Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

2025-02-26...ia.exe

windows7-x64

10

2025-02-26...ia.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    144s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250217-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/02/2025, 12:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

  • Size

    2.1MB

  • MD5

    4d9cf71bc5b646f2126fd4141962dd9f

  • SHA1

    baf2fe3f0a3edc5793fb3f13478f997ac1bf942f

  • SHA256

    ebd5805bc2c1d4e939431746714b7f93c8615eef523dd0697340e46a1de430d7

  • SHA512

    1d8caa4ece1c3990d1d00723629f0d76837afc75efb5cc22258acae0463a49c8e70ebfc3a1616421e1c5158cf1d0de8f4914321118f76ae15848164d9deccf45

  • SSDEEP

    49152:CMUSWPePiaGrTloaG99GEuBw68B1ECYJgkpgl7:CMaPwiZrW9GEuG68B+5J8

Score
10/10
banloaddiscoverydownloaderdroppertrojan

Malware Config

Signatures

  • Banload

    Banload variants download malicious files, then install and execute the files.

    trojandropperdownloaderbanload
  • Banload family
    banload
  • Checks BIOS information in registry 2 TTPs 64 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 47 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 62 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies registry class 64 IoCs
  • NTFS ADS 62 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1148
    • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
      "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
      2⤵
      • Checks BIOS information in registry
      • Checks computer location settings
      • System Location Discovery: System Language Discovery
      • Modifies registry class
      • NTFS ADS
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4024
      • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        3⤵
        • Checks BIOS information in registry
        • Checks computer location settings
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        • NTFS ADS
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1132
        • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
          "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
          4⤵
          • Checks computer location settings
          • System Location Discovery: System Language Discovery
          • NTFS ADS
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:464
          • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
            "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
            5⤵
            • Checks BIOS information in registry
            • Checks computer location settings
            • System Location Discovery: System Language Discovery
            • NTFS ADS
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:3524
            • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
              "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
              6⤵
              • Checks computer location settings
              • System Location Discovery: System Language Discovery
              • Modifies registry class
              • NTFS ADS
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              PID:1488
              • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
                "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
                7⤵
                • Checks BIOS information in registry
                • Checks computer location settings
                • System Location Discovery: System Language Discovery
                • NTFS ADS
                • Suspicious use of AdjustPrivilegeToken
                PID:4036
                • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
                  "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
                  8⤵
                  • Checks BIOS information in registry
                  • Checks computer location settings
                  • System Location Discovery: System Language Discovery
                  • Modifies registry class
                  • NTFS ADS
                  • Suspicious use of AdjustPrivilegeToken
                  PID:4472
                  • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
                    "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
                    9⤵
                    • Checks BIOS information in registry
                    • Checks computer location settings
                    • System Location Discovery: System Language Discovery
                    • Modifies registry class
                    • NTFS ADS
                    PID:2984
                    • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
                      "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
                      10⤵
                      • Checks BIOS information in registry
                      • Checks computer location settings
                      • System Location Discovery: System Language Discovery
                      • NTFS ADS
                      PID:908
                      • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
                        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
                        11⤵
                        • System Location Discovery: System Language Discovery
                        • Modifies registry class
                        • NTFS ADS
                        PID:3120
                    • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
                      "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
                      10⤵
                      • Checks BIOS information in registry
                      • System Location Discovery: System Language Discovery
                      • NTFS ADS
                      PID:712
        • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
          "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
          4⤵
          • Checks BIOS information in registry
          • Checks computer location settings
          • System Location Discovery: System Language Discovery
          • Modifies registry class
          • NTFS ADS
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2448
          • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
            "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
            5⤵
            • Checks BIOS information in registry
            • Checks computer location settings
            • System Location Discovery: System Language Discovery
            • NTFS ADS
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:844
            • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
              "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
              6⤵
              • Checks BIOS information in registry
              • Checks computer location settings
              • System Location Discovery: System Language Discovery
              • Modifies registry class
              • NTFS ADS
              • Suspicious use of AdjustPrivilegeToken
              PID:3440
              • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
                "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
                7⤵
                • Checks computer location settings
                • System Location Discovery: System Language Discovery
                • NTFS ADS
                • Suspicious use of AdjustPrivilegeToken
                PID:1504
                • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
                  "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
                  8⤵
                  • Checks BIOS information in registry
                  • Checks computer location settings
                  • System Location Discovery: System Language Discovery
                  • Modifies registry class
                  • NTFS ADS
                  PID:244
                  • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
                    "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
                    9⤵
                    • Checks BIOS information in registry
                    • System Location Discovery: System Language Discovery
                    • Modifies registry class
                    • NTFS ADS
                    PID:4580
                    • C:\Windows\SysWOW64\WerFault.exe
                      C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 1400
                      10⤵
                      • Program crash
                      PID:1984
                  • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
                    "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
                    9⤵
                    • Checks BIOS information in registry
                    • System Location Discovery: System Language Discovery
                    • Modifies registry class
                    • NTFS ADS
                    PID:2060
              • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
                "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
                7⤵
                • Checks BIOS information in registry
                • Checks computer location settings
                • System Location Discovery: System Language Discovery
                • NTFS ADS
                PID:3144
                • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
                  "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
                  8⤵
                  • Checks computer location settings
                  • System Location Discovery: System Language Discovery
                  • NTFS ADS
                  PID:2760
                  • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
                    "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
                    9⤵
                    • Checks BIOS information in registry
                    • System Location Discovery: System Language Discovery
                    • Modifies registry class
                    • NTFS ADS
                    PID:1228
                • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
                  "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
                  8⤵
                  • Checks BIOS information in registry
                  • System Location Discovery: System Language Discovery
                  • NTFS ADS
                  PID:1648
      • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        3⤵
        • Checks BIOS information in registry
        • Checks computer location settings
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        • NTFS ADS
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:4428
        • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
          "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
          4⤵
          • Checks BIOS information in registry
          • Checks computer location settings
          • System Location Discovery: System Language Discovery
          • NTFS ADS
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:520
          • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
            "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
            5⤵
            • Checks BIOS information in registry
            • Checks computer location settings
            • System Location Discovery: System Language Discovery
            • Modifies registry class
            • NTFS ADS
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:2156
            • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
              "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
              6⤵
              • Checks BIOS information in registry
              • Checks computer location settings
              • System Location Discovery: System Language Discovery
              • Modifies registry class
              • NTFS ADS
              • Suspicious use of AdjustPrivilegeToken
              PID:1048
              • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
                "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
                7⤵
                • Checks BIOS information in registry
                • Checks computer location settings
                • System Location Discovery: System Language Discovery
                • Modifies registry class
                • NTFS ADS
                • Suspicious use of AdjustPrivilegeToken
                PID:1584
                • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
                  "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
                  8⤵
                  • Checks BIOS information in registry
                  • Checks computer location settings
                  • System Location Discovery: System Language Discovery
                  • Modifies registry class
                  • NTFS ADS
                  • Suspicious use of AdjustPrivilegeToken
                  PID:844
                  • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
                    "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
                    9⤵
                    • Checks BIOS information in registry
                    • Checks computer location settings
