin\AppData\Local\Temp\6A04.tmp"C:\Users\Admin\AppData\Local\Temp\6A04.tmp"41⤵
- Executes dropped EXE
PID:4580 -
C:\Users\Admin\AppData\Local\Temp\6A62.tmp"C:\Users\Admin\AppData\Local\Temp\6A62.tmp"42⤵
- Executes dropped EXE
PID:3472 -
C:\Users\Admin\AppData\Local\Temp\6AC0.tmp"C:\Users\Admin\AppData\Local\Temp\6AC0.tmp"43⤵
- Executes dropped EXE
PID:2280 -
C:\Users\Admin\AppData\Local\Temp\6B0E.tmp"C:\Users\Admin\AppData\Local\Temp\6B0E.tmp"44⤵
- Executes dropped EXE
PID:856 -
C:\Users\Admin\AppData\Local\Temp\6B5C.tmp"C:\Users\Admin\AppData\Local\Temp\6B5C.tmp"45⤵
- Executes dropped EXE
PID:3264 -
C:\Users\Admin\AppData\Local\Temp\6BAA.tmp"C:\Users\Admin\AppData\Local\Temp\6BAA.tmp"46⤵
- Executes dropped EXE
PID:4060 -
C:\Users\Admin\AppData\Local\Temp\6BF8.tmp"C:\Users\Admin\AppData\Local\Temp\6BF8.tmp"47⤵
- Executes dropped EXE
PID:3116 -
C:\Users\Admin\AppData\Local\Temp\6C56.tmp"C:\Users\Admin\AppData\Local\Temp\6C56.tmp"48⤵
- Executes dropped EXE
PID:3100 -
C:\Users\Admin\AppData\Local\Temp\6C95.tmp"C:\Users\Admin\AppData\Local\Temp\6C95.tmp"49⤵
- Executes dropped EXE
PID:2268 -
C:\Users\Admin\AppData\Local\Temp\6CE3.tmp"C:\Users\Admin\AppData\Local\Temp\6CE3.tmp"50⤵
- Executes dropped EXE
PID:3540 -
C:\Users\Admin\AppData\Local\Temp\6D41.tmp"C:\Users\Admin\AppData\Local\Temp\6D41.tmp"51⤵
- Executes dropped EXE
PID:2020 -
C:\Users\Admin\AppData\Local\Temp\6D8F.tmp"C:\Users\Admin\AppData\Local\Temp\6D8F.tmp"52⤵
- Executes dropped EXE
PID:5084 -
C:\Users\Admin\AppData\Local\Temp\6DEC.tmp"C:\Users\Admin\AppData\Local\Temp\6DEC.tmp"53⤵
- Executes dropped EXE
PID:2004 -
C:\Users\Admin\AppData\Local\Temp\6E3B.tmp"C:\Users\Admin\AppData\Local\Temp\6E3B.tmp"54⤵
- Executes dropped EXE
PID:3420 -
C:\Users\Admin\AppData\Local\Temp\6E89.tmp"C:\Users\Admin\AppData\Local\Temp\6E89.tmp"55⤵
- Executes dropped EXE
PID:4628 -
C:\Users\Admin\AppData\Local\Temp\6ED7.tmp"C:\Users\Admin\AppData\Local\Temp\6ED7.tmp"56⤵
- Executes dropped EXE
PID:2836 -
C:\Users\Admin\AppData\Local\Temp\6F25.tmp"C:\Users\Admin\AppData\Local\Temp\6F25.tmp"57⤵
- Executes dropped EXE
PID:4408 -
C:\Users\Admin\AppData\Local\Temp\6F83.tmp"C:\Users\Admin\AppData\Local\Temp\6F83.tmp"58⤵
- Executes dropped EXE
PID:1496 -
C:\Users\Admin\AppData\Local\Temp\6FE0.tmp"C:\Users\Admin\AppData\Local\Temp\6FE0.tmp"59⤵
- Executes dropped EXE
PID:2840 -
C:\Users\Admin\AppData\Local\Temp\703E.tmp"C:\Users\Admin\AppData\Local\Temp\703E.tmp"60⤵
- Executes dropped EXE
PID:3296 -
C:\Users\Admin\AppData\Local\Temp\708C.tmp"C:\Users\Admin\AppData\Local\Temp\708C.tmp"61⤵
- Executes dropped EXE
PID:3672 -
C:\Users\Admin\AppData\Local\Temp\70DA.tmp"C:\Users\Admin\AppData\Local\Temp\70DA.tmp"62⤵
- Executes dropped EXE
PID:3308 -
C:\Users\Admin\AppData\Local\Temp\7129.tmp"C:\Users\Admin\AppData\Local\Temp\7129.tmp"63⤵
- Executes dropped EXE
PID:3668 -
C:\Users\Admin\AppData\Local\Temp\7177.tmp"C:\Users\Admin\AppData\Local\Temp\7177.tmp"64⤵
- Executes dropped EXE
