Malware Analysis Report

2025-03-15 08:30

Sample ID 250226-pr6gdazmw3
Target 2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia
SHA256 ebd5805bc2c1d4e939431746714b7f93c8615eef523dd0697340e46a1de430d7
Tags
banload discovery downloader dropper trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

ebd5805bc2c1d4e939431746714b7f93c8615eef523dd0697340e46a1de430d7

Threat Level: Known bad

The file 2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia was found to be: Known bad.

Malicious Activity Summary

banload discovery downloader dropper trojan

Banload family

Banload

Checks computer location settings

Checks BIOS information in registry

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Unsigned PE

Program crash

NTFS ADS

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Modifies registry class

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-02-26 12:34

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-02-26 12:34

Reported

2025-02-26 12:37

Platform

win7-20241010-en

Max time kernel

150s

Max time network

118s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

Signatures

Banload

trojan dropper downloader banload

Banload family

banload

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\dfohcrahg\ = "cgekCD{pGnktKZMh_BT}" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\fPOVz\ = "VviYVe`nowMx[|w}qi{UMQqhB]A^rTy" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\mgkof\ = "DfS_cuSHFhABvAhIHIu|bLnVTi" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\mgkof\ = "AUwCN]dFX]\x7fqOySPKeG]gNtpir" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\hszsjyrXG\ = "\x7fUDXejwLRJM@cF}Mj[eThcWj" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\mgkof\ = "AUwCN]dFX]\x7fqOySPKeG]gO`pir" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\jOHov\ = "ANN|zRz\x7fSmTtEHNSOQoidZUl}K]Rmu" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\mgkof\ = "AUwCN]dFX]\x7fqOySPKeG]gOHpir" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\mgkof\ = "DfS_cuSHFhABvAhIHIu|bM^VTi" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\cvfnqzEuBua\ = "rSyW~p^SjmpyKjZP" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\hszsjyrXG\ = "{mVxdiv@lA|KfVXO`FVE~^wR" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\jOHov\ = "jwtN\x7fy}}M@E^PbPnjn|BmDFwcxy|cU" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\cvfnqzEuBua\ = "rSyP^p^SjmW[zSK@" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\cvfnqzEuBua\ = "azu]{\\aYHJeYXQI`" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\cvfnqzEuBua\ = "azu\\W\\aYHJDHsV|@" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\mgkof\ = "DfS_cuSHFhABvAhIHIu|bLjVTi" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\cvfnqzEuBua\ = "rSyWjq^Sjmlscrb`" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\mgkof\ = "DfS_cuSHFhABvAhIHIu|bOFVTi" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\mgkof\ = "AUwCN]dFX]\x7fqOySPKeG]gNtpir" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\fPOVz\ = "~lC]fBqrfrd@^V`MuQqcIm\x7fxLL@gWpC" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\cvfnqzEuBua\ = "azuRw]aYHJAm^JEP" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\hszsjyrXG\ = "\x7fUDZqjwLRJMOcF}Mj[eThcWj" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\jOHov\ = "ANN|zRz\x7fSmTtEHNSOQoidZUl}K]Rmu" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\cvfnqzEuBua\ = "azu^K\\aYHJDZFU{@" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\cvfnqzEuBua\ = "azuYO\\aYHJZA\x7ffI`" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\hszsjyrXG\ = "\x7fUDX]jwLRJMOkG}Mj[eThcWj" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\hszsjyrXG\ = "\x7fUDX]jwLRJMLkG}Mj[eThcWj" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\cvfnqzEuBua\ = "azuU[]aYHJunF_pP" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\fPOVz\ = "VviYVe`nowMx[|w}qi{UMQqhB]A^rTy" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\cvfnqzEuBua\ = "rSyWZp^Sjmv{KwE`" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\hszsjyrXG\ = "{mVy@iv@lA|GrVXO`FVE~^wR" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\hszsjyrXG\ = "{mVx@iv@lA|H~VXO`FVE~^wR" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\mgkof\ = "DfS_cuSHFhABvAhIHIu|bLfVTi" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\cvfnqzEuBua\ = "azuZO\\aYHJGiqWW`" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\cvfnqzEuBua\ = "rSyUfq^SjmbB\x7fL[p" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\amntb\ = "c~jHaSEfq@rACywffSglA@Ipj\\h`mLh" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\hszsjyrXG\ = "\x7fUDYyjwLRJMHoG}Mj[eThcWj" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\cvfnqzEuBua\ = "rSyTjp^SjmwBJFuP" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\hszsjyrXG\ = "{mV{div@lA|NvVXO`FVE~^wR" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\hszsjyrXG\ = "\x7fUDXejwLRJM@cF}Mj[eThcWj" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\hszsjyrXG\ = "{mV{@iv@lA|BNWXO`FVE~^wR" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\cvfnqzEuBua\ = "rSyYJp^Sjm@pHyB`" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\cvfnqzEuBua\ = "rSyVrq^Sjmvdxax`" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\cvfnqzEuBua\ = "azuWO]aYHJAa^RK@" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\dfohcrahg\ = "cgekCD{pGnktKZMh_BT}" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\mgkof\ = "AUwCN]dFX]\x7fqOySPKeG]gMdpir" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\mgkof\ = "DfS_cuSHFhABvAhIHIu|bOBVTi" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\cvfnqzEuBua\ = "azuU\x7f]aYHJixNOs@" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\hszsjyrXG\ = "{mVzliv@lA|EfWXO`FVE~^wR" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\hszsjyrXG\ = "\x7fUDYijwLRJMIKG}Mj[eThcWj" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\cvfnqzEuBua\ = "rSyPvq^SjmJ_]dG@" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\jOHov\ = "ANN|zRz\x7fSmTtEHNSOQoidZUl}K]Rmu" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\cvfnqzEuBua\ = "rSy_Rq^Sjm{WEh^@" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\mgkof\ = "AUwCN]dFX]\x7fqOySPKeG]gM\\pir" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\mgkof\ = "AUwCN]dFX]\x7fqOySPKeG]gLxpir" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\hszsjyrXG\ = "{mV{hiv@lA|MFVXO`FVE~^wR" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\cvfnqzEuBua\ = "azu[{\\aYHJi|ilk@" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\fPOVz\ = "~lC]fBqrfrd@^V`MuQqcIm\x7fxLL@gWpC" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\hszsjyrXG\ = "{mVxxiv@lA|JrVXO`FVE~^wR" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\cvfnqzEuBua\ = "rSyXvp^Sjmv`_B``" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\hszsjyrXG\ = "\x7fUDYijwLRJMHCG}Mj[eThcWj" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\mgkof\ = "DfS_cuSHFhABvAhIHIu|bM^VTi" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\hszsjyrXG\ = "\x7fUDXEjwLRJMOkG}Mj[eThcWj" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\hszsjyrXG\ = "\x7fUDYijwLRJMHCG}Mj[eThcWj" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2884 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 2884 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 2884 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 2884 wrote to memory of 2740 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 2884 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 2884 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 2884 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 2884 wrote to memory of 2052 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 2740 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 2740 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 2740 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 2740 wrote to memory of 1788 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 2740 wrote to memory of 1424 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 2740 wrote to memory of 1424 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 2740 wrote to memory of 1424 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 2740 wrote to memory of 1424 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 1788 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 1788 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 1788 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 1788 wrote to memory of 1244 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 2052 wrote to memory of 2056 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 2052 wrote to memory of 2056 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 2052 wrote to memory of 2056 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 2052 wrote to memory of 2056 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 1244 wrote to memory of 604 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 1244 wrote to memory of 604 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 1244 wrote to memory of 604 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 1244 wrote to memory of 604 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 1424 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 1424 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 1424 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 1424 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 2056 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 2056 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 2056 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 2056 wrote to memory of 1624 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 2052 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 2052 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 2052 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 2052 wrote to memory of 2572 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 2052 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 2052 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 2052 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 2052 wrote to memory of 2512 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 604 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Windows\SysWOW64\WerFault.exe
PID 604 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Windows\SysWOW64\WerFault.exe
PID 604 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Windows\SysWOW64\WerFault.exe
PID 604 wrote to memory of 3028 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Windows\SysWOW64\WerFault.exe
PID 2572 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 2572 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 2572 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 2572 wrote to memory of 2560 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 884 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 884 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 884 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 884 wrote to memory of 2516 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 1624 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 1624 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 1624 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 1624 wrote to memory of 2556 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 2556 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 2556 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 2556 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 2556 wrote to memory of 1776 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 604 -s 768

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 768

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 712

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

Network

N/A

Files

memory/2884-0-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/2884-1-0x00000000024F0000-0x00000000026F1000-memory.dmp

memory/2884-7-0x00000000024F0000-0x00000000026F1000-memory.dmp

memory/2884-17-0x00000000024F0000-0x00000000026F1000-memory.dmp

memory/2884-16-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/2884-19-0x00000000002B0000-0x00000000002B1000-memory.dmp

memory/2884-15-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/2884-14-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/2884-13-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/2884-12-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/2884-20-0x00000000024F0000-0x00000000026F1000-memory.dmp

memory/2740-22-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/2740-29-0x0000000002570000-0x0000000002771000-memory.dmp

memory/2740-23-0x0000000002570000-0x0000000002771000-memory.dmp

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 b22b6f9f73fcfcc4154b063e2f8ce134
SHA1 a08bc7be2bbec4e8c68c34f84c792fbe7164192c
SHA256 d5e1c151d5bc39ce8da1869a1816f1b65df7251ef24df064e5e71550e183e1b1
SHA512 62a12507b871c8c4885f5513f363f28ebb35235ca7ec5d4ed11646286f92ed60ad9e2f1c38887a2d3cf4b433e26659a21ed141a391eeeb5978346eafb05c1585

memory/2740-38-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/2740-41-0x0000000002570000-0x0000000002771000-memory.dmp

memory/2740-40-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/2740-39-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/2740-37-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/2740-36-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/2740-45-0x0000000002500000-0x0000000002501000-memory.dmp

memory/2884-44-0x0000000000400000-0x00000000006AA000-memory.dmp

C:\Users\Admin\AppData\Roaming\OneNoteGem\NoteFavorites\configuration.xml

MD5 095d116707c05c1451879cf0e4e64eb5
SHA1 465ff3aa448414ab276adc71e8f1befea039c426
SHA256 4a16fb3e65d55a42b4332f71ca5cdb914ff88b87c0384e50ef850556d2f6ef5b
SHA512 f3935b8e6766f9d5cdb1923b573d8fb52b4116fbbb6de7a00567fc13bc890475fa339c19454e25c87e5edbf084fbd2e2b8634b7bc615c8ab67cdff661569ec6d

memory/2740-47-0x0000000002570000-0x0000000002771000-memory.dmp

memory/2052-50-0x0000000002520000-0x0000000002721000-memory.dmp

memory/2884-55-0x0000000006250000-0x00000000064FA000-memory.dmp

memory/1788-56-0x0000000002660000-0x0000000002861000-memory.dmp

memory/2740-63-0x0000000006150000-0x00000000063FA000-memory.dmp

memory/1788-62-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/2052-61-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/1788-60-0x0000000002660000-0x0000000002861000-memory.dmp

memory/2052-54-0x0000000002520000-0x0000000002721000-memory.dmp

C:\ProgramData\TEMP:DC58651D

MD5 65cbd437a44969e426dd3ad2a67d6c1d
SHA1 89e1beeb4b0b92f1f34a184dc633efa918655f38
SHA256 82f38a115bf094e5cc0bbcea23491edab9d0833aac9b3c5be04ef29cb6cc3a5d
SHA512 51063dd75929afba2bceb025ab2450a4c750a618f2bd2b1401e913f5855a467ef6482da75dd78b6365dfe20604532bc6c5d37c853b9a24fce6588182b8548eb7