                    • System Location Discovery: System Language Discovery
                    • NTFS ADS
                    PID:3860
                    • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
                      "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
                      10⤵
                      • Checks BIOS information in registry
                      • System Location Discovery: System Language Discovery
                      • Modifies registry class
                      • NTFS ADS
                      PID:4840
    • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
      "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
      2⤵
      • Checks BIOS information in registry
      • Checks computer location settings
      • System Location Discovery: System Language Discovery
      • NTFS ADS
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4484
      • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        3⤵
        • Checks BIOS information in registry
        • Checks computer location settings
        • System Location Discovery: System Language Discovery
        • Modifies registry class
        • NTFS ADS
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:3584
        • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
          "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
          4⤵
          • Checks BIOS information in registry
          • Checks computer location settings
          • System Location Discovery: System Language Discovery
          • Modifies registry class
          • NTFS ADS
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:5064
          • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
            "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
            5⤵
            • Checks BIOS information in registry
            • Checks computer location settings
            • System Location Discovery: System Language Discovery
            • Modifies registry class
            • NTFS ADS
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of WriteProcessMemory
            PID:4236
            • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
              "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
              6⤵
              • Checks computer location settings
              • System Location Discovery: System Language Discovery
              • NTFS ADS
              • Suspicious use of AdjustPrivilegeToken
              PID:940
              • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
                "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
                7⤵
                • Checks computer location settings
                • System Location Discovery: System Language Discovery
                • NTFS ADS
                • Suspicious use of AdjustPrivilegeToken
                PID:4576
                • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
                  "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
                  8⤵
                  • Checks computer location settings
                  • System Location Discovery: System Language Discovery
                  • NTFS ADS
                  PID:2560
                  • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
                    "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
                    9⤵
                    • Checks BIOS information in registry
                    • Checks computer location settings
                    • System Location Discovery: System Language Discovery
                    • Modifies registry class
                    • NTFS ADS
                    PID:4724
                    • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
                      "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
                      10⤵
                      • System Location Discovery: System Language Discovery
                      • Modifies registry class
                      • NTFS ADS
                      PID:468
                  • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
                    "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
                    9⤵
                    • Checks BIOS information in registry
                    • System Location Discovery: System Language Discovery
                    • NTFS ADS
                    PID:2400
            • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
              "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
              6⤵
              • Checks BIOS information in registry
              • Checks computer location settings
              • System Location Discovery: System Language Discovery
              • Modifies registry class
              • NTFS ADS
              • Suspicious use of AdjustPrivilegeToken
              PID:1548
              • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
                "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
                7⤵
                • Checks computer location settings
                • System Location Discovery: System Language Discovery
                • Modifies registry class
                • NTFS ADS
                PID:3660
                • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
                  "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
                  8⤵
                  • Checks BIOS information in registry
                  • Checks computer location settings
                  • System Location Discovery: System Language Discovery
                  • Modifies registry class
                  • NTFS ADS
                  PID:4468
                  • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
                    "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
                    9⤵
                    • Checks BIOS information in registry
                    • System Location Discovery: System Language Discovery
                    • Modifies registry class
                    • NTFS ADS
                    PID:4372
            • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
              "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
              6⤵
              • Checks BIOS information in registry
              • Checks computer location settings
              • System Location Discovery: System Language Discovery
              • Modifies registry class
              • NTFS ADS
              • Suspicious use of AdjustPrivilegeToken
              PID:4148
              • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
                "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
                7⤵
                • Checks BIOS information in registry
                • Checks computer location settings
                • System Location Discovery: System Language Discovery
                • Modifies registry class
                • NTFS ADS
                PID:1956
                • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
                  "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
                  8⤵
                  • Checks BIOS information in registry
                  • System Location Discovery: System Language Discovery
                  • NTFS ADS
                  PID:1656
          • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
            "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
            5⤵
            • Checks BIOS information in registry
            • Checks computer location settings
            • System Location Discovery: System Language Discovery
            • NTFS ADS
            • Suspicious use of AdjustPrivilegeToken
            PID:5084
            • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
              "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
              6⤵
              • Checks BIOS information in registry
              • Checks computer location settings
              • System Location Discovery: System Language Discovery
              • Modifies registry class
              • NTFS ADS
              • Suspicious use of AdjustPrivilegeToken
              PID:3824
              • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
                "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
                7⤵
                • Checks BIOS information in registry
                • Checks computer location settings
                • System Location Discovery: System Language Discovery
                • NTFS ADS
                PID:712
                • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
                  "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
                  8⤵
                  • Checks BIOS information in registry
                  • Checks computer location settings
                  • System Location Discovery: System Language Discovery
                  • Modifies registry class
                  • NTFS ADS
                  PID:560
                  • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
                    "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
                    9⤵
                    • System Location Discovery: System Language Discovery
                    • Modifies registry class
                    • NTFS ADS
                    PID:5124
        • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
          "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
          4⤵
          • Checks BIOS information in registry
          • Checks computer location settings
          • System Location Discovery: System Language Discovery
          • Modifies registry class
          • NTFS ADS
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:3864
          • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
            "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
            5⤵
            • Checks BIOS information in registry
            • Checks computer location settings
            • System Location Discovery: System Language Discovery
            • Modifies registry class
            • NTFS ADS
            • Suspicious use of AdjustPrivilegeToken
            PID:4148
            • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
              "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
              6⤵
              • Checks BIOS information in registry
              • Checks computer location settings
              • System Location Discovery: System Language Discovery
              • Modifies registry class
              • NTFS ADS
              • Suspicious use of AdjustPrivilegeToken
              PID:3404
              • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
                "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
                7⤵
                • Checks BIOS information in registry
                • Checks computer location settings
                • System Location Discovery: System Language Discovery
                • Modifies registry class
                • NTFS ADS
                • Suspicious use of AdjustPrivilegeToken
                PID:4356
                • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
                  "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
                  8⤵
                  • Checks BIOS information in registry
                  • Checks computer location settings
                  • System Location Discovery: System Language Discovery
                  • Modifies registry class
                  • NTFS ADS
                  PID:676
                  • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
                    "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
                    9⤵
                    • Checks BIOS information in registry
                    • System Location Discovery: System Language Discovery
                    • NTFS ADS
                    PID:2084
              • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
                "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
                7⤵
                • Checks BIOS information in registry
                • Checks computer location settings
                • System Location Discovery: System Language Discovery
                • Modifies registry class
                • NTFS ADS
                PID:1548
                • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
                  "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
                  8⤵
                  • System Location Discovery: System Language Discovery
                  • NTFS ADS
                  PID:2680
              • C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
                "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
                7⤵
                • Checks BIOS information in registry
                • System Location Discovery: System Language Discovery
                • Modifies registry class
                • NTFS ADS
                PID:984
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4580 -ip 4580
    1⤵
      PID:1668

