Malware Analysis Report

2025-01-22 08:29

Sample ID 241026-hg5zjaymgp
Target 2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia
SHA256 2459f186d8ac515480f7e7537a6332339bd5902fe9b1d8744a812e8bee937963
Tags
discovery evasion persistence spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

2459f186d8ac515480f7e7537a6332339bd5902fe9b1d8744a812e8bee937963

Threat Level: Known bad

The file 2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia was found to be: Known bad.

Malicious Activity Summary

discovery evasion persistence spyware stealer trojan

UAC bypass

Event Triggered Execution: Image File Execution Options Injection

Drops startup file

Reads user/profile data of web browsers

Checks computer location settings

Adds Run key to start application

Checks whether UAC is enabled

Drops desktop.ini file(s)

Drops autorun.inf file

Unsigned PE

System Location Discovery: System Language Discovery

Enumerates physical storage devices

System policy modification

Suspicious use of WriteProcessMemory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-26 06:43

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-26 06:43

Reported

2024-10-26 06:46

Platform

win7-20240903-en

Max time kernel

150s

Max time network

128s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

Signatures

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A

Event Triggered Execution: Image File Execution Options Injection

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe\Debugger = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskkill.exe\Debugger = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\cmd.exe\Debugger = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\Debugger = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\msconfig.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A

Drops startup file

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-4177215427-74451935-3209572229-1000\Software\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y07CWM3B\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WMBPAEF9\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows Mail\Stationery\Desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\60QKHYE2\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\BAFOJIJD\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y07CWM3B\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\60QKHYE2\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\5WY8FHO4\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WMBPAEF9\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SK4ZQZYF\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\5WY8FHO4\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\History\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SK4ZQZYF\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WMBPAEF9\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\XMOOPFZ1\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\Favorites\Links\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SK4ZQZYF\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\XMOOPFZ1\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y07CWM3B\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Burn\Burn\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\BAFOJIJD\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\09OB1FV8\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WMBPAEF9\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y07CWM3B\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\5WY8FHO4\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SK4ZQZYF\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\5WY8FHO4\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\60QKHYE2\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\BAFOJIJD\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\60QKHYE2\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WMBPAEF9\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\5WY8FHO4\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\XMOOPFZ1\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\5WY8FHO4\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Feeds Cache\BAFOJIJD\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\History\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Y07CWM3B\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\09OB1FV8\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A

Drops autorun.inf file

Description Indicator Process Target
File created F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created D:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created \??\E:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created D:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created \??\E:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created \??\E:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created D:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created \??\E:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created \??\E:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created D:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created D:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created \??\E:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created \??\E:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created \??\E:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created \??\E:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created \??\E:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created D:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created \??\E:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created \??\E:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created D:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created D:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created D:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created D:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created D:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created \??\E:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created \??\E:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created \??\E:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created \??\E:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created \??\E:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created \??\E:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created \??\E:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1680 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 1680 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 1680 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 1680 wrote to memory of 2108 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 2108 wrote to memory of 1336 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 2108 wrote to memory of 1336 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 2108 wrote to memory of 1336 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 2108 wrote to memory of 1336 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 1336 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 1336 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 1336 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 1336 wrote to memory of 1732 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 1732 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 1732 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 1732 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 1732 wrote to memory of 2480 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 2480 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 2480 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 2480 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 2480 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 2724 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 2724 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 2724 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 2724 wrote to memory of 2688 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 2688 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 2688 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 2688 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 2688 wrote to memory of 2676 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 2676 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 2676 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 2676 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 2676 wrote to memory of 936 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 936 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 936 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 936 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 936 wrote to memory of 2940 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 2940 wrote to memory of 316 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 2940 wrote to memory of 316 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 2940 wrote to memory of 316 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 2940 wrote to memory of 316 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 316 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 316 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 316 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 316 wrote to memory of 2444 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 2444 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 2444 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 2444 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 2444 wrote to memory of 1676 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 1676 wrote to memory of 1436 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 1676 wrote to memory of 1436 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 1676 wrote to memory of 1436 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 1676 wrote to memory of 1436 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 1436 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 1436 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 1436 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 1436 wrote to memory of 876 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 876 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 876 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 876 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 876 wrote to memory of 884 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 884 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 884 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 884 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 884 wrote to memory of 1448 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

System policy modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

Network

N/A

Files

C:\Users\Admin\AppData\Local\Adobe\Color\Profiles\wscRGB.icc.exe

MD5 8b46ce480fc997a4b886b113b77a4610
SHA1 2721e3e2c0ae7055f9b861e76f4d35ecd891c83f
SHA256 2459f186d8ac515480f7e7537a6332339bd5902fe9b1d8744a812e8bee937963
SHA512 980766aed222ee4b3b7dbac4251c1b69f284673b0fe6eaac17a921cc07f42f9bb2cf286ab69dabb3fc9d00f55309a4754972326d006b174bf762741502d5b998