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 ad8787d3d613667eec3655997935a810
SHA1 c24b8f601762656038fb14f43b3a76d7b8c8cb07
SHA256 6ed36685500e0db90fd299eb1277bc41961fddbb3032b08d98c1d52ccaceb9b6
SHA512 4ace0a6e53ea5802d7c58fa4d38b75856518c5e5e55d6e298fbe0b78ecc5a47df3929959aad47e8c78614f468a250a06b9139518dd520d507f9d87098c9c7a8a

memory/1788-76-0x0000000002660000-0x0000000002861000-memory.dmp

memory/1788-75-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/1788-74-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/1788-73-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/1788-72-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/1788-71-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/2052-89-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/2052-91-0x0000000002520000-0x0000000002721000-memory.dmp

memory/2052-90-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/2052-88-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/2052-87-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/1788-93-0x0000000002660000-0x0000000002861000-memory.dmp

memory/2052-86-0x0000000000400000-0x00000000006AA000-memory.dmp

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 b4c67009506b811e061948e6855e5565
SHA1 393adb3a848fb2f92aa5a1441238d3c3410cf050
SHA256 775f13240008f8091e386611f7ccfd4f9d814ee54574801ee16a24e3b6dce871
SHA512 3b8e5abb5794a3be856d2eb074a91288ad5f743022a043d35c0911186e9c510da1905ef8d77122bb8e47b1c5752326d1f3e1e6da627421493215a409b0e6ad93

C:\ProgramData\TEMP:DC58651D

MD5 64354d956a5e903d63a5774349c4f520
SHA1 9791b43a8fa90471938dbf710f13322bd1844ab0
SHA256 4c7ac97b9374ec7166d221ccfdff09cc979828e0600b930fd61335a4218ace09
SHA512 6561f98953a71ed9ad121b8c5bd382c7f17ab2f258c99db636011a10ec5e51905a907cef3021b78221f477a6dac7bf2ed47d709cf4e1011385c25ee157069e8a

memory/2740-94-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/2052-97-0x0000000002520000-0x0000000002721000-memory.dmp

memory/2740-98-0x0000000002500000-0x0000000002501000-memory.dmp

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 9d66a73e6c63b3fd83f5b52d0407c687
SHA1 1bcae25440fe28131232b94377e6e8c21fd47e99
SHA256 2cd10161d29b0b7ca28a05b6d0db1ee5ed0037ece029a6e0715a034c0aed8561
SHA512 cbdabfe51cca0a2f6d672e6f10759f991095410f55357ce4799e2d136aab1ff82b4d25f59bb6c6ccd693fd81ad8176834cb2224ad65ab26565a17903888f578c

memory/1424-116-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/1424-110-0x00000000025A0000-0x00000000027A1000-memory.dmp

memory/2056-130-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/2052-123-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/1244-122-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/2740-129-0x0000000006150000-0x00000000063FA000-memory.dmp

memory/2884-105-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/1788-115-0x0000000000400000-0x00000000006AA000-memory.dmp

C:\ProgramData\TEMP:DC58651D

MD5 37ccd1f8be000751b661766c827eb02d
SHA1 ec846eb13d6e64a93309406dd2191d1f6c0b082e
SHA256 c09c63703f9a33c635a7f3fa0a7313caddee28fd0cc20fd7fa85f40704cd8c0b
SHA512 737f08a9e2fb45c0c697de82f4fbe6f2227707f97ddffed45f400e65a3a62236461fd68fc431805d4b87c954827489014e7c34c626b4b8c2f31d3ba9c61d3213

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 4e8d524dfa37d77ce286ff5ed1993ae4
SHA1 64867b51d8a751eb9bd06a4f052d12864886c3e1
SHA256 b6a8c3f5af052fb93aa389fc34ea6b0a96d8b26b09e167089338281651825571
SHA512 75347979989b22761cd854cdc4fe35c585411238a318b47c608a67f068540c034eb90d08caabea80e272ce58f8c40afd3822d87a7a175d0705a1b523ccd931e4

C:\ProgramData\TEMP:DC58651D

MD5 882d4fb452dc59d950954e5f1cc74b98
SHA1 5dd1e30795052144fe15f959ec71e4188e7cfce2
SHA256 670bb22d78000ebf3678e3a9b4b5bb10603e88c0b4e4ec3dd96bb04642ea5422
SHA512 9c09d6b5f960e51ea2c33f389ebeb4fe2f2bb26bfed6c371df2b62061d2952b88cade86a9bc5e47d9654e5931544757cd1bb8bdb0b6e28a3486cade8b1f6cf4d

memory/2056-191-0x00000000061B0000-0x000000000645A000-memory.dmp

memory/1244-192-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/2052-194-0x0000000006190000-0x000000000643A000-memory.dmp

memory/884-193-0x0000000000400000-0x00000000006AA000-memory.dmp

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 d7d157b12124af1be9faea474c74c970
SHA1 0151787733879d84ea16b9e7c169b91ef6992f6c
SHA256 16a3ebb5da6a34db67eb656cf2adcee88778349df2882e8a053a6038fce46ce3
SHA512 219679ba1c1ec6b549a095f57a41ddea68c0010d215db6119e72fe3d645628cbbcacc09f0404443e34c5adffd9e76c0e41382806a13ceadad4412b33a1c89e85

C:\ProgramData\TEMP:DC58651D

MD5 3b9006695b3ac977ac499bb01d6ead5d
SHA1 faa5ad9c4ae38f9922c761bbc19e16fbf390b2b9
SHA256 f2bfe09573a0c263ea0e25a6b466833a034e398769192a993f4a33e8aaf2b22f
SHA512 62dd92dc30ef918e9679ca4401c3456cc945761837630dbab03477318a12bc41bc7bd7ffc552349609462a7eecb7de07545988ef30d57df9b4cc9a9d0e8559c5

memory/1424-196-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/2052-195-0x0000000006090000-0x000000000633A000-memory.dmp

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 4bf57039d3ea668847b6d8c7189a77d1
SHA1 86ed07fca892a93c6a759c067082553e22290c49
SHA256 fc9b85f396d0e100a0dd87998350328d179bd3b4767073901edcfc261a988361
SHA512 3b88eab0aa9e4f5894462b12c0314b78584ce46f7e40f04767a8a5ab4d0c99fff306cd6b8f043bfc56290eb0f46169de8551f542dbd29de80a74e467c60338e2

C:\ProgramData\TEMP:DC58651D

MD5 a3ae759bd8d0d97116c7f30cc87922f3
SHA1 949326358a26da641e122dc4eb87d9fd58eb4954
SHA256 2c3b595e44188b3e064ac371656ba722edff467e7362629c48e8c6b760dd6f19
SHA512 0f0ead53d64d9cefa06b024cb12ea9b3667276976595e7ac33e7a6c28c1012e6ae4b2c1ceb3507ca2fbee1a4f248b156d401e29811ad36da49070e96e78e3f25

memory/1424-207-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/2740-218-0x0000000000400000-0x00000000006AA000-memory.dmp

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 66fd3f0f8c8509647bfdfb35450abc2d
SHA1 3be54dae88c7b0aec2dfa6ae64ce10addf0682ba
SHA256 bb920a737cfd361110f29330134986a9a14af1e48b79ec177745eb08c13e857e
SHA512 1c6cf639af5cfbb0d6cd863b52c78067e577cb0916a8c86c85b09738cdd6b9897a9c133f0c0364301f7f33d2f375e0589367f406c71a832199540fea04c0402c

C:\ProgramData\TEMP:DC58651D

MD5 d9621157bde5ba448f08ab8e30fb7acd
SHA1 c1301b0017b66b10de833dd67a275aa16bed142e
SHA256 45013bb8c9263340775d3257ace2e91aa8053fc9fcef86b0b603a3acdd3cf5c3
SHA512 637d0149c3015b55026760295f25f57fec7ac7de075f638b572f4c91d3da0c9b2e9f880fee95184f7a5d05d1b76a6d1d0aa8ca1793352942e7b9613bc7f59556

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 5caa08ee5ab52979b1d5982161c11c41
SHA1 654e90dbd970a3bf83fa5f12640ff817dea6fef2
SHA256 b2d9fe57444dcc9cc6f5ea444d1419a22af3852d8740a9600519b96884a1a1f7
SHA512 040ac90edade1e3002687ae028981db13bbaf7888c997e9429c4aa65baaa14d5595ae9f81b3e25a1681abe3d40ca1528deb8f5b3e457e94aab53c67a300f22d6

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 11eced318a7b57fc1fa57c86ddcd1944
SHA1 d3dea0625820be7eee8cde5d2894abdabe5e261f
SHA256 42ccdd7f6d7959e4b8726f32d6d1f69dbf9fd72a31466156d8c285ceee7c0205
SHA512 7c5e9c1b062220491cfcd48134aa27973ddf5b15eb04232bd4708795965639c2a10a285dc6b534adb8c8f033f4c81c6ed2753706de3b01df894cb2a7b3586433

C:\ProgramData\TEMP:DC58651D

MD5 60c0c952ccca30560ac2ef52afa2e0ab
SHA1 023318812af5be5d96ba7f6554421ef1082eeec6
SHA256 49aa9404a7ed313ca2d0bf0636464bd4be865ebbc3e353e2103357a19624e7bd
SHA512 b9c8170fcc45676105e6ea6972c5697ae279e12d4e826440ad832ca521bdc8fef0b778c206acd2a080ab1edf489cdb0e6dfd2ecf17cfafbd3a036f3b59c35927