PID:380 -
C:\Users\Admin\AppData\Local\Temp\71C5.tmp"C:\Users\Admin\AppData\Local\Temp\71C5.tmp"65⤵
- Executes dropped EXE
PID:1120 -
C:\Users\Admin\AppData\Local\Temp\7223.tmp"C:\Users\Admin\AppData\Local\Temp\7223.tmp"66⤵PID:512
-
C:\Users\Admin\AppData\Local\Temp\7271.tmp"C:\Users\Admin\AppData\Local\Temp\7271.tmp"67⤵PID:3684
-
C:\Users\Admin\AppData\Local\Temp\72BF.tmp"C:\Users\Admin\AppData\Local\Temp\72BF.tmp"68⤵PID:1084
-
C:\Users\Admin\AppData\Local\Temp\730D.tmp"C:\Users\Admin\AppData\Local\Temp\730D.tmp"69⤵PID:948
-
C:\Users\Admin\AppData\Local\Temp\736B.tmp"C:\Users\Admin\AppData\Local\Temp\736B.tmp"70⤵PID:1092
-
C:\Users\Admin\AppData\Local\Temp\73B9.tmp"C:\Users\Admin\AppData\Local\Temp\73B9.tmp"71⤵PID:5068
-
C:\Users\Admin\AppData\Local\Temp\73F7.tmp"C:\Users\Admin\AppData\Local\Temp\73F7.tmp"72⤵PID:2372
-
C:\Users\Admin\AppData\Local\Temp\7445.tmp"C:\Users\Admin\AppData\Local\Temp\7445.tmp"73⤵PID:3024
-
C:\Users\Admin\AppData\Local\Temp\74A3.tmp"C:\Users\Admin\AppData\Local\Temp\74A3.tmp"74⤵PID:4880
-
C:\Users\Admin\AppData\Local\Temp\7501.tmp"C:\Users\Admin\AppData\Local\Temp\7501.tmp"75⤵PID:4820
-
C:\Users\Admin\AppData\Local\Temp\755F.tmp"C:\Users\Admin\AppData\Local\Temp\755F.tmp"76⤵PID:1472
-
C:\Users\Admin\AppData\Local\Temp\75AD.tmp"C:\Users\Admin\AppData\Local\Temp\75AD.tmp"77⤵PID:4680
-
C:\Users\Admin\AppData\Local\Temp\760B.tmp"C:\Users\Admin\AppData\Local\Temp\760B.tmp"78⤵PID:3620
-
C:\Users\Admin\AppData\Local\Temp\7659.tmp"C:\Users\Admin\AppData\Local\Temp\7659.tmp"79⤵PID:1248
-
C:\Users\Admin\AppData\Local\Temp\76A7.tmp"C:\Users\Admin\AppData\Local\Temp\76A7.tmp"80⤵PID:2576
-
C:\Users\Admin\AppData\Local\Temp\7705.tmp"C:\Users\Admin\AppData\Local\Temp\7705.tmp"81⤵PID:2084
-
C:\Users\Admin\AppData\Local\Temp\7753.tmp"C:\Users\Admin\AppData\Local\Temp\7753.tmp"82⤵PID:3048
-
C:\Users\Admin\AppData\Local\Temp\77A1.tmp"C:\Users\Admin\AppData\Local\Temp\77A1.tmp"83⤵PID:1332
-
C:\Users\Admin\AppData\Local\Temp\77FF.tmp"C:\Users\Admin\AppData\Local\Temp\77FF.tmp"84⤵PID:1848
-
C:\Users\Admin\AppData\Local\Temp\784D.tmp"C:\Users\Admin\AppData\Local\Temp\784D.tmp"85⤵PID:2400
-
C:\Users\Admin\AppData\Local\Temp\789B.tmp"C:\Users\Admin\AppData\Local\Temp\789B.tmp"86⤵PID:516
-
C:\Users\Admin\AppData\Local\Temp\78E9.tmp"C:\Users\Admin\AppData\Local\Temp\78E9.tmp"87⤵PID:3972
-
C:\Users\Admin\AppData\Local\Temp\7937.tmp"C:\Users\Admin\AppData\Local\Temp\7937.tmp"88⤵PID:4460
-
C:\Users\Admin\AppData\Local\Temp\7985.tmp"C:\Users\Admin\AppData\Local\Temp\7985.tmp"89⤵PID:4084
-
C:\Users\Admin\AppData\Local\Temp\79D3.tmp"C:\Users\Admin\AppData\Local\Temp\79D3.tmp"90⤵PID:1952
-
C:\Users\Admin\AppData\Local\Temp\7A21.tmp"C:\Users\Admin\AppData\Local\Temp\7A21.tmp"91⤵PID:5052
-
C:\Users\Admin\AppData\Local\Temp\7A70.tmp"C:\Users\Admin\AppData\Local\Temp\7A70.tmp"92⤵PID:1080
-
C:\Users\Admin\AppData\Local\Temp\7ACD.tmp"C:\Users\Admin\AppData\Local\Temp\7ACD.tmp"93⤵PID:2360
-