F:\autorun.inf

MD5 cfd81f9112f383bb1f85edf54cd24253
SHA1 e2772f98eba691299ca1e7cc481a2b2537c1284c
SHA256 584bf1382694ef056b857668ab92debb2abf6094ec65d9da10323a638b40cb00
SHA512 abce6bd2b8324f4c0e82c31e567de142897b3f64064cae5b1cb592787d07d297999bca3c173c5250b08718618afd512340c4d6f9cfa968a3d441a6c5b1be5ffb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1.exe

MD5 a3edddc79d9231d1f75aed6e8245f5fa
SHA1 921ba477ac99e2ee53d7be841fda5613381a3284
SHA256 04797f22b825c44ab254227ae3caa20f85a03c9084b1a3a81b7325cc91b0cfb2
SHA512 c4f52d611980335764403234bbc148843a324a74a9f71773f893be76b3729c374f03457e608862f90f5222e75fa2e4b4b57b1d694a86a6ce3b1ec02635129855

Analysis: behavioral2

Detonation Overview

Submitted

2024-10-26 06:43

Reported

2024-10-26 06:46

Platform

win10v2004-20241007-en

Max time kernel

17s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

Signatures

UAC bypass

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (str) \REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WindowsCheck = "C:\\wincheck.exe" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A

Checks whether UAC is enabled

evasion trojan
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A

Drops desktop.ini file(s)

Description Indicator Process Target
File opened for modification C:\Users\Admin\3D Objects\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\3D Objects\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\3D Objects\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\3D Objects\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\3D Objects\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\3D Objects\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\3D Objects\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\3D Objects\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\3D Objects\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\3D Objects\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\Users\Admin\3D Objects\desktop.ini C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A

Drops autorun.inf file

Description Indicator Process Target
File created D:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created \??\E:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created D:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created D:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created D:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created \??\E:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created \??\E:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created D:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created D:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created D:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created \??\E:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created D:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created D:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created \??\E:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created D:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created \??\E:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created \??\E:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created \??\E:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created \??\E:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created C:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created D:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created \??\E:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File opened for modification F:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
File created \??\E:\autorun.inf C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1688 wrote to memory of 1188 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 1688 wrote to memory of 1188 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 1688 wrote to memory of 1188 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 1188 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 1188 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 1188 wrote to memory of 2952 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 2952 wrote to memory of 64 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 2952 wrote to memory of 64 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 2952 wrote to memory of 64 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 64 wrote to memory of 320 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 64 wrote to memory of 320 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 64 wrote to memory of 320 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 320 wrote to memory of 4376 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 320 wrote to memory of 4376 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 320 wrote to memory of 4376 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 4376 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 4376 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 4376 wrote to memory of 2724 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 2724 wrote to memory of 5360 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 2724 wrote to memory of 5360 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 2724 wrote to memory of 5360 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 5360 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 5360 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 5360 wrote to memory of 1908 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 1908 wrote to memory of 6920 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 1908 wrote to memory of 6920 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 1908 wrote to memory of 6920 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 6920 wrote to memory of 6564 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 6920 wrote to memory of 6564 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 6920 wrote to memory of 6564 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 6564 wrote to memory of 3380 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 6564 wrote to memory of 3380 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 6564 wrote to memory of 3380 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 3380 wrote to memory of 5524 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 3380 wrote to memory of 5524 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe
PID 3380 wrote to memory of 5524 N/A C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

System policy modification

evasion
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin = "0" C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe N/A

Processes

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe

"C:\Users\Admin\AppData\Local\Temp\2024-10-26_8b46ce480fc997a4b886b113b77a4610_mafia.exe"

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 20.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 73.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 58.55.71.13.in-addr.arpa udp
US 8.8.8.8:53 31.243.111.52.in-addr.arpa udp
US 8.8.8.8:53 91.16.208.104.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt19.lst.exe

MD5 8b46ce480fc997a4b886b113b77a4610
SHA1 2721e3e2c0ae7055f9b861e76f4d35ecd891c83f
SHA256 2459f186d8ac515480f7e7537a6332339bd5902fe9b1d8744a812e8bee937963
SHA512 980766aed222ee4b3b7dbac4251c1b69f284673b0fe6eaac17a921cc07f42f9bb2cf286ab69dabb3fc9d00f55309a4754972326d006b174bf762741502d5b998

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOCK.exe

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

F:\autorun.inf

MD5 cfd81f9112f383bb1f85edf54cd24253
SHA1 e2772f98eba691299ca1e7cc481a2b2537c1284c
SHA256 584bf1382694ef056b857668ab92debb2abf6094ec65d9da10323a638b40cb00
SHA512 abce6bd2b8324f4c0e82c31e567de142897b3f64064cae5b1cb592787d07d297999bca3c173c5250b08718618afd512340c4d6f9cfa968a3d441a6c5b1be5ffb