C:\ProgramData\TEMP:DC58651D

MD5 f6f199bede47b76364d8e1db1597683d
SHA1 ec0e698bc23139273fd29d1a83af14b417ae86d0
SHA256 1baa2509dce2d22a6ebde928f757b366906bd231e66de74de0b4e3869067fb17
SHA512 c440ec4810bf84712a2a59b2f75de0add273560133f51a2d85f362a96a26cfd55eaca5b856af3dde602bb25a925ed05caeafb377aafe49ef3e57d071515cf553

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 964ce9dc05b68400b7f3371f81f963ea
SHA1 ff1d0325e96573a77a47a556d3bea3b90c5a5e32
SHA256 a43f76dcccd22d9407c564743b00df10048e2b7223161d5d2f2638a08d531927
SHA512 e646e1d591c9cf7e893d6b0e4dfe3bae1729b20dc69bf677698607e3ecbb79aa61f9c1a4a858fac7f93130a60effceb266ce1540f528856382b25cc32f7c2525

C:\ProgramData\TEMP:DC58651D

MD5 3220408ea1be45f1fa85fb55dac210d4
SHA1 e1bfcda98f823884d1e64e3ad6a05f30e124a458
SHA256 2d7c19fb518b3c7dd9de04aefe6ee32c0b96d4c76cded39ac64a5caee8a084d6
SHA512 8c72ee42b284b73e0875bfd09f1572a8214e35329530fd0dff84f0bca97893fbd4d6c4add128a813ac72f65e8632a8f86c432952e1ef46bbfbe8be635ffd0af6

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 182b498a82e3483cc3771d277e59711e
SHA1 00824cd0e5f1f7edd10a9756652344dd87fec684
SHA256 f28009214de7b9963a727b4bb66488a6903bf765682e7cbe1f6cf931324ce144
SHA512 7d7d2e0f49fcf305cebddc2843533dc0ffe1fe96919303b10a3458a80e4993c4b334d51b488870b6cd4bb81ec14ae4142f667df6be11b4497d289a89eaf3b38e

C:\ProgramData\TEMP:DC58651D

MD5 dd06518dfd7464e5dde208bb24c4f200
SHA1 fd18a30d56a2051e1ac58caa921abd06cceda286
SHA256 0c5eba1d508ff5625e9cb726e82acba3f610d161d75bb4afd3f21c560947c56e
SHA512 3e1640a65197b0c6af83159dba7b914aeddfe63106b34699ba5473bc2b4d6862ee4f9a5175ba1ca0396d5d6b599a2804b09aa79976af3437a57acf8a6ed311c2

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 de228856e5fa0d538586faaea93096a2
SHA1 3d7fa62c0478864a1c2fbd28b42f9a4f2bf31601
SHA256 7889ab6ec340021dfb45e45f3fbea26312cd3b3831f57e9a61ecec33c6a4906a
SHA512 5fe29d314f39dffd65cedd4f517f24d76f742b2ce2acd191602435a5fa39c0e338f6645069d108f53faa00d5665335508cd742495f15715bc5032dc31fe418dc

C:\ProgramData\TEMP:DC58651D

MD5 0588d2cba3b21790929649dbd0a0d765
SHA1 18d678b9a758f4f0957308807a7685639d72bef0
SHA256 8397b2cd01278ce6ceb48eae9b9692f9991be4a78956ee4116fbd346629f82dd
SHA512 c60c1b693d78d38f2fb0f2c272025cc38839662605e93ada9cf01604d8edbb9bcedacc2f57e49bb28da3aca98e65e8ad9bf3e9d78cd3bb0766690994acf4e150

memory/2056-298-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/2572-303-0x0000000004DA0000-0x000000000504A000-memory.dmp

memory/1624-307-0x0000000005F50000-0x00000000061FA000-memory.dmp

memory/604-309-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/2052-308-0x0000000006190000-0x000000000643A000-memory.dmp

memory/1624-306-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/884-305-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/2056-304-0x00000000061B0000-0x000000000645A000-memory.dmp

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 f83fab53c9e76d69bbf139a0092d764d
SHA1 8ab382996d2209bbc556bd3a26892332d58ee237
SHA256 76b3abba518c4d2ebade1fc13ae91b710cd5e28eb68e0fb50d812264972b00f2
SHA512 c39e3933a74c0a13c2f0899dd16aeda569871b86d35dedaed71a806dc0ad9157782939efe894cd2702c1ceb3d589a7f09e781991460adf96ee77f9fa7b779e84

C:\ProgramData\TEMP:DC58651D

MD5 b090551d9dae4a8070045721b9a616e6
SHA1 4e09ff80aef5f7dc036fa76dab7ae6fac6c36b75
SHA256 1bd4b5d370205d16c5f7571830d4b51948d23970120c39b7836b28eb0736624c
SHA512 b6bf43cae2c01f8b6178d4c82b3b6227229d16b8403549b279560c5ebb3e3c05c3f6c6641625b0808e2f6577744a38564c45a8f762464c572ce252b5f6700eca

memory/2572-333-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/2056-345-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/884-343-0x0000000000400000-0x00000000006AA000-memory.dmp

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 3e7b1356cf8716562791c213ebcfb0d1
SHA1 199874aa0d12c92d5e8edc49cd29a1f87536fa5e
SHA256 fc29e7a2a23bc9bc370f9fd841b125bc9e4a2bb84deb3e1faac9524c2ff0b048
SHA512 86f604e916dfd2e8d8106f862cbfb2c8d536a04f2988bb81c11c887b90768060bd4f400cb4f35c140baf6dc84cc351ea9b77535d4740b58d4a1809ce1cbe4d17

C:\ProgramData\TEMP:DC58651D

MD5 3cb0b10eaacd9b270feac1d51ab82fe7
SHA1 72374f30c3f97071c066955dd7c8f02817527042
SHA256 100aaa289c7d9c7548234f4d13bcd28881678eb1ce285680d0a66e6fee0267e9
SHA512 c724ec1aed3a0122835a8f4d8c0e711ec005d6fa542da4111117fac47745fac87600d4a7918260afdace1ac12bbbcd65423de14db7074233fb323b773bb4e72f

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 58856216cca2193ca5aec30435809b7c
SHA1 4a1826854c826a5dc055ffc0245b2c7a55c3c005
SHA256 1bc1d98c7fd94143100037b04b694b751c0c143c1777fa4719631094db472766
SHA512 a68cd763db7452eee6453e0edfa7ad98f27eb8efb7094dae285cd7056aa264027a3fc8bbc7c3946645e7b578a6f57579673ffd7912f7012c8f2027793f28b64a

C:\ProgramData\TEMP:DC58651D

MD5 cf3a7c33c4e2962969cd977efd119486
SHA1 f45ba3e2886c37396c9470ba36aae5f280bbff5b
SHA256 5c178ad517c2d484c8ea5d30cd2cd44e1537969abb5728df511f206986b6d74d
SHA512 1dae91ad4cc47f755ac23b328a19823a00403eef660d64553b7a049cacfb0ed00ff6dc2a02cb97249a2cdf23bd29cbdf607c699cd15abc2d34ed663c320b0239

memory/2512-428-0x0000000004CC0000-0x0000000004F6A000-memory.dmp

memory/2052-421-0x0000000006190000-0x000000000643A000-memory.dmp

memory/2560-422-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/1624-430-0x0000000006570000-0x000000000681A000-memory.dmp

memory/2324-429-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/2512-441-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/2516-451-0x00000000061B0000-0x000000000645A000-memory.dmp

C:\ProgramData\TEMP:DC58651D

MD5 9653a462ec0c903982b4900dcba55323
SHA1 c3fd634aebd4f7382b64842fdc8d74a3f528c6d7
SHA256 cecbf26d8fdccb78f8b35ef5317bdfd0ec6b71ff906a92205812b4d08d325fa6
SHA512 2d9971e1e7cdfd8e6d496576e1c88fa50df3773af465887266bdbeb8de248eaba32af8eeb22bf5912ae6d01f1c493348f5cc7bd1c1f1a886adb3f4f2cf184c75

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 b5141bf95639220334c944c289b4e2ee
SHA1 09d8515b002d168168f84e4d23ac432bdbf155f1
SHA256 5eba6853a61284baf9bdd2430ca7c8b3543becb70ed54fdb4008625c20677525
SHA512 705ac3731ae13ac4e1540b9e8e928269adb2cf5776de84a770e97215c72162661ef0ce5ce86a18f50e2caac6df4694593109a32a0cf49538eb17e8228f9cbadc

memory/2792-453-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/2512-452-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/1624-447-0x0000000005F50000-0x00000000061FA000-memory.dmp

memory/2516-463-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/2560-465-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/2556-462-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/2052-480-0x0000000000400000-0x00000000006AA000-memory.dmp

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 fa43ecaf89df0f13ebb453945ff3049b
SHA1 fd7bc32223f95efae4ec0c88ba9d8277a00d98be
SHA256 43116fce0e51807beb5dae33c95308e80967d13443b3fee0f59fbda0e868ccce
SHA512 747d859b99377d060c8f773318931de6282f105f201826aebaff5a349bfbe2b36bd39298b1944e2c56756b52bbddc51d2f5b7d2f670fa9ccc2ef03cf008c3ed3

C:\ProgramData\TEMP:DC58651D

MD5 b5152c4b0084984e7f41e1136822b90c
SHA1 6b05d313dd47e87bc8f1164998c71600b22f6439
SHA256 af7d7933fc721c1382c23bed22ac7f9277a9a5ca4fb17f863ae2f7847cfc4e97
SHA512 369e10acce151159d722835ed12a863989fbe3274dbec71b782d16a546ba4a9b157f67c20ba5e83d3ee0a5a0c997d897a55774ddbbdc304a2d40d70bb43a9ac3

memory/1624-570-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/2324-586-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/2792-574-0x0000000000400000-0x00000000006AA000-memory.dmp

C:\ProgramData\TEMP:DC58651D

MD5 abb53d15d785c18a87dd2fef47f14dd0
SHA1 95f8c1ef1344451a5238ddb2e2d9a6f90598dc4a
SHA256 e30b2366ac0e01e9e874f49d0964d042b88441a38d3a9b8ece043c587014d6e2
SHA512 d4d8fef5968dc2c53c63fb0b5b926317b743cacf531e29a961403e02e778735bd8bec0762e2ca14f6724248cf72a92268c36f459c8a4c32365f6541e31072399