C:\Users\Admin\AppData\Local\Temp\7B2B.tmp"C:\Users\Admin\AppData\Local\Temp\7B2B.tmp"94⤵PID:1880
-
C:\Users\Admin\AppData\Local\Temp\7B89.tmp"C:\Users\Admin\AppData\Local\Temp\7B89.tmp"95⤵PID:924
-
C:\Users\Admin\AppData\Local\Temp\7BE7.tmp"C:\Users\Admin\AppData\Local\Temp\7BE7.tmp"96⤵PID:3172
-
C:\Users\Admin\AppData\Local\Temp\7C44.tmp"C:\Users\Admin\AppData\Local\Temp\7C44.tmp"97⤵PID:3332
-
C:\Users\Admin\AppData\Local\Temp\7CA2.tmp"C:\Users\Admin\AppData\Local\Temp\7CA2.tmp"98⤵PID:3860
-
C:\Users\Admin\AppData\Local\Temp\7CF0.tmp"C:\Users\Admin\AppData\Local\Temp\7CF0.tmp"99⤵PID:1444
-
C:\Users\Admin\AppData\Local\Temp\7D4E.tmp"C:\Users\Admin\AppData\Local\Temp\7D4E.tmp"100⤵PID:1580
-
C:\Users\Admin\AppData\Local\Temp\7D9C.tmp"C:\Users\Admin\AppData\Local\Temp\7D9C.tmp"101⤵PID:216
-
C:\Users\Admin\AppData\Local\Temp\7DFA.tmp"C:\Users\Admin\AppData\Local\Temp\7DFA.tmp"102⤵PID:736
-
C:\Users\Admin\AppData\Local\Temp\7E48.tmp"C:\Users\Admin\AppData\Local\Temp\7E48.tmp"103⤵PID:3428
-
C:\Users\Admin\AppData\Local\Temp\7EA6.tmp"C:\Users\Admin\AppData\Local\Temp\7EA6.tmp"104⤵PID:4924
-
C:\Users\Admin\AppData\Local\Temp\7EF4.tmp"C:\Users\Admin\AppData\Local\Temp\7EF4.tmp"105⤵PID:1584
-
C:\Users\Admin\AppData\Local\Temp\7F52.tmp"C:\Users\Admin\AppData\Local\Temp\7F52.tmp"106⤵PID:1068
-
C:\Users\Admin\AppData\Local\Temp\7FAF.tmp"C:\Users\Admin\AppData\Local\Temp\7FAF.tmp"107⤵PID:1596
-
C:\Users\Admin\AppData\Local\Temp\800D.tmp"C:\Users\Admin\AppData\Local\Temp\800D.tmp"108⤵PID:4432
-
C:\Users\Admin\AppData\Local\Temp\805B.tmp"C:\Users\Admin\AppData\Local\Temp\805B.tmp"109⤵PID:2336
-
C:\Users\Admin\AppData\Local\Temp\80A9.tmp"C:\Users\Admin\AppData\Local\Temp\80A9.tmp"110⤵PID:1492
-
C:\Users\Admin\AppData\Local\Temp\8107.tmp"C:\Users\Admin\AppData\Local\Temp\8107.tmp"111⤵PID:2288
-
C:\Users\Admin\AppData\Local\Temp\8155.tmp"C:\Users\Admin\AppData\Local\Temp\8155.tmp"112⤵PID:4656
-
C:\Users\Admin\AppData\Local\Temp\81A3.tmp"C:\Users\Admin\AppData\Local\Temp\81A3.tmp"113⤵PID:964
-
C:\Users\Admin\AppData\Local\Temp\81F1.tmp"C:\Users\Admin\AppData\Local\Temp\81F1.tmp"114⤵PID:3564
-
C:\Users\Admin\AppData\Local\Temp\8240.tmp"C:\Users\Admin\AppData\Local\Temp\8240.tmp"115⤵PID:4544
-
C:\Users\Admin\AppData\Local\Temp\829D.tmp"C:\Users\Admin\AppData\Local\Temp\829D.tmp"116⤵PID:1012
-
C:\Users\Admin\AppData\Local\Temp\82EB.tmp"C:\Users\Admin\AppData\Local\Temp\82EB.tmp"117⤵PID:5088
-
C:\Users\Admin\AppData\Local\Temp\8349.tmp"C:\Users\Admin\AppData\Local\Temp\8349.tmp"118⤵PID:2592
-
C:\Users\Admin\AppData\Local\Temp\8397.tmp"C:\Users\Admin\AppData\Local\Temp\8397.tmp"119⤵PID:4376
-
C:\Users\Admin\AppData\Local\Temp\83F5.tmp"C:\Users\Admin\AppData\Local\Temp\83F5.tmp"120⤵PID:4556
-
C:\Users\Admin\AppData\Local\Temp\8453.tmp"C:\Users\Admin\AppData\Local\Temp\8453.tmp"121⤵PID:3100
-
C:\Users\Admin\AppData\Local\Temp\84A1.tmp"C:\Users\Admin\AppData\Local\Temp\84A1.tmp"122⤵PID:2268
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-