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\ProgramData\Licenses\04E652468A66B03FB.Lic
      Filesize

      122B

      MD5

      9afc1b6d60039f4ebfc88c65203d4282

      SHA1

      f88931286487de2d2c8840da444a68484830f3d8

      SHA256

      c57da948c10f732da310b0b30890e014c048a91af8297136a05e132a909161cc

      SHA512

      b5b1ff1b1b1e1e817a82b6ee3daab3cc2313f277656b60a55314d66078ade9af1485fdb13c3a56c78c54d5fddd39de85fcc01ede8b0f8d619b1ef6f9fe08bb51

      Download Submit

    • C:\ProgramData\Licenses\04E652468A66B03FB.Lic
      Filesize

      122B

      MD5

      d664dc2e7089f348c3e773becbb909b6

      SHA1

      12288f1e02fd42a6fc36c63c3103fb528b6a5e65

      SHA256

      2e27af92e17fb53ea8f52ed4596d4be9e0a904a291cc044e0562543d98e4a3a9

      SHA512

      802d8daa2b9efc5379f22962dfa41c58c362056a32f7ed62f8708f11795f3c8309e88016c181a076e729573c35257292e3ea52e4a6dbeb9f3d73701825213d5a

      Download Submit

    • C:\ProgramData\Licenses\04E652468A66B03FB.Lic
      Filesize

      122B

      MD5

      ba0f6c323c7f0fd32770048b1a084315

      SHA1

      cdc904667fb91a4cb7bdf47bdfef81cba6e4f0d7

      SHA256

      955395ab45260227a4284f2bf7dce4a24bc3c16576dd4491faadd4de5c54b6eb

      SHA512

      b363e6150d65fefc0551133da50ee498318be2a05c6e03109e9daca2a0f81bfdf31aad5a2b4de22df1c923907fbcc6228e7cde9803e082543760f89d10301074

      Download Submit

    • C:\ProgramData\Licenses\04E652468A66B03FB.Lic
      Filesize

      122B

      MD5

      88944d7da51301e66ded2228583b14e0

      SHA1

      18e797810694fabfb2684f7d75f54b00bafef93e

      SHA256

      1898d6c7343347142ba76003fb3af44e1716ffae97088a3af4f516883f73e888

      SHA512

      ae2b71de355ce8d7fe9aab1b7decdb479840af6b9c97284c7c315217e472707b2bbd9bfd6994bc4573238c486d04f46345e1392fe56e10f41624032b2bd69416

      Download Submit

    • C:\ProgramData\Licenses\04E652468A66B03FB.Lic
      Filesize

      122B

      MD5

      d73611ea706c0884656ccd3fb3d8d2b8

      SHA1

      9f2505da1508d1dd71b220c35825e7d7f6317e3e

      SHA256

      619c6398a122df5e32946e58bdea983c199fa815cf737c7c5389c387cdde2f1c

      SHA512

      e1ee7acd7c62ffc83d555fd763214fb9d11aa5b07d629ce4e35e97699f5992d50a563fa433e8ae4f45a6a4d8432f93268bf3e2135055429e89de7f3165369c9f

      Download Submit

    • C:\ProgramData\Licenses\04E652468A66B03FB.Lic
      Filesize

      122B

      MD5

      c5dce8ba39b3b78f0e587083cfba9999

      SHA1

      19fa00869b0d769aa302d0764b1bb5331f657277

      SHA256

      d8d0405dc28f8f9170b596800d5b01ff5b87c5cc502fa96d8d7b5406463090a8

      SHA512

      518e790af41b030a58c3039d87a169d8a9cd035ab4cf4c6f64bd956c8b94537f35ae14b4d6cc61f89324a67e68f7a62cde053427769489c4a9ae4b09b0805293

      Download Submit

    • C:\ProgramData\Licenses\04E652468A66B03FB.Lic
      Filesize

      122B

      MD5

      f7eed7f04165f5c946addda88e879761

      SHA1

      e41a828e8143a4b9130c8c4ba8ec412e5b2c351f

      SHA256

      c00f0ba7a99a917738a7bbc0ca208552d9cd49ce5d4a9e79a22d6001419e18f9

      SHA512

      807c3f087d04533afd5af5b3185b1c59ebfde54457b22656baf5066bea8d682d425e7530be4613e85c6d644c821db35185308a93680ae5b6c612f41041c1e19c

      Download Submit

    • C:\ProgramData\Licenses\04E652468A66B03FB.Lic
      Filesize

      122B

      MD5

      4953db03cf74c2fd333933141e619cfd

      SHA1

      a549bbffc9342589796d7755b48d681e68108665

      SHA256

      e89a0f4c606591b3ec74680afba05ddf3a4a4a30e377b77d87e64278d19af561

      SHA512

      9e36b0a1e0df739f7781fd4f23315e872424e0de92f9b3599a628aa06e16c33beaaa300d929bd8c1c6338635cee34542bca38074ddac81b9c1d381c48d69f937

      Download Submit

    • C:\ProgramData\Licenses\04E652468A66B03FB.Lic
      Filesize

      122B

      MD5

      782d90957fd366fc38c4f324b1395ca0

      SHA1

      f91ea0d164dd23f3b37d0c106a86f70f640d4c47

      SHA256

      ac8fd0187ae4f28be12b141f38e7365ab2f93378781d5bb92a364af30f1b0f61

      SHA512

      a6c4b1f10995103bf31901c3cb6262aacaeaddc3b44db2945fd050b826ee14ced80b0c00f19bde56ea0e8671bd69ea73ef1a9012577abaa201e2ec3d412522e5