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 75361a93e39f40a1c3cf8d6c585380e8
SHA1 b72276b0ec5a74bd7498f192ec1acad685456e6f
SHA256 5fb173b3cfe25bee383d09afc342d6645d124b4317fbf6699ec0964e50246f0a
SHA512 6c7a26bad4a5da75c34d7bdd8bfc2760428201f13b130f00066047ed95de85762a7c96f9e637df5012f13ceedcd86c480fe4c2d8270f205061be320e1cb13674

memory/1284-587-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/604-591-0x0000000000400000-0x00000000006AA000-memory.dmp

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 ee67c959a3994116da09913777eefe7b
SHA1 526a8f4f25c0878e609816d922ac7c8e9f1d385e
SHA256 875ed15b8edb59753ab8f161d6c8987d63570302753de5b749c70c85822be6bd
SHA512 5eff7c9edcb28dbf176d8fcf848d232a1cb04f50de9575cc1ad455e97b2ba90fc624c0e4c811698be3688550a9ce8a4572dd15376fe3f31974af1413e509f680

C:\ProgramData\TEMP:DC58651D

MD5 9eb23c49f618712bc541e86b52198c7e
SHA1 e6055ef040e53d0489a81a17ce7cf12f3bb7275a
SHA256 b20ddcb2aca04752d7f85a370e512778c691893cfe37cc021c02d4ef2095f6d1
SHA512 664aaa01f29e089334503cd89804424b40322c0f78709ce07665d5ced2d5b60d7d6ee6ba3aa582382f76e308af2218afb0997256ab50a9ea66daf0cefd04892b

memory/1776-662-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/2516-664-0x00000000061B0000-0x000000000645A000-memory.dmp

memory/2516-669-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/1776-1030-0x0000000000400000-0x00000000006AA000-memory.dmp

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 e93f737fc32f9c41a3d88d8843038a99
SHA1 3af0909dd127c1ebbb8c3838baeb22338cff46a5
SHA256 921d6c0f907bba65ec41f94b39d4a8ac159e5adc1919ecdacc2536be62b606e6
SHA512 781f53e12c4610c2bf7a52f32598772efcca05f0d6e023c0b90e346262df4c711c6f5d6558126061d8bd28742f459a370a895a254010e31027f2b0481ec40f2e

C:\ProgramData\TEMP:DC58651D

MD5 bd0b0676c5b710d877133deb0496f4c6
SHA1 b2f2d8a5ec4a87df56fec1868d584aa486682949
SHA256 1bb6ca3ef8beefc3408830450bf0b84357f7349497d02ed2c13bcf066571499e
SHA512 743e5dd46da104db88b599b243689b14c40a15e3d9a258ea6ce80542053ab9e53517d360464ed82fb5bb4e6e588be6da2ac205a4736fa4e69f1d1ff7012a11f2

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 c6f678f4aa3cfa727d21ab2f355bf73e
SHA1 375770a090a2706956adee3a6e4e4b23df65bbea
SHA256 39f554ac1495b81dff43d2c23e54faf543670687c4ddfd4c8f568a45e95b2559
SHA512 d618b5ae0738178e9ed55685889470faac5bf64f14d4452880ea99396d2ce0baf3e4d9127b0603bb327e943c3b085a9a60850fef52392a8ae0a4ccbe380067cf

C:\ProgramData\TEMP:DC58651D

MD5 3fa53a6526d4ad582ceeb8cebf540699
SHA1 e88170aaf3559844b646a486f3958f753c712757
SHA256 5c0890035938f5a9e31386eb68f6a1f71db9e55bb121246ac3e87375de89efaa
SHA512 f8bfcf8ca6c788ee5a3c23746c0826ae909c869c23fb767e38e421299326f87ed4db0fbdd19d11c8aa29f1b9c259538c4a7e8603cdac011802ec5fe36929cb64

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 3330c4a524e67bdc2190819d20dfdcb4
SHA1 af7bce334d6528709d12c6e98d9a6848094dfd73
SHA256 1eb1857c7cc314cff4587f124ac8896a830940d71ed7290d351d9e050c5732a4
SHA512 bbe6745de5658c59391d31068832e2ce1cd9ac5b61e80406ef03cb3930b7e7c06b651abe13afdba858a3c1b9554d32bb3d7bcb052e6bc61712f89e0c17994868

C:\ProgramData\TEMP:DC58651D

MD5 9c37ffbacab245f6399756e6254fd803
SHA1 0cd74679180a5ade996d2bca8bde8ed1190b4c0f
SHA256 71db648629651b5b796f46a9a38f7374e647c4997c749b96cfdbe1b941527539
SHA512 f2b78cad79492f7e33fc3ab67549aa0771288bdc2fb5b030aff449ada5ba76be5c7b10b502da793da68276eea583a6d5a325b7e8cea6b7b390dfaeac94f8c3f8

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 d049eaa75873e05c23ee959fda8b2fb6
SHA1 9afcb6e2de6c61f1715f81621cb49f2b4a86c1bc
SHA256 43387f4e3f785b6452305d8a4b85ebe5d55bbf35a84c6a32b22df35b32aa5200
SHA512 fa8982281b42a6f13beda45446044100e0b40a232014cc6bbc4239e2e5c7801f9076f2254cd4c63e551cc0c8d85553fd1ac08cd901a630433d76ab34b241aacf

C:\ProgramData\TEMP:DC58651D

MD5 e4a18f3700fcc75d6aadc686cf42c277
SHA1 bc5accf58627f4a3e153a423a2346158a2b10d94
SHA256 c78826e6203ab0101107d5451257b8c18d9976704025d466f252f77b553c7858
SHA512 e465c6061cd0c72ff8834a77615e9ac6d3f5b3b81c23400bdb3a49666538493139121be75a8e9dc060be2245ea3dd93a89d03babbfe558dfaf9a80bb5e3e78a0

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 77cbd1b3a5b16079bebc849f0d66923b
SHA1 b095807cfba5d21548945d3ab392d6a8f4a4c3a8
SHA256 8fecf37cdba9444c4b1344d9ae232d20ec383ac4eb566ea59d33b260469b11f5
SHA512 a7167967774cbbc3745be4b788b581caa246ea1a6d2faa1948abc1b958f9f8310f1a4e5f10a916e8108bae41989edb2b4dd3111775be97fed595fd775fd8dcf8

C:\ProgramData\TEMP:DC58651D

MD5 5be78c3edd916c5fbdcd4f9171ffb0e6
SHA1 0845a5bc955ca1851dfb6f8cffd08d612a657cc6
SHA256 6a0a34de63d18d0a17ab1448a12d358f40630bc4560640a4c0c39616efcae162
SHA512 a8b73ab7478849cd439faa2b60763d5b3f722ed6befc509e99de382d5f5dd8db564c797606f90447423fab4bf67beed30697968c3535d29da9a1cc55caeee937

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 a50e27520ea8512a911ab396ec4a0665
SHA1 f89e4adf75f5ca5a246a1e02b6b6427a19421699
SHA256 0cfdeba098bd96d7aa2027203ef66c832da04bc1e099c5111a67ca767aa42ccf
SHA512 0207c83f4a6b7d9b27c4d0d98c3588e139ccf6b6efb0428211ee105b84fd534c7758642d563e2b22864ecf8fd24c50f377093851689a62a846bc7a49a31f8c61

C:\ProgramData\TEMP:DC58651D

MD5 7b12ca486d0878c22737a7636a26be65
SHA1 fac0c33f33b6e1b5bbcf0d7f4bc9580018a9b673
SHA256 7b1deb1b6cf874270fa0249e21049995f68eca4af1f8d1fe67a9fe85a12ea967
SHA512 fc8294fabec32341de4d589d35fb8f096c2de289aa4af85328a8505065ff280765e775422e2d61fb44a1dae4fccaf281e289849d30d274719ef7c5bb669cdd98

