Analysis Overview
SHA256
2459f186d8ac515480f7e7537a6332339bd5902fe9b1d8744a812e8bee937963
Threat Level: Known bad
The file 2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia was found to be: Known bad.
Malicious Activity Summary
UAC bypass
Event Triggered Execution: Image File Execution Options Injection
Drops startup file
Reads user/profile data of web browsers
Checks computer location settings
Adds Run key to start application
Checks whether UAC is enabled
Drops desktop.ini file(s)
Drops autorun.inf file
Unsigned PE
System Location Discovery: System Language Discovery
Enumerates physical storage devices
System policy modification
Suspicious use of WriteProcessMemory
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-10-26 06:43
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-26 06:43
Reported
2024-10-26 06:46
Platform
win7-20240903-en
Max time kernel
150s
Max time network
128s
Command Line
Signatures
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
Event Triggered Execution: Image File Execution Options Injection
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\Debugger = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe\Debugger = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe\Debugger = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debugger = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
Drops startup file
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File created | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.exe | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
Drops desktop.ini file(s)
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y07CWM3B\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WMBPAEF9\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\60QKHYE2\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\BAFOJIJD\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y07CWM3B\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\60QKHYE2\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\5WY8FHO4\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WMBPAEF9\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SK4ZQZYF\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\5WY8FHO4\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\History\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SK4ZQZYF\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WMBPAEF9\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\XMOOPFZ1\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\Favorites\Links\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SK4ZQZYF\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\XMOOPFZ1\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y07CWM3B\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\BAFOJIJD\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\09OB1FV8\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WMBPAEF9\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y07CWM3B\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\5WY8FHO4\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SK4ZQZYF\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\5WY8FHO4\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\60QKHYE2\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\BAFOJIJD\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\60QKHYE2\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WMBPAEF9\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\5WY8FHO4\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\XMOOPFZ1\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\5WY8FHO4\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\BAFOJIJD\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\History\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y07CWM3B\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| File opened for modification | C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\09OB1FV8\desktop.ini | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
Drops autorun.inf file
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
Network
Files
C:\Users\Admin\AppData\Local\Adobe\Color\Profiles\wscRGB.icc.exe
| MD5 | 8b46ce480fc997a4b886b113b77a4610 |
| SHA1 | 2721e3e2c0ae7055f9b861e76f4d35ecd891c83f |
| SHA256 | 2459f186d8ac515480f7e7537a6332339bd5902fe9b1d8744a812e8bee937963 |
| SHA512 | 980766aed222ee4b3b7dbac4251c1b69f284673b0fe6eaac17a921cc07f42f9bb2cf286ab69dabb3fc9d00f55309a4754972326d006b174bf762741502d5b998 |
F:\autorun.inf
| MD5 | cfd81f9112f383bb1f85edf54cd24253 |
| SHA1 | e2772f98eba691299ca1e7cc481a2b2537c1284c |
| SHA256 | 584bf1382694ef056b857668ab92debb2abf6094ec65d9da10323a638b40cb00 |
| SHA512 | abce6bd2b8324f4c0e82c31e567de142897b3f64064cae5b1cb592787d07d297999bca3c173c5250b08718618afd512340c4d6f9cfa968a3d441a6c5b1be5ffb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1.exe
| MD5 | a3edddc79d9231d1f75aed6e8245f5fa |
| SHA1 | 921ba477ac99e2ee53d7be841fda5613381a3284 |
| SHA256 | 04797f22b825c44ab254227ae3caa20f85a03c9084b1a3a81b7325cc91b0cfb2 |
| SHA512 | c4f52d611980335764403234bbc148843a324a74a9f71773f893be76b3729c374f03457e608862f90f5222e75fa2e4b4b57b1d694a86a6ce3b1ec02635129855 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-10-26 06:43
Reported
2024-10-26 06:46
Platform
win10v2004-20241007-en
Max time kernel
17s
Max time network
152s
Command Line
Signatures
UAC bypass
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
Drops desktop.ini file(s)
Drops autorun.inf file
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Suspicious use of WriteProcessMemory
System policy modification
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" | C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe | N/A |
Processes
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.163.202.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 73.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 31.243.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 91.16.208.104.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt19.lst.exe
| MD5 | 8b46ce480fc997a4b886b113b77a4610 |
| SHA1 | 2721e3e2c0ae7055f9b861e76f4d35ecd891c83f |
| SHA256 | 2459f186d8ac515480f7e7537a6332339bd5902fe9b1d8744a812e8bee937963 |
| SHA512 | 980766aed222ee4b3b7dbac4251c1b69f284673b0fe6eaac17a921cc07f42f9bb2cf286ab69dabb3fc9d00f55309a4754972326d006b174bf762741502d5b998 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOCK.exe
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
F:\autorun.inf
| MD5 | cfd81f9112f383bb1f85edf54cd24253 |
| SHA1 | e2772f98eba691299ca1e7cc481a2b2537c1284c |
| SHA256 | 584bf1382694ef056b857668ab92debb2abf6094ec65d9da10323a638b40cb00 |
| SHA512 | abce6bd2b8324f4c0e82c31e567de142897b3f64064cae5b1cb592787d07d297999bca3c173c5250b08718618afd512340c4d6f9cfa968a3d441a6c5b1be5ffb |