      Download Submit

    • C:\ProgramData\Licenses\04E652468A66B03FB.Lic
      Filesize

      122B

      MD5

      69a4cc428697f7178457d8b91136cdbd

      SHA1

      f4feff75a0e4443286c97256325ffc7dc6ebc0c0

      SHA256

      95c41b5faf5ccf1381e701629421d32f58a4a380f6687fc0f84510d4ff8966b2

      SHA512

      dfb2efdcb9ae722bb9a12c5f84a8475ffd65ede7c9c230946ef82659311115365183feb3c79cc0f0680810349966e564a945adcf99ecabf6d9f45b2c16000387

      Download Submit

    • C:\ProgramData\Licenses\04E652468A66B03FB.Lic
      Filesize

      122B

      MD5

      cfb3cd5d9bef1a4e3ab96063d3c21572

      SHA1

      56c4754f98bbd9ca9187a0b69fe8a9ab88de93c4

      SHA256

      5f2b1962a98ed7ccfdbafb9936557da55bc2caa271a63d3af24d198a536faa60

      SHA512

      57d645441435a9b5edc7d394e64e0856cde393c026af080637ce265bf3ee9c70547ffed62b185130d99e163c6e52f110dc36fe22344a2dcb40891be34cbbd39a

      Download Submit

    • C:\ProgramData\Licenses\04E652468A66B03FB.Lic
      Filesize

      122B

      MD5

      d4cd04ab8f222a0daf0ecd68895998f3

      SHA1

      bbaf947e5b615ae5a4d579033e7376d310efa4a9

      SHA256

      c73dfb3d93141ef54631f019ef494c46c4054e08e3d9dc16c0f350147130226a

      SHA512

      513d4bb911b507c287a230605c41dd067b466ffd5cdaa1af16840e5f9a44cb15374c6b23027312ada35cbc7c8569e30bbfbcd1356c34cd7539b029784d0058c9

      Download Submit

    • C:\ProgramData\Licenses\04E652468A66B03FB.Lic
      Filesize

      122B

      MD5

      0b168906b24f130cfc8062b4f7f8736e

      SHA1

      6e08ff85d901387db5f84cc71896fe9ed9650972

      SHA256

      06a97d4b8573f7398ab6fc6585e6981aed618586b892c0d7b39e967c0726b71c

      SHA512

      d942d120ed7604a7f379f58b7ed4fba6c2c3b26fe7f80b9abefebc05d212c68244ec45a27697c61f292d5e7e43626fdb133d4385d0e3b719cb2c18134ad71530

      Download Submit

    • C:\ProgramData\Licenses\04E652468A66B03FB.Lic
      Filesize

      122B

      MD5

      c7bf1082ce44386c7a5e8d25c989c76c

      SHA1

      ba5331e25485349b4c530bda383192016641ff8c

      SHA256

      e8b00b1a8f66e75625c4d0b5bcebcb90b806d061bd26a631cc4319831f83f821

      SHA512

      029f21cd79d642be3b6de96daaf73719bf6b3d3281cfa0112c2ffe94d9b0c727c6ad6463ea9be8ef1bf76ff184d8c9fcedf7ebd388ffdaeffc980c14b00d0475

      Download Submit

    • C:\ProgramData\Licenses\04E652468A66B03FB.Lic
      Filesize

      122B

      MD5

      8d63a3d9dc0aafc88f1cf3cf9efe941e

      SHA1

      4690dfb87ba2f97d9181babdbc21d3e993af58db

      SHA256

      079d854a4d4b95af0066b68b2fc03fa4b228772b059a68535a004e1c8d089220

      SHA512

      2b2188b18599626ab0591be06b98fb6af337890782224c8a4892acc2437507793adf322564692b2d62d54556ddf7d658bece3ca1254c21ce69eff67da9afc104

      Download Submit

    • C:\ProgramData\Licenses\04E652468A66B03FB.Lic
      Filesize

      122B

      MD5

      4c082ce43e6e92c6ecb873a5f59fb38e

      SHA1

      fcc8f4ed761216351bc1c49e8781eceac6056eb4

      SHA256

      ae51bb93aa655d5b4e9097f2ce7e4b4407cb91ad0d04d7df751647cbe4e09f26

      SHA512

      d9e2b34a33319b31f7580f551497faffcf6e729d153a9f1110b9ca4174f5de71286f61e915daa3a0c4f8bccdb0d39f280dd661594a1bfc643607db802368d6ec

      Download Submit

    • C:\ProgramData\Licenses\04E652468A66B03FB.Lic
      Filesize

      122B

      MD5

      c0e84ccb99821298ce848ad9379da847

      SHA1

      2b1e56f0a7dc1a0e0391516083254b2286617a3d

      SHA256

      c2dbf2360ece12bce1cba465b7a067b51d6d649adfb259cc060ec18b0427a2d1

      SHA512

      e9df3c5f92bdc5ed5266e4ed2730688d4359cd8a8a7ec9dd5b8df15d77b3d09a065529e210e102cdf2a4ac73e8cf847939d6b3800aa4ceaad82e93d64f11568b

      Download Submit

    • C:\ProgramData\Licenses\04E652468A66B03FB.Lic
      Filesize

      122B

      MD5

      69b18558f8126946489ee6458259c377

      SHA1

      ff75643d568de06ecc0ef8f799e298568827e17f

      SHA256

      546553ccdd2127952189d2369940b1d94790242a3ec30c309b61601bdb6a6ff1

      SHA512

      dc7d17d58cf8c00027434d3ad983a47d414332428e109844bca57ec9d5d79db4b278b0c0d9aae1bde3342a6ff3e708ed11100779105bfc49bb994219440b1da3

      Download Submit

    • C:\ProgramData\Licenses\04E652468A66B03FB.Lic
      Filesize

      122B

      MD5

      6a62f2d2ba3ea08b2e7996e2d0109b52

      SHA1

      c75b9e4d3b662068e7aa970a902f4d249845e7d9

      SHA256

      e94dedc58fbec6c7dd55d31fddeeba18be7c68b95bc729504e19dbe62086df1a

      SHA512

      60d0e2dd8e507945cfeb726cbb9bb38d0bd60373e7f3dfa3b0865e3b4e387084d9f09535543d3f5715d21f149597257a5cb32e023a59cc21ef56167335b1150a

      Download Submit

    • C:\ProgramData\Licenses\04E652468A66B03FB.Lic
      Filesize

      122B

      MD5

      b104e3ff14c117d724a340081c887e01

      SHA1

      31385d51f24eed20cfe15db720befb7b7f91d312

      SHA256

      e710fcb78ad12e56ef5da4fa8037eca714e3292f9e7aca6a4640fad8c5fc71e2

      SHA512

      602db6c9f8d06bfe8c640d39e247726710828746b0007fc2f5ba7642d680ebc35793eae2a03322017b8bacbb630354992c17900383669bf10113c305dbac2e36