Analysis: behavioral2

Detonation Overview

Submitted

2025-02-26 12:34

Reported

2025-02-26 12:37

Platform

win10v2004-20250217-en

Max time kernel

149s

Max time network

144s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

Signatures

Banload

trojan dropper downloader banload

Banload family

banload

Checks BIOS information in registry

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000_Classes\{DC58651D-B945-13D1-B2E4-0060975B8649}\gkcjmkuDCliyr\ = "_kTNxmPoV\x7fAfLHtFB\x7fHE[UnwLRTLL" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\Tnfo\ = "{BL`cltb_laC}YiTqrzTwaX[}wUyn" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000_Classes\{DC58651D-B945-13D1-B2E4-0060975B8649}\dnvp\ = "GB}MjDdVlgWjcGddwEcO\x7fKn" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\dnvp\ = "bRXO`YWGzZwRW\x7fjOp`apTsG" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000_Classes\{DC58651D-B945-13D1-B2E4-0060975B8649}\gkcjmkuDCliyr\ = "okTNxmPif\x7fAfLHtKr\x7fHE[UnwLRTLL" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\woMDgamwxlx\ = "SgIFv\\rljoY" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000_Classes\{DC58651D-B945-13D1-B2E4-0060975B8649}\woMDgamwxlx\ = "TKZMg`[g~{f" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000_Classes\{DC58651D-B945-13D1-B2E4-0060975B8649}\woMDgamwxlx\ = "dKZMgcluMms" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\EsqYe\ = "Pnjn|BmDFwcxy{stAbZ@MagiT" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\dnvp\ = "bRXO`YWGzZwRW\x7fjOp`apTsX" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\dszjFsBex\ = "^QhJc}STTZWBjFwtN\x7fy}}M@E^Pb" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\woMDgamwxlx\ = "cgIFv\\C}p~T" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\dszjFsBex\ = "^QhJc}STTZWBjFwtN\x7fy}}M@E^Pb" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000_Classes\{DC58651D-B945-13D1-B2E4-0060975B8649}\kryvLgi\ = "cp`IJxezJgUuO\x7fMZweJH" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\gkcjmkuDCliyr\ = "zUgw@VInjM`cOjRai{pWxPmv@l_}A" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000_Classes\{DC58651D-B945-13D1-B2E4-0060975B8649}\woMDgamwxlx\ = "TKZMg`sNwdT" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000_Classes\{DC58651D-B945-13D1-B2E4-0060975B8649}\dnvp\ = "GB}MjDdVlgWjcGddwEcO\x7fK]" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\Tnfo\ = "{BL`cltb_laC}YiTqrzTwaX[}wUyn" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\dnvp\ = "bRXO`YWGzZwRW\x7fjOp`apTsF" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000_Classes\{DC58651D-B945-13D1-B2E4-0060975B8649}\dnvp\ = "GB}MjDdVlgWjcGddwEcO\x7fKm" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000_Classes\{DC58651D-B945-13D1-B2E4-0060975B8649}\EsqYe\ = "NSOQoidZUl}K]U}TDQ~\\`IPgN" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\gkcjmkuDCliyr\ = "jUgw@VIjzM`cOjRMY{pWxPmv@l_}A" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000_Classes\{DC58651D-B945-13D1-B2E4-0060975B8649}\EsqYe\ = "NSOQoidZUl}K]U}TDQ~\\`IPgO" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\gkcjmkuDCliyr\ = "ZUgw@VIjJM`cOjRvi{pWxPmv@l_}A" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\dnvp\ = "bRXO`YWGzZwRW\x7fjOp`apTsb" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\woMDgamwxlx\ = "SgIFv]rtXnK" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000_Classes\{DC58651D-B945-13D1-B2E4-0060975B8649}\woMDgamwxlx\ = "DKZMg`_Dr@P" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\woMDgamwxlx\ = "CgIFv^qZ{QK" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000_Classes\{DC58651D-B945-13D1-B2E4-0060975B8649}\gkcjmkuDCliyr\ = "okTNxmPnf\x7fAfLHtLb\x7fHE[UnwLRTLL" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000_Classes\{DC58651D-B945-13D1-B2E4-0060975B8649}\woMDgamwxlx\ = "tKZMg`SD`Q~" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000_Classes\{DC58651D-B945-13D1-B2E4-0060975B8649}\dnvp\ = "GB}MjDdVlgWjcGddwEcO\x7fKO" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\woMDgamwxlx\ = "CgIFv\\`hj~Y" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\EsqYe\ = "Pnjn|BmDFwcxy{stAbZ@MagiU" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\gkcjmkuDCliyr\ = "jUgw@VIhzM`cOjRQi{pWxPmv@l_}A" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\woMDgamwxlx\ = "cgIFv_rEgTI" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\dnvp\ = "bRXO`YWGzZwRW\x7fjOp`apTsK" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\gkcjmkuDCliyr\ = "JUgw@VIjZM`cOjRvi{pWxPmv@l_}A" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\dnvp\ = "bRXO`YWGzZwRW\x7fjOp`apTs`" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\woMDgamwxlx\ = "CgIFv^_r}OD" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000_Classes\{DC58651D-B945-13D1-B2E4-0060975B8649}\dszjFsBex\ = "Tglvmm]EUcrfPmNN|zRz\x7fSmTtEH" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\woMDgamwxlx\ = "CgIFv\\m[zuv" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\EsqYe\ = "Pnjn|BmDFwcxy{stAbZ@MagiR" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\dnvp\ = "bRXO`YWGzZwRW\x7fjOp`apTsK" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\gkcjmkuDCliyr\ = "jUgw@VIkzM`cOjRDi{pWxPmv@l_}A" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000_Classes\{DC58651D-B945-13D1-B2E4-0060975B8649}\kryvLgi\ = "cp`IJxezJgUuO\x7fMZweJH" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000_Classes\{DC58651D-B945-13D1-B2E4-0060975B8649}\gkcjmkuDCliyr\ = "\x7fkTNxmPiv\x7fAfLHtKr\x7fHE[UnwLRTLL" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000_Classes\{DC58651D-B945-13D1-B2E4-0060975B8649}\woMDgamwxlx\ = "DKZMgakD@xn" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000_Classes\{DC58651D-B945-13D1-B2E4-0060975B8649}\dnvp\ = "GB}MjDdVlgWjcGddwEcO\x7fKt" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\gkcjmkuDCliyr\ = "jUgw@VIozM`cOjRai{pWxPmv@l_}A" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\kryvLgi\ = "c~^DocBBypvCCywdguKH" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\gkcjmkuDCliyr\ = "zUgw@VIkjM`cOjRDi{pWxPmv@l_}A" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\dnvp\ = "bRXO`YWGzZwRW\x7fjOp`apTsW" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\dszjFsBex\ = "^QhJc}STTZWBjFwtN\x7fy}}M@E^Pb" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000_Classes\{DC58651D-B945-13D1-B2E4-0060975B8649}\kryvLgi\ = "cp`IJxezJgUuO\x7fMZweJH" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\EsqYe\ = "Pnjn|BmDFwcxy{stAbZ@MagiW" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\EsqYe\ = "Pnjn|BmDFwcxy{stAbZ@MagiU" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\Tnfo\ = "{BL`cltb_laC}YiTqrzTwaX[}wUyn" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000_Classes\{DC58651D-B945-13D1-B2E4-0060975B8649}\gkcjmkuDCliyr\ = "okTNxmPjf\x7fAfLHtir\x7fHE[UnwLRTLL" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000_Classes\{DC58651D-B945-13D1-B2E4-0060975B8649}\dszjFsBex\ = "Tglvmm]EUcrfPmNN|zRz\x7fSmTtEH" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\Tnfo\ = "{BL`cltb_laC}YiTqrzTwaX[}wUyn" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000_Classes\{DC58651D-B945-13D1-B2E4-0060975B8649}\EsqYe\ = "NSOQoidZUl}K]U}TDQ~\\`IPgO" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000_Classes\{DC58651D-B945-13D1-B2E4-0060975B8649}\dnvp\ = "GB}MjDdVlgWjcGddwEcO\x7fKH" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000_Classes\{DC58651D-B945-13D1-B2E4-0060975B8649}\EsqYe\ = "NSOQoidZUl}K]U}TDQ~\\`IPgI" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-1874072718-2205492803-118941907-1000_Classes\{DC58651D-B945-13D1-B2E4-0060975B8649}\gkcjmkuDCliyr\ = "\x7fkTNxmPov\x7fAfLHt]b\x7fHE[UnwLRTLL" C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A

NTFS ADS

Description Indicator Process Target
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File created C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
File opened for modification C:\ProgramData\TEMP:DC58651D C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: 33 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1148 wrote to memory of 4024 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 1148 wrote to memory of 4024 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 1148 wrote to memory of 4024 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 1148 wrote to memory of 4484 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 1148 wrote to memory of 4484 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 1148 wrote to memory of 4484 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 4024 wrote to memory of 1132 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 4024 wrote to memory of 1132 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 4024 wrote to memory of 1132 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 4024 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 4024 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 4024 wrote to memory of 4428 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 4484 wrote to memory of 3584 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 4484 wrote to memory of 3584 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 4484 wrote to memory of 3584 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 1132 wrote to memory of 464 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 1132 wrote to memory of 464 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 1132 wrote to memory of 464 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 1132 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 1132 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 1132 wrote to memory of 2448 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 3584 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 3584 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 3584 wrote to memory of 5064 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 464 wrote to memory of 3524 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 464 wrote to memory of 3524 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 464 wrote to memory of 3524 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 4428 wrote to memory of 520 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 4428 wrote to memory of 520 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 4428 wrote to memory of 520 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 3584 wrote to memory of 3864 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 3584 wrote to memory of 3864 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 3584 wrote to memory of 3864 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 5064 wrote to memory of 4236 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 5064 wrote to memory of 4236 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 5064 wrote to memory of 4236 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 3524 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 3524 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 3524 wrote to memory of 1488 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 2448 wrote to memory of 844 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 2448 wrote to memory of 844 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 2448 wrote to memory of 844 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 520 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 520 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 520 wrote to memory of 2156 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 5064 wrote to memory of 5084 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 5064 wrote to memory of 5084 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 5064 wrote to memory of 5084 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 1488 wrote to memory of 4036 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 1488 wrote to memory of 4036 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 1488 wrote to memory of 4036 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 2156 wrote to memory of 1048 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 2156 wrote to memory of 1048 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 2156 wrote to memory of 1048 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 3864 wrote to memory of 4148 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 3864 wrote to memory of 4148 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 3864 wrote to memory of 4148 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 4236 wrote to memory of 940 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 4236 wrote to memory of 940 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 4236 wrote to memory of 940 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 844 wrote to memory of 3440 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 844 wrote to memory of 3440 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 844 wrote to memory of 3440 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
PID 4236 wrote to memory of 1548 N/A C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

Processes

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -pss -s 416 -p 4580 -ip 4580

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 1400

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 150.171.28.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 tse1.mm.bing.net udp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 150.171.27.10:443 tse1.mm.bing.net tcp
US 8.8.8.8:53 www.microsoft.com udp
GB 92.123.241.137:80 www.microsoft.com tcp

Files

memory/1148-0-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/1148-2-0x00000000028B0000-0x0000000002AB1000-memory.dmp

memory/1148-8-0x00000000028B0000-0x0000000002AB1000-memory.dmp

memory/1148-14-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/1148-18-0x00000000028B0000-0x0000000002AB1000-memory.dmp

memory/1148-17-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/1148-16-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/1148-13-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/1148-15-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/1148-20-0x00000000028B0000-0x0000000002AB1000-memory.dmp

memory/4024-29-0x0000000002940000-0x0000000002B41000-memory.dmp

memory/4024-23-0x0000000002940000-0x0000000002B41000-memory.dmp

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 b104e3ff14c117d724a340081c887e01
SHA1 31385d51f24eed20cfe15db720befb7b7f91d312
SHA256 e710fcb78ad12e56ef5da4fa8037eca714e3292f9e7aca6a4640fad8c5fc71e2
SHA512 602db6c9f8d06bfe8c640d39e247726710828746b0007fc2f5ba7642d680ebc35793eae2a03322017b8bacbb630354992c17900383669bf10113c305dbac2e36

memory/4024-37-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/4024-38-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/4024-40-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/4024-39-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/4024-36-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/4024-41-0x0000000002940000-0x0000000002B41000-memory.dmp

C:\Users\Admin\AppData\Roaming\OneNoteGem\NoteFavorites\configuration.xml

MD5 095d116707c05c1451879cf0e4e64eb5
SHA1 465ff3aa448414ab276adc71e8f1befea039c426
SHA256 4a16fb3e65d55a42b4332f71ca5cdb914ff88b87c0384e50ef850556d2f6ef5b
SHA512 f3935b8e6766f9d5cdb1923b573d8fb52b4116fbbb6de7a00567fc13bc890475fa339c19454e25c87e5edbf084fbd2e2b8634b7bc615c8ab67cdff661569ec6d

memory/4024-45-0x0000000002940000-0x0000000002B41000-memory.dmp

memory/1148-46-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/4484-50-0x0000000002810000-0x0000000002A11000-memory.dmp

memory/4484-54-0x0000000002810000-0x0000000002A11000-memory.dmp

memory/1132-56-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/1132-62-0x0000000002940000-0x0000000002B41000-memory.dmp

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 de9b74fd1b11d72176430db66bf0ba05
SHA1 55a11b5aa6ac6fc0f3492dc54e994335451cc577
SHA256 f91ed45928ce8db58995bc8b5f9cf87a2ff50061b7fe0ef52927a41db5692e88
SHA512 c4e428214856b080bf6f3bd9b220ff29e755a76eee7352d874b80959ba866b0e74a167a3b158d8f756c47daf062111668df0f66add4834342d933394461993c7

C:\ProgramData\TEMP:DC58651D

MD5 5153831c74f4f34d9be8c11a1e92c02d
SHA1 cf307fedbdecc4b445b7f6014b19109e6b77bbe6
SHA256 550f25633fdd60adb34839b324878d8744b6dedce7520353535b9da5f4fc9009
SHA512 66e1786ac0df876943189d7290eb20f0c58e74c47127d58acba68bbeffe435d2847c6752e435620fba44af7bb18ab9d1e709e19d8124a048ac7ac41896dc1c7d

C:\ProgramData\TEMP:DC58651D

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

memory/4484-76-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/4484-77-0x0000000000400000-0x00000000006AA000-memory.dmp

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 2ed95e3a95e564e4ea02c121f85aae3f
SHA1 e743e44b98dd2752fd2b16a04a5d094dd95ea5fd
SHA256 5bb49b95d4990a9ec612654c3d544e03503fbc5057953861ff7fd15e4b089982
SHA512 5726909029ea93c57d018927e8f5c2faba43178ec111361a4588fc5c49edd32bb0d860436af1ed7e9e89447651a4b59f781f15eaa796688dfccf2ee01edec6fb

C:\ProgramData\TEMP:DC58651D

MD5 4e423121866c1f24623d77420bfc2e3e
SHA1 134cfb4f22875efbc9f973bd3ca67b358423b3e3
SHA256 33def98a6b6a599d8e4220523d05110bd4aa7497d75fc3ca0ff30761004b49eb
SHA512 92573cceb2115f04e81584de6c91af90de85b4593037afff7f17ca462203af9dfb87dbb5f950bd1dd904c782836a833fbe7cd027669555128e39f8ef1166e5f7

memory/4484-81-0x0000000002810000-0x0000000002A11000-memory.dmp

memory/4484-80-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/4484-79-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/4484-78-0x0000000000400000-0x00000000006AA000-memory.dmp

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 cfe4fd52acd06847aa758fde740e5297
SHA1 f84510d75ea153c238e83c0706b26e27f6cd3951
SHA256 9323b88ca06a12699559c3dbdcc34601f33327dfe7ab403414d2b01349d69997
SHA512 b9bf0d237201f30055cdb3190ef8c763aa44415d6b588e62de18b47fd0a4df25e0055e24ade76fed38d4f1877861336640588f4b18e1f03abc8c86b0b3a40651

C:\ProgramData\TEMP:DC58651D

MD5 e6c5fdc4f9417cf47c3995bab203b35b
SHA1 1b4a0d76edd67767e94ed626a86fc45f54f87952
SHA256 9add064bd5e7d7cdd9493f62577f923ad608d0801fe35b27c57cd0ad7be40265
SHA512 b35246e7fe996a62d515b776c42aec3ef760999aa88132a58a7d0e4d3f40eef5c70bffaf6bcef6f867322f88b4bfdb422ec907a6c0dbfb95ea5de8bbe4d2f4b0

memory/1132-90-0x0000000000400000-0x00000000006AA000-memory.dmp

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 31f78f31c86ebcb5af41577b8ea1494e
SHA1 6132fb857fdcbd1cc2a03c1b426e6ce7c9631c96
SHA256 fcf3f01652e8cbe194ab8ff090933d11d41c1007a9e0332fbd2f1069552f24c2
SHA512 2c504f7244f6dbb0f7077ad603f304e2ec8ebc9ef9011dd267ef3d581e874d38d9c884f36d9afb7888422342fcc77fe8d08319e9f90971fd0c7c6ae44c4d90f3

memory/1132-96-0x0000000000400000-0x00000000006AA000-memory.dmp

C:\ProgramData\TEMP:DC58651D

MD5 c142bb7380408be4b8d5c1a9fac2a1b2
SHA1 aaa0d20555890def2b338102d4df9178b17f66d2
SHA256 6a276b36584b9393cb91c434e95190e51f3e0ac62200aaf4424a5f7fe920ac86
SHA512 4b502d6a0db9e18b21752258be541e46b6b9f203f48439e381e77703561963dae7dd6d136aceb1a440d440f8585d5caf010d4c748f92f79e218c54e4c21102f1

memory/1132-95-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/1132-92-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/1132-91-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/1132-97-0x0000000002940000-0x0000000002B41000-memory.dmp

memory/4484-103-0x0000000002810000-0x0000000002A11000-memory.dmp

memory/1132-104-0x0000000002940000-0x0000000002B41000-memory.dmp

memory/4024-105-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/1148-110-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/4428-116-0x00000000029E0000-0x0000000002BE1000-memory.dmp

memory/4428-112-0x00000000029E0000-0x0000000002BE1000-memory.dmp

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 ba0f6c323c7f0fd32770048b1a084315
SHA1 cdc904667fb91a4cb7bdf47bdfef81cba6e4f0d7
SHA256 955395ab45260227a4284f2bf7dce4a24bc3c16576dd4491faadd4de5c54b6eb
SHA512 b363e6150d65fefc0551133da50ee498318be2a05c6e03109e9daca2a0f81bfdf31aad5a2b4de22df1c923907fbcc6228e7cde9803e082543760f89d10301074

memory/464-132-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/4484-134-0x0000000000400000-0x00000000006AA000-memory.dmp

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 c5dce8ba39b3b78f0e587083cfba9999
SHA1 19fa00869b0d769aa302d0764b1bb5331f657277
SHA256 d8d0405dc28f8f9170b596800d5b01ff5b87c5cc502fa96d8d7b5406463090a8
SHA512 518e790af41b030a58c3039d87a169d8a9cd035ab4cf4c6f64bd956c8b94537f35ae14b4d6cc61f89324a67e68f7a62cde053427769489c4a9ae4b09b0805293

C:\ProgramData\TEMP:DC58651D

MD5 7ed8262b3a99ef8012fbaa6f3b4ccdb5
SHA1 5bf7162e491d9c646185aac0521255256acfd28a
SHA256 3e3ab7c8d3f75ebdcc48cbd31abca67f7f4e12c7fb1cdf9e43ffa49ef639e235
SHA512 a94be0adb4164df30d84d66d7a5b34ff1f4707212b3baa216675bfb5a56ad0f3c346f31d1c2f5a39fe90ca128faf6c9d4efc22083b079a418d429051de2e73a5

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 f7eed7f04165f5c946addda88e879761
SHA1 e41a828e8143a4b9130c8c4ba8ec412e5b2c351f
SHA256 c00f0ba7a99a917738a7bbc0ca208552d9cd49ce5d4a9e79a22d6001419e18f9
SHA512 807c3f087d04533afd5af5b3185b1c59ebfde54457b22656baf5066bea8d682d425e7530be4613e85c6d644c821db35185308a93680ae5b6c612f41041c1e19c

C:\ProgramData\TEMP:DC58651D

MD5 2eb1bc5bcd999f6e2ebf2da195335bfb
SHA1 db0e5d3cd0ac8e1afce4813d99e0eb777c715f48
SHA256 b00fa77f38b54df24cf34f20e0c4d78ebbbea73db6f1d423bb14e3fb18641ff9
SHA512 498e93418cf92a82c85baab722bffe5b238b096e9e6f1f48b4d9542f800a7510b1989bc33d5c5242f2cb20f335fd5d07a2c4db866823f627a9a484452105de82

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 782d90957fd366fc38c4f324b1395ca0
SHA1 f91ea0d164dd23f3b37d0c106a86f70f640d4c47
SHA256 ac8fd0187ae4f28be12b141f38e7365ab2f93378781d5bb92a364af30f1b0f61
SHA512 a6c4b1f10995103bf31901c3cb6262aacaeaddc3b44db2945fd050b826ee14ced80b0c00f19bde56ea0e8671bd69ea73ef1a9012577abaa201e2ec3d412522e5

C:\ProgramData\TEMP:DC58651D

MD5 c9005c90e0c4a61f83269c438bab4606
SHA1 98659c898e74c24e18a1a5b81b2c656fe03cfa21
SHA256 524ba05e4783e62581e630a6dae2d6a8884912472da9a3b99871b1295797ad74
SHA512 d11631a3cb01c7b3c9d7842ec594843db2852eb765e6edf909761c77b2fa689778336ecbe54c4b5f6262f1c80eea0927c10f7e3448d8ecfe81ee1c61f3146313

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 cfb3cd5d9bef1a4e3ab96063d3c21572
SHA1 56c4754f98bbd9ca9187a0b69fe8a9ab88de93c4
SHA256 5f2b1962a98ed7ccfdbafb9936557da55bc2caa271a63d3af24d198a536faa60
SHA512 57d645441435a9b5edc7d394e64e0856cde393c026af080637ce265bf3ee9c70547ffed62b185130d99e163c6e52f110dc36fe22344a2dcb40891be34cbbd39a

C:\ProgramData\TEMP:DC58651D

MD5 3dd2e1f07baf50b0bb0181eb98a99d86
SHA1 4eeb8a53dc825325d7d87477849a4f6131c49e24
SHA256 db187b80a4621b43d2b118e3ed8efd11ca960db1318ddfbb58e9d4c2f6f7d804
SHA512 f8289029d2e61b8c7378781bd36b4f13e59909379fa1507eb8c1173a507bdf0cd2bf80727e48c8ce1ccfd58f96a988226a23c8673c87e9f19a2526f8ea98ca23

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 d4cd04ab8f222a0daf0ecd68895998f3
SHA1 bbaf947e5b615ae5a4d579033e7376d310efa4a9
SHA256 c73dfb3d93141ef54631f019ef494c46c4054e08e3d9dc16c0f350147130226a
SHA512 513d4bb911b507c287a230605c41dd067b466ffd5cdaa1af16840e5f9a44cb15374c6b23027312ada35cbc7c8569e30bbfbcd1356c34cd7539b029784d0058c9