      Download Submit

    • C:\ProgramData\Licenses\04E652468A66B03FB.Lic
      Filesize

      122B

      MD5

      fddc0862b00a166138224f5d57fd0799

      SHA1

      12768fec94b75c618e31e4aff1c0a9d48fce1fc6

      SHA256

      f946d2f74dc22f7bd93c9c0ed6302d35f8bccb3a7d97056af8541ebc7345c0f2

      SHA512

      baad2238e44ec822ffa8f14ac29bbe0ca2ed6918b871caa00e23ff34e1d20b30ff5a73ef0836f979eefb7a576ad434a071711918da74ddd41566953b0747a86b

      Download Submit

    • C:\ProgramData\Licenses\04E652468A66B03FB.Lic
      Filesize

      122B

      MD5

      35fe7457f5cd8d347941e9e49d39c681

      SHA1

      d720fb4b23f75317868223685d1aa72aa62df519

      SHA256

      5c158b54241e3589eb9e31f426333d980ea97a3d0f353fc59ccba6c6ad14336d

      SHA512

      2e0da35f470da5ed41f563beae3ab8c99c2c34c443265d49a3e8a71ae35a08c92a6d2add47c39eb519918bbe619cc9dc9a5ce8f2396021dcdad2fb8496ef5e5d

      Download Submit

    • C:\ProgramData\Licenses\04E652468A66B03FB.Lic
      Filesize

      122B

      MD5

      de9b74fd1b11d72176430db66bf0ba05

      SHA1

      55a11b5aa6ac6fc0f3492dc54e994335451cc577

      SHA256

      f91ed45928ce8db58995bc8b5f9cf87a2ff50061b7fe0ef52927a41db5692e88

      SHA512

      c4e428214856b080bf6f3bd9b220ff29e755a76eee7352d874b80959ba866b0e74a167a3b158d8f756c47daf062111668df0f66add4834342d933394461993c7

      Download Submit

    • C:\ProgramData\Licenses\04E652468A66B03FB.Lic
      Filesize

      122B

      MD5

      67a8e6334508a0f9122ab621ac96954f

      SHA1

      09bfcb5ea7b8163ce81a023a97213e3f9b08661a

      SHA256

      d5b9c1be8caec7b30218199122dba447105477e3e77afce1659d63fb99e669cf

      SHA512

      db24e627345eae6bcac8024561edbee32475c695965a2c8918853763557be0be3183d2b30594db1e5ab53eaf7ec9a64e7dc64199603017035379ea5b034b6a47

      Download Submit

    • C:\ProgramData\Licenses\04E652468A66B03FB.Lic
      Filesize

      122B

      MD5

      cfe4fd52acd06847aa758fde740e5297

      SHA1

      f84510d75ea153c238e83c0706b26e27f6cd3951

      SHA256

      9323b88ca06a12699559c3dbdcc34601f33327dfe7ab403414d2b01349d69997

      SHA512

      b9bf0d237201f30055cdb3190ef8c763aa44415d6b588e62de18b47fd0a4df25e0055e24ade76fed38d4f1877861336640588f4b18e1f03abc8c86b0b3a40651

      Download Submit

    • C:\ProgramData\Licenses\04E652468A66B03FB.Lic
      Filesize

      122B

      MD5

      2ed95e3a95e564e4ea02c121f85aae3f

      SHA1

      e743e44b98dd2752fd2b16a04a5d094dd95ea5fd

      SHA256

      5bb49b95d4990a9ec612654c3d544e03503fbc5057953861ff7fd15e4b089982

      SHA512

      5726909029ea93c57d018927e8f5c2faba43178ec111361a4588fc5c49edd32bb0d860436af1ed7e9e89447651a4b59f781f15eaa796688dfccf2ee01edec6fb

      Download Submit

    • C:\ProgramData\Licenses\04E652468A66B03FB.Lic
      Filesize

      122B

      MD5

      2ba2390c3f4b8f56c0feeb26a9edec5c

      SHA1

      6588683ca07e1d708c962bb046113abccd46a0ba

      SHA256

      b1d897be3978d8031621293dc023edd156e9229d728694b26180d68bf8869cea

      SHA512

      9f9a527a2d1e9008f2193a3c0c06df9806bf94a3960cfcfeb633fe3542704a8c1c9ca6ef8e2117e9e9ca19712747530aa24a033a86502deecf8fd50cdba51769

      Download Submit

    • C:\ProgramData\Licenses\04E652468A66B03FB.Lic
      Filesize

      122B

      MD5

      31f78f31c86ebcb5af41577b8ea1494e

      SHA1

      6132fb857fdcbd1cc2a03c1b426e6ce7c9631c96

      SHA256

      fcf3f01652e8cbe194ab8ff090933d11d41c1007a9e0332fbd2f1069552f24c2

      SHA512

      2c504f7244f6dbb0f7077ad603f304e2ec8ebc9ef9011dd267ef3d581e874d38d9c884f36d9afb7888422342fcc77fe8d08319e9f90971fd0c7c6ae44c4d90f3

      Download Submit

    • C:\ProgramData\TEMP:DC58651D
      Filesize

      122B

      MD5

      c142bb7380408be4b8d5c1a9fac2a1b2

      SHA1

      aaa0d20555890def2b338102d4df9178b17f66d2

      SHA256

      6a276b36584b9393cb91c434e95190e51f3e0ac62200aaf4424a5f7fe920ac86

      SHA512

      4b502d6a0db9e18b21752258be541e46b6b9f203f48439e381e77703561963dae7dd6d136aceb1a440d440f8585d5caf010d4c748f92f79e218c54e4c21102f1

      Download Submit

    • C:\ProgramData\TEMP:DC58651D
      Filesize

      122B

      MD5

      68ea451b3af415424d0ad2fbaa97fb23

      SHA1

      f498b061897055ac435f295e17cd72b502af91dd

      SHA256

      e5f4c9e41e0b15b6d2192e9f6354e1f1b55711abfde7db2c068f0afceb3532d9

      SHA512

      2cb2e494e0f4f1a48cbd9d2d2265ca1519a5ebafc63f60b1e42bb100bcdb62fd24a1a4cd3866f35fa3150052cf3cfe737fa44b1848d9b9a3bc80abcdfca8ea1c