C:\ProgramData\TEMP:DC58651D

MD5 cc3d70592555f61e35e8d763c7b48a87
SHA1 9b98163708ff14ee12a0d8ffb4fe296db623cfee
SHA256 719e799bc4c8d03da58ac6b8dd3f6ffd7217bfa9007ae3e590db8fae52f83756
SHA512 872f5638b72a68023980fcbb2fcebad1877726df5f26c2d0e43770a2b72e72c47ff60c061740d679477f8115ae42527a803d8533e2c9e9dac20dc0221952b26c

memory/1132-194-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/4024-199-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/5064-213-0x0000000000400000-0x00000000006AA000-memory.dmp

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 0b168906b24f130cfc8062b4f7f8736e
SHA1 6e08ff85d901387db5f84cc71896fe9ed9650972
SHA256 06a97d4b8573f7398ab6fc6585e6981aed618586b892c0d7b39e967c0726b71c
SHA512 d942d120ed7604a7f379f58b7ed4fba6c2c3b26fe7f80b9abefebc05d212c68244ec45a27697c61f292d5e7e43626fdb133d4385d0e3b719cb2c18134ad71530

memory/464-233-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/4428-232-0x0000000000400000-0x00000000006AA000-memory.dmp

C:\ProgramData\TEMP:DC58651D

MD5 7dfc3ceaa1ca5ea0380a6a8580a1abd4
SHA1 1b0462900eec71f782405abc86fd9f1cf4540d7e
SHA256 c3ee307d38ab0f8f73cbd5db24fad399a8a45a2b857ec5065e7f5feaa151d418
SHA512 6852a577e993f7a8230d9c6e550383db14fe9959692623aaafd6009b53ba7e28a6a86aea58a9def49323aa9b7a480a161a1de2f38c2c38bc0c7ef2828b2a51c8

memory/3524-220-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/4428-225-0x0000000000400000-0x00000000006AA000-memory.dmp

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 c7bf1082ce44386c7a5e8d25c989c76c
SHA1 ba5331e25485349b4c530bda383192016641ff8c
SHA256 e8b00b1a8f66e75625c4d0b5bcebcb90b806d061bd26a631cc4319831f83f821
SHA512 029f21cd79d642be3b6de96daaf73719bf6b3d3281cfa0112c2ffe94d9b0c727c6ad6463ea9be8ef1bf76ff184d8c9fcedf7ebd388ffdaeffc980c14b00d0475

C:\ProgramData\TEMP:DC58651D

MD5 241ea26623b3510001892b868c43c144
SHA1 9df92e38741d43dfc0513670b99a44e425f03613
SHA256 a93704f2651e363f6222133c49f8a2e4f26cd94c58fc51aed4cb7e060dd2e70c
SHA512 0311696c0c14de5bb5ffff8d30c21ef2dde548c14892d50b4972c1a849542c6e4f65b8e4a9f187b20a2215cff4b04b7d64ec79c5a1aefd103c11d8ab3568d037

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 8d63a3d9dc0aafc88f1cf3cf9efe941e
SHA1 4690dfb87ba2f97d9181babdbc21d3e993af58db
SHA256 079d854a4d4b95af0066b68b2fc03fa4b228772b059a68535a004e1c8d089220
SHA512 2b2188b18599626ab0591be06b98fb6af337890782224c8a4892acc2437507793adf322564692b2d62d54556ddf7d658bece3ca1254c21ce69eff67da9afc104

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 4c082ce43e6e92c6ecb873a5f59fb38e
SHA1 fcc8f4ed761216351bc1c49e8781eceac6056eb4
SHA256 ae51bb93aa655d5b4e9097f2ce7e4b4407cb91ad0d04d7df751647cbe4e09f26
SHA512 d9e2b34a33319b31f7580f551497faffcf6e729d153a9f1110b9ca4174f5de71286f61e915daa3a0c4f8bccdb0d39f280dd661594a1bfc643607db802368d6ec

C:\ProgramData\TEMP:DC58651D

MD5 e1db637c35b02c075a79d1b31b7da0a6
SHA1 aa699196fa929ec5e81c355b669e3fb0227c46cf
SHA256 f1d8ddac2816f37900deda2da682cc5b9f6e4c73b941ecffc9df07f12f591378
SHA512 d6ab7a475f384767fadf15946fc3b160737e2e2c613a75ee67691775f4ed38afc26eac48906bd00eccbd7fa79819b3da282a624dab3fafd447e3e8a2f7782078

C:\ProgramData\TEMP:DC58651D

MD5 e682e990f93302aea39fcbf60510a6a5
SHA1 11acd6d36e4504adaeb2b25fe3071d9f76ce4bbc
SHA256 fe622839c97d5762ba1efedc2b805a1f57777bf6b0a5f9cbbff71bc892e8ae3d
SHA512 8d18e1c5b25210c809b01b198e09d4ca4e2682f8c92f334e1d5570060d044953a0810df90f625703758acfb040a43ca665ebdedb45cb5fed024a442e8089e0a8

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 c0e84ccb99821298ce848ad9379da847
SHA1 2b1e56f0a7dc1a0e0391516083254b2286617a3d
SHA256 c2dbf2360ece12bce1cba465b7a067b51d6d649adfb259cc060ec18b0427a2d1
SHA512 e9df3c5f92bdc5ed5266e4ed2730688d4359cd8a8a7ec9dd5b8df15d77b3d09a065529e210e102cdf2a4ac73e8cf847939d6b3800aa4ceaad82e93d64f11568b

C:\ProgramData\TEMP:DC58651D

MD5 a1e3d65b65f8bf973c45ad4caba968b2
SHA1 9729f844ec6142cbc447d4b6a3bc8fc5814a62fb
SHA256 b40d0844a3b22a0c87fc312a61f14d7835d036d5917f79006c95a334f914d1fe
SHA512 1e52ef2d355c95f1227503e98c1ab90ed4f06db0de641a209ae53f7d578253db4b65e369894622ebe34402cbe445768a56f53122f1602607c6fd10755278bdd9

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 69b18558f8126946489ee6458259c377
SHA1 ff75643d568de06ecc0ef8f799e298568827e17f
SHA256 546553ccdd2127952189d2369940b1d94790242a3ec30c309b61601bdb6a6ff1
SHA512 dc7d17d58cf8c00027434d3ad983a47d414332428e109844bca57ec9d5d79db4b278b0c0d9aae1bde3342a6ff3e708ed11100779105bfc49bb994219440b1da3

C:\ProgramData\TEMP:DC58651D

MD5 7bdb62ca30ffaa72d7e478244ea516c4
SHA1 442c0e0fe0b48f74740071a93fea284721639a6e
SHA256 98eb986dece9653bff20caeec99a794b1a751933be19cb16c072b32867a3a4da
SHA512 5e8e70465d9e5645439f8a79dd4d20d7b55e67e95bb2da26c63c914e2d9d7348af9f05e6f63b24cd176abe2ec4f5de6f7d1bc9af6333f032eed746c07859c4c7

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 6a62f2d2ba3ea08b2e7996e2d0109b52
SHA1 c75b9e4d3b662068e7aa970a902f4d249845e7d9
SHA256 e94dedc58fbec6c7dd55d31fddeeba18be7c68b95bc729504e19dbe62086df1a
SHA512 60d0e2dd8e507945cfeb726cbb9bb38d0bd60373e7f3dfa3b0865e3b4e387084d9f09535543d3f5715d21f149597257a5cb32e023a59cc21ef56167335b1150a

C:\ProgramData\TEMP:DC58651D

MD5 26f55bd59ae7a31ff4e9f3fddadaa44e
SHA1 a7c3499dabd6ee7d99e5ec622b26f55425a73de5
SHA256 24c9b85ac0698ddfff137bac0c79df421d50bf2162272f9523db7010ecb84f06
SHA512 c842b17f10168b0e6ae02a446e8238811cd2cc5e621952b28e44a410a944616f8c9a06f40844b8ac8ec248a39a4e7c5f5977f0ee2b892b94c709d867cf6e77e8

C:\ProgramData\TEMP:DC58651D

MD5 ee749cb8187039c45f6caaf7873e50d6
SHA1 f3e31457c8906b7193a1a5363ccc37d6a1c8f211
SHA256 27a0a4c3b1b1254de2ff4f1244926a8102367f65ad8f2ee6e932846374b40eed
SHA512 cbdb8c726114e0666b29585167965ecfae7a9dc48bf25010ba7a7930b505d4f4883fcfedd2b9c375154a675a589ebf2f075a814358602fe6217f06877dc75f40

memory/3584-284-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/1132-327-0x0000000000400000-0x00000000006AA000-memory.dmp

C:\ProgramData\TEMP:DC58651D

MD5 58cca650f576a68269e9a65eeac5bd0e
SHA1 6dea9664bb4a55d02f8072f659cbc2955b7b741b
SHA256 32ce29b3d25ae575fa563d5a5e191e8134d1bb601b3503c0e403889fbdbe7d57
SHA512 cebf63859a520fb5aa37ca3f1953fb25d5accab1d42847fd55c1b4ffc5e95158d2379e0407160dc56886495a20a54d919942301af87c3c7d0a443ad4164069ea

memory/2448-356-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/3864-329-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/2448-364-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/2156-367-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/3524-366-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/844-361-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/5064-360-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/1488-359-0x0000000000400000-0x00000000006AA000-memory.dmp

C:\ProgramData\TEMP:DC58651D

MD5 cb61432d0f65575db79fa568f0345ec9
SHA1 702c537588e5b4eb76152d40d263967ce1889c99
SHA256 51dbdfc371b72dee1c59b6e4710fb656fba51963799f4b092dce7d5ae12a551d
SHA512 43e818d170254e7ce155376808720e694926dcd2ec20036e5910bf59caea6f6a2cddbd229db48d37765c569f4794d84c018b6c5bbf6d0ae1e2c034644642e7c2

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 fddc0862b00a166138224f5d57fd0799
SHA1 12768fec94b75c618e31e4aff1c0a9d48fce1fc6
SHA256 f946d2f74dc22f7bd93c9c0ed6302d35f8bccb3a7d97056af8541ebc7345c0f2
SHA512 baad2238e44ec822ffa8f14ac29bbe0ca2ed6918b871caa00e23ff34e1d20b30ff5a73ef0836f979eefb7a576ad434a071711918da74ddd41566953b0747a86b

memory/520-438-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/520-448-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/3584-460-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/4036-471-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/3864-482-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/2156-481-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/4148-489-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/940-504-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/844-506-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/3440-505-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/1488-480-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/3864-510-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/844-512-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/4236-488-0x0000000000400000-0x00000000006AA000-memory.dmp

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 35fe7457f5cd8d347941e9e49d39c681
SHA1 d720fb4b23f75317868223685d1aa72aa62df519
SHA256 5c158b54241e3589eb9e31f426333d980ea97a3d0f353fc59ccba6c6ad14336d
SHA512 2e0da35f470da5ed41f563beae3ab8c99c2c34c443265d49a3e8a71ae35a08c92a6d2add47c39eb519918bbe619cc9dc9a5ce8f2396021dcdad2fb8496ef5e5d

C:\ProgramData\TEMP:DC58651D

MD5 9145c75079f9021b1c594a2cbf2fd9c1
SHA1 3eade0163d401235fa1f584c1f5cf4b6c8fe08f0
SHA256 f1ea4e4c2b066a56b7b33b2b860ef330e760270e5e10aede6276b235e91163db
SHA512 0f8892fc5e6dedeb7907c985aaa6aac0893c8cc2761beff50671c6e301701c40ad9c71990f86648802edd0c77b7dc9f3cfdf1b89c72a5f68198d6a06f9b6951d

memory/1548-603-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/5084-602-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/940-622-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/3824-658-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/4148-674-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/3404-675-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/3440-673-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/5084-672-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/4472-654-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/4036-651-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/4148-642-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/1504-641-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/1584-639-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/1048-653-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/4036-621-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/1048-615-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/5064-605-0x0000000000400000-0x00000000006AA000-memory.dmp

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 67a8e6334508a0f9122ab621ac96954f
SHA1 09bfcb5ea7b8163ce81a023a97213e3f9b08661a
SHA256 d5b9c1be8caec7b30218199122dba447105477e3e77afce1659d63fb99e669cf
SHA512 db24e627345eae6bcac8024561edbee32475c695965a2c8918853763557be0be3183d2b30594db1e5ab53eaf7ec9a64e7dc64199603017035379ea5b034b6a47

C:\ProgramData\TEMP:DC58651D

MD5 dce818bf5bfdb9c7e95c3a34864a7ed9
SHA1 14c8f7d7bf7e87d6a0c8754c75a39ae5c93ffb1a
SHA256 01ca24be9263423b9c82e98d3a065ed0792ab9f55ddeb69c425100158c323d53
SHA512 0a83cbfb829d0fa94497302bc5d46c1242f07856b42ff01710bdcf30c29e18ed59d6aee41e868da70e94be53437711827f367fbc35616c4f27789f3bf12c9740

memory/3144-778-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/4148-790-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/4356-798-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/1548-797-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/1548-825-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/1504-818-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/1584-832-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/2984-831-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/844-827-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/3660-826-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/1584-817-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/4576-816-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/3824-843-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/3404-861-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/1504-863-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/244-860-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/3824-859-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/4472-840-0x0000000000400000-0x00000000006AA000-memory.dmp

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 2ba2390c3f4b8f56c0feeb26a9edec5c
SHA1 6588683ca07e1d708c962bb046113abccd46a0ba
SHA256 b1d897be3978d8031621293dc023edd156e9229d728694b26180d68bf8869cea
SHA512 9f9a527a2d1e9008f2193a3c0c06df9806bf94a3960cfcfeb633fe3542704a8c1c9ca6ef8e2117e9e9ca19712747530aa24a033a86502deecf8fd50cdba51769

C:\ProgramData\TEMP:DC58651D

MD5 acf9c27f1317296b92195ca51506f9ff
SHA1 a5e02afd81acb4b7a6b7a300b6bf359ad7199d68
SHA256 a122b411b5930e76e5610a2211226ce50d53ebea8fd7ff61881daa9789ad707d
SHA512 f8e112e9e7b8c62ddeee5c3829aea89f1b47acea4e7aad68728add58640888307f9830debbd43e6d95498b7e031ea42f8ee41fbbc8342fc5f7c90c3d20d93782

memory/3144-988-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/4576-1005-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/3440-1011-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/4236-1013-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/3660-1024-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/4148-1037-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/844-1057-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/4356-1049-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/4148-1017-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/2984-1160-0x0000000000400000-0x00000000006AA000-memory.dmp

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 9afc1b6d60039f4ebfc88c65203d4282
SHA1 f88931286487de2d2c8840da444a68484830f3d8
SHA256 c57da948c10f732da310b0b30890e014c048a91af8297136a05e132a909161cc
SHA512 b5b1ff1b1b1e1e817a82b6ee3daab3cc2313f277656b60a55314d66078ade9af1485fdb13c3a56c78c54d5fddd39de85fcc01ede8b0f8d619b1ef6f9fe08bb51

C:\ProgramData\TEMP:DC58651D

MD5 68ea451b3af415424d0ad2fbaa97fb23
SHA1 f498b061897055ac435f295e17cd72b502af91dd
SHA256 e5f4c9e41e0b15b6d2192e9f6354e1f1b55711abfde7db2c068f0afceb3532d9
SHA512 2cb2e494e0f4f1a48cbd9d2d2265ca1519a5ebafc63f60b1e42bb100bcdb62fd24a1a4cd3866f35fa3150052cf3cfe737fa44b1848d9b9a3bc80abcdfca8ea1c

C:\ProgramData\TEMP:DC58651D

MD5 1bcf33bba4ae1a5cd37ddc2b8e15bbe1
SHA1 56893be1de138f6fedbaa54de8d078ccf6d8a3af
SHA256 03c240b762e608a1fed65e7e70b616fb9656ed24d621d9cd13faa263ed7c2a71
SHA512 236e438bb25f09fe575b4ccc474d9736f9aeb10738bd20c16412304c12b570d47c4b43e9e2a6d9e01e0882a588aab6a5493019dc1e40f74ab03a044eca190e88

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 d664dc2e7089f348c3e773becbb909b6
SHA1 12288f1e02fd42a6fc36c63c3103fb528b6a5e65
SHA256 2e27af92e17fb53ea8f52ed4596d4be9e0a904a291cc044e0562543d98e4a3a9
SHA512 802d8daa2b9efc5379f22962dfa41c58c362056a32f7ed62f8708f11795f3c8309e88016c181a076e729573c35257292e3ea52e4a6dbeb9f3d73701825213d5a

memory/244-1226-0x0000000000400000-0x00000000006AA000-memory.dmp

memory/2560-1227-0x0000000000400000-0x00000000006AA000-memory.dmp

C:\ProgramData\TEMP:DC58651D

MD5 1877b0b4c06c6ca44a7cf44743d24ee7
SHA1 5e08a47928978b01552147e6b4332995a70144db
SHA256 42b4d3742871308b977e688a4f3575530ffb42a1b904365b1033e7ab61f26cb5
SHA512 c8dce6311f32709a928b358bbc7270668c243e861d6a25cd1a5478727068cbea1cd56e6bfdbeb62f73629b7fc9eaf31a59353e1162d6c1c40900aab46b9e516c

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 88944d7da51301e66ded2228583b14e0
SHA1 18e797810694fabfb2684f7d75f54b00bafef93e
SHA256 1898d6c7343347142ba76003fb3af44e1716ffae97088a3af4f516883f73e888
SHA512 ae2b71de355ce8d7fe9aab1b7decdb479840af6b9c97284c7c315217e472707b2bbd9bfd6994bc4573238c486d04f46345e1392fe56e10f41624032b2bd69416

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 d73611ea706c0884656ccd3fb3d8d2b8
SHA1 9f2505da1508d1dd71b220c35825e7d7f6317e3e
SHA256 619c6398a122df5e32946e58bdea983c199fa815cf737c7c5389c387cdde2f1c
SHA512 e1ee7acd7c62ffc83d555fd763214fb9d11aa5b07d629ce4e35e97699f5992d50a563fa433e8ae4f45a6a4d8432f93268bf3e2135055429e89de7f3165369c9f

C:\ProgramData\TEMP:DC58651D

MD5 68612ae414eb20d167a5b5b8069172e6
SHA1 97be5f92ef4523b44144cba5edbc989ca1e0079d
SHA256 5a3fc0f76972a7875d9453de0d47d1042566863f2091924ae8b87a48fa0ec358
SHA512 776995a82ea5c52ad4b6429c7f5bb305ce24be3fea7f3d0aa1e8982fdaa20b549e958bb62b7bbdee16acf6e247211e0c928e7db877ec67fd3f38cad9d3139c70

C:\ProgramData\TEMP:DC58651D

MD5 e61b409556f3be1e9abd94e37309bb9c
SHA1 43bbe0d25677e13a8bd5ab9af03fe07ccb15496d
SHA256 a4e013c7f0809d43400aaccd02f229f5c2e769b3c64ccf46de34346ad229bfd9
SHA512 e661c86a415ce9b23b428b624d4a4227eee8e49d48988aac233beda88e9b92f89d8a0fee067bb9fe8edad4bca1b555bf9e7e81566b068b69cc4b09f019b51823

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 69a4cc428697f7178457d8b91136cdbd
SHA1 f4feff75a0e4443286c97256325ffc7dc6ebc0c0
SHA256 95c41b5faf5ccf1381e701629421d32f58a4a380f6687fc0f84510d4ff8966b2
SHA512 dfb2efdcb9ae722bb9a12c5f84a8475ffd65ede7c9c230946ef82659311115365183feb3c79cc0f0680810349966e564a945adcf99ecabf6d9f45b2c16000387

C:\ProgramData\TEMP:DC58651D

MD5 99c397bed6af92206e0621c073a3ad72
SHA1 c67cbee28b290fb7e855008fbff6059d2eb9b826
SHA256 ac712156cfe84de3b75d42c5e98a2995abfe172ebcc8af1c8cf8b4b66562966a
SHA512 19aba399e0c0ab4b2af83ffef8c1fe53dd1da3a94cd9b9b28067a359f8fd5698447b9786e863f2ff0c247a160ff64d4fb76e17f63df4171046769d901a1e8708

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

MD5 4953db03cf74c2fd333933141e619cfd
SHA1 a549bbffc9342589796d7755b48d681e68108665
SHA256 e89a0f4c606591b3ec74680afba05ddf3a4a4a30e377b77d87e64278d19af561
SHA512 9e36b0a1e0df739f7781fd4f23315e872424e0de92f9b3599a628aa06e16c33beaaa300d929bd8c1c6338635cee34542bca38074ddac81b9c1d381c48d69f937