      Download Submit

    • C:\ProgramData\TEMP:DC58651D
      Filesize

      122B

      MD5

      1bcf33bba4ae1a5cd37ddc2b8e15bbe1

      SHA1

      56893be1de138f6fedbaa54de8d078ccf6d8a3af

      SHA256

      03c240b762e608a1fed65e7e70b616fb9656ed24d621d9cd13faa263ed7c2a71

      SHA512

      236e438bb25f09fe575b4ccc474d9736f9aeb10738bd20c16412304c12b570d47c4b43e9e2a6d9e01e0882a588aab6a5493019dc1e40f74ab03a044eca190e88

      Download Submit

    • C:\ProgramData\TEMP:DC58651D
      Filesize

      122B

      MD5

      1877b0b4c06c6ca44a7cf44743d24ee7

      SHA1

      5e08a47928978b01552147e6b4332995a70144db

      SHA256

      42b4d3742871308b977e688a4f3575530ffb42a1b904365b1033e7ab61f26cb5

      SHA512

      c8dce6311f32709a928b358bbc7270668c243e861d6a25cd1a5478727068cbea1cd56e6bfdbeb62f73629b7fc9eaf31a59353e1162d6c1c40900aab46b9e516c

      Download Submit

    • C:\ProgramData\TEMP:DC58651D
      Filesize

      122B

      MD5

      7ed8262b3a99ef8012fbaa6f3b4ccdb5

      SHA1

      5bf7162e491d9c646185aac0521255256acfd28a

      SHA256

      3e3ab7c8d3f75ebdcc48cbd31abca67f7f4e12c7fb1cdf9e43ffa49ef639e235

      SHA512

      a94be0adb4164df30d84d66d7a5b34ff1f4707212b3baa216675bfb5a56ad0f3c346f31d1c2f5a39fe90ca128faf6c9d4efc22083b079a418d429051de2e73a5

      Download Submit

    • C:\ProgramData\TEMP:DC58651D
      Filesize

      122B

      MD5

      68612ae414eb20d167a5b5b8069172e6

      SHA1

      97be5f92ef4523b44144cba5edbc989ca1e0079d

      SHA256

      5a3fc0f76972a7875d9453de0d47d1042566863f2091924ae8b87a48fa0ec358

      SHA512

      776995a82ea5c52ad4b6429c7f5bb305ce24be3fea7f3d0aa1e8982fdaa20b549e958bb62b7bbdee16acf6e247211e0c928e7db877ec67fd3f38cad9d3139c70

      Download Submit

    • C:\ProgramData\TEMP:DC58651D
      Filesize

      122B

      MD5

      2eb1bc5bcd999f6e2ebf2da195335bfb

      SHA1

      db0e5d3cd0ac8e1afce4813d99e0eb777c715f48

      SHA256

      b00fa77f38b54df24cf34f20e0c4d78ebbbea73db6f1d423bb14e3fb18641ff9

      SHA512

      498e93418cf92a82c85baab722bffe5b238b096e9e6f1f48b4d9542f800a7510b1989bc33d5c5242f2cb20f335fd5d07a2c4db866823f627a9a484452105de82

      Download Submit

    • C:\ProgramData\TEMP:DC58651D
      Filesize

      122B

      MD5

      e61b409556f3be1e9abd94e37309bb9c

      SHA1

      43bbe0d25677e13a8bd5ab9af03fe07ccb15496d

      SHA256

      a4e013c7f0809d43400aaccd02f229f5c2e769b3c64ccf46de34346ad229bfd9

      SHA512

      e661c86a415ce9b23b428b624d4a4227eee8e49d48988aac233beda88e9b92f89d8a0fee067bb9fe8edad4bca1b555bf9e7e81566b068b69cc4b09f019b51823

      Download Submit

    • C:\ProgramData\TEMP:DC58651D
      Filesize

      122B

      MD5

      99c397bed6af92206e0621c073a3ad72

      SHA1

      c67cbee28b290fb7e855008fbff6059d2eb9b826

      SHA256

      ac712156cfe84de3b75d42c5e98a2995abfe172ebcc8af1c8cf8b4b66562966a

      SHA512

      19aba399e0c0ab4b2af83ffef8c1fe53dd1da3a94cd9b9b28067a359f8fd5698447b9786e863f2ff0c247a160ff64d4fb76e17f63df4171046769d901a1e8708

      Download Submit

    • C:\ProgramData\TEMP:DC58651D
      Filesize

      122B

      MD5

      3dd2e1f07baf50b0bb0181eb98a99d86

      SHA1

      4eeb8a53dc825325d7d87477849a4f6131c49e24

      SHA256

      db187b80a4621b43d2b118e3ed8efd11ca960db1318ddfbb58e9d4c2f6f7d804

      SHA512

      f8289029d2e61b8c7378781bd36b4f13e59909379fa1507eb8c1173a507bdf0cd2bf80727e48c8ce1ccfd58f96a988226a23c8673c87e9f19a2526f8ea98ca23

      Download Submit

    • C:\ProgramData\TEMP:DC58651D
      Filesize

      122B

      MD5

      c9005c90e0c4a61f83269c438bab4606

      SHA1

      98659c898e74c24e18a1a5b81b2c656fe03cfa21

      SHA256

      524ba05e4783e62581e630a6dae2d6a8884912472da9a3b99871b1295797ad74

      SHA512

      d11631a3cb01c7b3c9d7842ec594843db2852eb765e6edf909761c77b2fa689778336ecbe54c4b5f6262f1c80eea0927c10f7e3448d8ecfe81ee1c61f3146313

      Download Submit

    • C:\ProgramData\TEMP:DC58651D
      Filesize

      122B

      MD5

      cc3d70592555f61e35e8d763c7b48a87

      SHA1

      9b98163708ff14ee12a0d8ffb4fe296db623cfee

      SHA256

      719e799bc4c8d03da58ac6b8dd3f6ffd7217bfa9007ae3e590db8fae52f83756

      SHA512

      872f5638b72a68023980fcbb2fcebad1877726df5f26c2d0e43770a2b72e72c47ff60c061740d679477f8115ae42527a803d8533e2c9e9dac20dc0221952b26c

      Download Submit

    • C:\ProgramData\TEMP:DC58651D
      Filesize

      122B

      MD5

      7dfc3ceaa1ca5ea0380a6a8580a1abd4

      SHA1

      1b0462900eec71f782405abc86fd9f1cf4540d7e

      SHA256

      c3ee307d38ab0f8f73cbd5db24fad399a8a45a2b857ec5065e7f5feaa151d418

      SHA512

      6852a577e993f7a8230d9c6e550383db14fe9959692623aaafd6009b53ba7e28a6a86aea58a9def49323aa9b7a480a161a1de2f38c2c38bc0c7ef2828b2a51c8

      Download Submit

    • C:\ProgramData\TEMP:DC58651D
      Filesize

      122B

      MD5

      241ea26623b3510001892b868c43c144

      SHA1

      9df92e38741d43dfc0513670b99a44e425f03613

      SHA256

      a93704f2651e363f6222133c49f8a2e4f26cd94c58fc51aed4cb7e060dd2e70c

      SHA512

      0311696c0c14de5bb5ffff8d30c21ef2dde548c14892d50b4972c1a849542c6e4f65b8e4a9f187b20a2215cff4b04b7d64ec79c5a1aefd103c11d8ab3568d037

      Download Submit

    • C:\ProgramData\TEMP:DC58651D
      Filesize

      122B

      MD5

      e682e990f93302aea39fcbf60510a6a5

      SHA1

      11acd6d36e4504adaeb2b25fe3071d9f76ce4bbc

      SHA256

      fe622839c97d5762ba1efedc2b805a1f57777bf6b0a5f9cbbff71bc892e8ae3d

      SHA512

      8d18e1c5b25210c809b01b198e09d4ca4e2682f8c92f334e1d5570060d044953a0810df90f625703758acfb040a43ca665ebdedb45cb5fed024a442e8089e0a8

      Download Submit

    • C:\ProgramData\TEMP:DC58651D
      Filesize

      122B

      MD5

      e1db637c35b02c075a79d1b31b7da0a6

      SHA1

      aa699196fa929ec5e81c355b669e3fb0227c46cf

      SHA256

      f1d8ddac2816f37900deda2da682cc5b9f6e4c73b941ecffc9df07f12f591378

      SHA512

      d6ab7a475f384767fadf15946fc3b160737e2e2c613a75ee67691775f4ed38afc26eac48906bd00eccbd7fa79819b3da282a624dab3fafd447e3e8a2f7782078

      Download Submit

    • C:\ProgramData\TEMP:DC58651D
      Filesize

      122B

      MD5

      a1e3d65b65f8bf973c45ad4caba968b2

      SHA1

      9729f844ec6142cbc447d4b6a3bc8fc5814a62fb

      SHA256

      b40d0844a3b22a0c87fc312a61f14d7835d036d5917f79006c95a334f914d1fe

      SHA512

      1e52ef2d355c95f1227503e98c1ab90ed4f06db0de641a209ae53f7d578253db4b65e369894622ebe34402cbe445768a56f53122f1602607c6fd10755278bdd9

      Download Submit

    • C:\ProgramData\TEMP:DC58651D
      Filesize

      122B

      MD5

      7bdb62ca30ffaa72d7e478244ea516c4

      SHA1

      442c0e0fe0b48f74740071a93fea284721639a6e

      SHA256

      98eb986dece9653bff20caeec99a794b1a751933be19cb16c072b32867a3a4da

      SHA512

      5e8e70465d9e5645439f8a79dd4d20d7b55e67e95bb2da26c63c914e2d9d7348af9f05e6f63b24cd176abe2ec4f5de6f7d1bc9af6333f032eed746c07859c4c7

      Download Submit

    • C:\ProgramData\TEMP:DC58651D
      Filesize

      122B

      MD5

      26f55bd59ae7a31ff4e9f3fddadaa44e

      SHA1

      a7c3499dabd6ee7d99e5ec622b26f55425a73de5

      SHA256

      24c9b85ac0698ddfff137bac0c79df421d50bf2162272f9523db7010ecb84f06

      SHA512

      c842b17f10168b0e6ae02a446e8238811cd2cc5e621952b28e44a410a944616f8c9a06f40844b8ac8ec248a39a4e7c5f5977f0ee2b892b94c709d867cf6e77e8

      Download Submit

    • C:\ProgramData\TEMP:DC58651D
      Filesize

      122B

      MD5

      ee749cb8187039c45f6caaf7873e50d6

      SHA1

      f3e31457c8906b7193a1a5363ccc37d6a1c8f211

      SHA256

      27a0a4c3b1b1254de2ff4f1244926a8102367f65ad8f2ee6e932846374b40eed

      SHA512

      cbdb8c726114e0666b29585167965ecfae7a9dc48bf25010ba7a7930b505d4f4883fcfedd2b9c375154a675a589ebf2f075a814358602fe6217f06877dc75f40

      Download Submit

    • C:\ProgramData\TEMP:DC58651D
      Filesize

      122B

      MD5

      58cca650f576a68269e9a65eeac5bd0e

      SHA1

      6dea9664bb4a55d02f8072f659cbc2955b7b741b

      SHA256

      32ce29b3d25ae575fa563d5a5e191e8134d1bb601b3503c0e403889fbdbe7d57

      SHA512

      cebf63859a520fb5aa37ca3f1953fb25d5accab1d42847fd55c1b4ffc5e95158d2379e0407160dc56886495a20a54d919942301af87c3c7d0a443ad4164069ea

      Download Submit

    • C:\ProgramData\TEMP:DC58651D
      Filesize

      122B

      MD5

      cb61432d0f65575db79fa568f0345ec9

      SHA1

      702c537588e5b4eb76152d40d263967ce1889c99

      SHA256

      51dbdfc371b72dee1c59b6e4710fb656fba51963799f4b092dce7d5ae12a551d

      SHA512

      43e818d170254e7ce155376808720e694926dcd2ec20036e5910bf59caea6f6a2cddbd229db48d37765c569f4794d84c018b6c5bbf6d0ae1e2c034644642e7c2

      Download Submit

    • C:\ProgramData\TEMP:DC58651D
      Filesize

      122B

      MD5

      9145c75079f9021b1c594a2cbf2fd9c1

      SHA1

      3eade0163d401235fa1f584c1f5cf4b6c8fe08f0

      SHA256

      f1ea4e4c2b066a56b7b33b2b860ef330e760270e5e10aede6276b235e91163db

      SHA512

      0f8892fc5e6dedeb7907c985aaa6aac0893c8cc2761beff50671c6e301701c40ad9c71990f86648802edd0c77b7dc9f3cfdf1b89c72a5f68198d6a06f9b6951d

      Download Submit

    • C:\ProgramData\TEMP:DC58651D
      Filesize

      122B

      MD5

      5153831c74f4f34d9be8c11a1e92c02d

      SHA1

      cf307fedbdecc4b445b7f6014b19109e6b77bbe6

      SHA256

      550f25633fdd60adb34839b324878d8744b6dedce7520353535b9da5f4fc9009

      SHA512

      66e1786ac0df876943189d7290eb20f0c58e74c47127d58acba68bbeffe435d2847c6752e435620fba44af7bb18ab9d1e709e19d8124a048ac7ac41896dc1c7d

      Download Submit

    • C:\ProgramData\TEMP:DC58651D
      Filesize

      122B

      MD5

      dce818bf5bfdb9c7e95c3a34864a7ed9

      SHA1

      14c8f7d7bf7e87d6a0c8754c75a39ae5c93ffb1a

      SHA256

      01ca24be9263423b9c82e98d3a065ed0792ab9f55ddeb69c425100158c323d53

      SHA512

      0a83cbfb829d0fa94497302bc5d46c1242f07856b42ff01710bdcf30c29e18ed59d6aee41e868da70e94be53437711827f367fbc35616c4f27789f3bf12c9740

      Download Submit

    • C:\ProgramData\TEMP:DC58651D
      Filesize

      122B

      MD5

      e6c5fdc4f9417cf47c3995bab203b35b

      SHA1

      1b4a0d76edd67767e94ed626a86fc45f54f87952

      SHA256

      9add064bd5e7d7cdd9493f62577f923ad608d0801fe35b27c57cd0ad7be40265

      SHA512

      b35246e7fe996a62d515b776c42aec3ef760999aa88132a58a7d0e4d3f40eef5c70bffaf6bcef6f867322f88b4bfdb422ec907a6c0dbfb95ea5de8bbe4d2f4b0

      Download Submit

    • C:\ProgramData\TEMP:DC58651D
      Filesize

      122B

      MD5

      4e423121866c1f24623d77420bfc2e3e

      SHA1

      134cfb4f22875efbc9f973bd3ca67b358423b3e3

      SHA256

      33def98a6b6a599d8e4220523d05110bd4aa7497d75fc3ca0ff30761004b49eb

      SHA512

      92573cceb2115f04e81584de6c91af90de85b4593037afff7f17ca462203af9dfb87dbb5f950bd1dd904c782836a833fbe7cd027669555128e39f8ef1166e5f7

      Download Submit

    • C:\ProgramData\TEMP:DC58651D
      Filesize

      122B

      MD5

      acf9c27f1317296b92195ca51506f9ff

      SHA1

      a5e02afd81acb4b7a6b7a300b6bf359ad7199d68

      SHA256

      a122b411b5930e76e5610a2211226ce50d53ebea8fd7ff61881daa9789ad707d

      SHA512

      f8e112e9e7b8c62ddeee5c3829aea89f1b47acea4e7aad68728add58640888307f9830debbd43e6d95498b7e031ea42f8ee41fbbc8342fc5f7c90c3d20d93782

      Download Submit

    • C:\Users\Admin\AppData\Roaming\OneNoteGem\NoteFavorites\configuration.xml
      Filesize

      281B

      MD5

      095d116707c05c1451879cf0e4e64eb5

      SHA1

      465ff3aa448414ab276adc71e8f1befea039c426

      SHA256

      4a16fb3e65d55a42b4332f71ca5cdb914ff88b87c0384e50ef850556d2f6ef5b

      SHA512

      f3935b8e6766f9d5cdb1923b573d8fb52b4116fbbb6de7a00567fc13bc890475fa339c19454e25c87e5edbf084fbd2e2b8634b7bc615c8ab67cdff661569ec6d

      Download Submit

    • memory/244-1226-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/244-860-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/464-132-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/464-233-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/520-438-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/520-448-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/844-512-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/844-827-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/844-506-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/844-1057-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/844-361-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/940-622-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/940-504-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/1048-653-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/1048-615-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/1132-91-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/1132-104-0x0000000002940000-0x0000000002B41000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1132-56-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/1132-62-0x0000000002940000-0x0000000002B41000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1132-90-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/1132-96-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/1132-194-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/1132-95-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/1132-92-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/1132-327-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/1132-97-0x0000000002940000-0x0000000002B41000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1148-20-0x00000000028B0000-0x0000000002AB1000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1148-13-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/1148-15-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/1148-110-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/1148-46-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/1148-16-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/1148-0-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/1148-8-0x00000000028B0000-0x0000000002AB1000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1148-14-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/1148-18-0x00000000028B0000-0x0000000002AB1000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1148-2-0x00000000028B0000-0x0000000002AB1000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/1148-17-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/1488-359-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/1488-480-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/1504-641-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/1504-818-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/1504-863-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/1548-603-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/1548-797-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/1548-825-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/1584-639-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/1584-832-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/1584-817-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/2156-481-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/2156-367-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/2448-364-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/2448-356-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/2560-1227-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/2984-1160-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/2984-831-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/3144-988-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/3144-778-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/3404-675-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/3404-861-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/3440-673-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/3440-505-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/3440-1011-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/3524-220-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/3524-366-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/3584-284-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/3584-460-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/3660-1024-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/3660-826-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/3824-859-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/3824-658-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/3824-843-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/3864-482-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/3864-510-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/3864-329-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/4024-41-0x0000000002940000-0x0000000002B41000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/4024-37-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/4024-199-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/4024-105-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/4024-29-0x0000000002940000-0x0000000002B41000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/4024-23-0x0000000002940000-0x0000000002B41000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/4024-39-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/4024-36-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/4024-40-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/4024-38-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/4024-45-0x0000000002940000-0x0000000002B41000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/4036-471-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/4036-651-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/4036-621-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/4148-674-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/4148-642-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/4148-1017-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/4148-1037-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/4148-489-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/4148-790-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/4236-488-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/4236-1013-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/4356-1049-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/4356-798-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/4428-225-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/4428-116-0x00000000029E0000-0x0000000002BE1000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/4428-112-0x00000000029E0000-0x0000000002BE1000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/4428-232-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/4472-654-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/4472-840-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/4484-80-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/4484-103-0x0000000002810000-0x0000000002A11000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/4484-77-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/4484-79-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/4484-134-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/4484-76-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/4484-81-0x0000000002810000-0x0000000002A11000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/4484-78-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/4484-54-0x0000000002810000-0x0000000002A11000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/4484-50-0x0000000002810000-0x0000000002A11000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/4576-816-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/4576-1005-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/5064-360-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/5064-605-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/5064-213-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/5084-602-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download

    • memory/5084-672-0x0000000000400000-0x00000000006AA000-memory.dmp

      Filesize

      2.7MB

      Download