banload | ebd5805bc2c1d4e939431746714b7f93c8615eef523dd0697340e46a1de430d7

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
26/02/2025, 12:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Size

2.1MB
MD5

4d9cf71bc5b646f2126fd4141962dd9f
SHA1

baf2fe3f0a3edc5793fb3f13478f997ac1bf942f
SHA256

ebd5805bc2c1d4e939431746714b7f93c8615eef523dd0697340e46a1de430d7
SHA512

1d8caa4ece1c3990d1d00723629f0d76837afc75efb5cc22258acae0463a49c8e70ebfc3a1616421e1c5158cf1d0de8f4914321118f76ae15848164d9deccf45
SSDEEP

49152:CMUSWPePiaGrTloaG99GEuBw68B1ECYJgkpgl7:CMaPwiZrW9GEuG68B+5J8

Score

10^/10

banload discovery downloader dropper trojan

Malware Config

Signatures

Banload
Banload variants download malicious files, then install and execute the files.
trojan dropper downloader banload
Banload family
banload

Checks BIOS information in registry 2 TTPs 64 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 3 IoCs

pid	pid_target	Process	procid_target
3028	604	WerFault.exe	38
2564	2748	WerFault.exe	51
2392	536	WerFault.exe	103

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\dfohcrahg\ = "cgekCD{pGnktKZMh_BT}"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\fPOVz\ = "VviYVe`nowMx[\|w}qi{UMQqhB]A^rTy"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\mgkof\ = "DfS_cuSHFhABvAhIHIu\|bLnVTi"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\mgkof\ = "AUwCN]dFX]\x7fqOySPKeG]gNtpir"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\hszsjyrXG\ = "\x7fUDXejwLRJM@cF}Mj[eThcWj"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\mgkof\ = "AUwCN]dFX]\x7fqOySPKeG]gO`pir"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\jOHov\ = "ANN\|zRz\x7fSmTtEHNSOQoidZUl}K]Rmu"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\mgkof\ = "AUwCN]dFX]\x7fqOySPKeG]gOHpir"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\mgkof\ = "DfS_cuSHFhABvAhIHIu\|bM^VTi"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\cvfnqzEuBua\ = "rSyW~p^SjmpyKjZP"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\hszsjyrXG\ = "{mVxdiv@lA\|KfVXO`FVE~^wR"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\jOHov\ = "jwtN\x7fy}}M@E^PbPnjn\|BmDFwcxy\|cU"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\cvfnqzEuBua\ = "rSyP^p^SjmW[zSK@"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\cvfnqzEuBua\ = "azu]{\\aYHJeYXQI`"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\cvfnqzEuBua\ = "azu\\W\\aYHJDHsV\|@"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\mgkof\ = "DfS_cuSHFhABvAhIHIu\|bLjVTi"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\cvfnqzEuBua\ = "rSyWjq^Sjmlscrb`"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\mgkof\ = "DfS_cuSHFhABvAhIHIu\|bOFVTi"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\mgkof\ = "AUwCN]dFX]\x7fqOySPKeG]gNtpir"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\fPOVz\ = "~lC]fBqrfrd@^V`MuQqcIm\x7fxLL@gWpC"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\cvfnqzEuBua\ = "azuRw]aYHJAm^JEP"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\hszsjyrXG\ = "\x7fUDZqjwLRJMOcF}Mj[eThcWj"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\jOHov\ = "ANN\|zRz\x7fSmTtEHNSOQoidZUl}K]Rmu"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\cvfnqzEuBua\ = "azu^K\\aYHJDZFU{@"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\cvfnqzEuBua\ = "azuYO\\aYHJZA\x7ffI`"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\hszsjyrXG\ = "\x7fUDX]jwLRJMOkG}Mj[eThcWj"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\hszsjyrXG\ = "\x7fUDX]jwLRJMLkG}Mj[eThcWj"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\cvfnqzEuBua\ = "azuU[]aYHJunF_pP"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\fPOVz\ = "VviYVe`nowMx[\|w}qi{UMQqhB]A^rTy"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\cvfnqzEuBua\ = "rSyWZp^Sjmv{KwE`"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\hszsjyrXG\ = "{mVy@iv@lA\|GrVXO`FVE~^wR"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\hszsjyrXG\ = "{mVx@iv@lA\|H~VXO`FVE~^wR"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\mgkof\ = "DfS_cuSHFhABvAhIHIu\|bLfVTi"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\cvfnqzEuBua\ = "azuZO\\aYHJGiqWW`"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\cvfnqzEuBua\ = "rSyUfq^SjmbB\x7fL[p"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\amntb\ = "c~jHaSEfq@rACywffSglA@Ipj\\h`mLh"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\hszsjyrXG\ = "\x7fUDYyjwLRJMHoG}Mj[eThcWj"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\cvfnqzEuBua\ = "rSyTjp^SjmwBJFuP"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\hszsjyrXG\ = "{mV{div@lA\|NvVXO`FVE~^wR"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\hszsjyrXG\ = "\x7fUDXejwLRJM@cF}Mj[eThcWj"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\hszsjyrXG\ = "{mV{@iv@lA\|BNWXO`FVE~^wR"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\cvfnqzEuBua\ = "rSyYJp^Sjm@pHyB`"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\cvfnqzEuBua\ = "rSyVrq^Sjmvdxax`"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\cvfnqzEuBua\ = "azuWO]aYHJAa^RK@"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\dfohcrahg\ = "cgekCD{pGnktKZMh_BT}"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\mgkof\ = "AUwCN]dFX]\x7fqOySPKeG]gMdpir"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\mgkof\ = "DfS_cuSHFhABvAhIHIu\|bOBVTi"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\cvfnqzEuBua\ = "azuU\x7f]aYHJixNOs@"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\hszsjyrXG\ = "{mVzliv@lA\|EfWXO`FVE~^wR"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\hszsjyrXG\ = "\x7fUDYijwLRJMIKG}Mj[eThcWj"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\cvfnqzEuBua\ = "rSyPvq^SjmJ_]dG@"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\jOHov\ = "ANN\|zRz\x7fSmTtEHNSOQoidZUl}K]Rmu"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\cvfnqzEuBua\ = "rSy_Rq^Sjm{WEh^@"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\mgkof\ = "AUwCN]dFX]\x7fqOySPKeG]gM\\pir"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\mgkof\ = "AUwCN]dFX]\x7fqOySPKeG]gLxpir"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\hszsjyrXG\ = "{mV{hiv@lA\|MFVXO`FVE~^wR"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\cvfnqzEuBua\ = "azu[{\\aYHJi\|ilk@"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\fPOVz\ = "~lC]fBqrfrd@^V`MuQqcIm\x7fxLL@gWpC"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\hszsjyrXG\ = "{mVxxiv@lA\|JrVXO`FVE~^wR"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\cvfnqzEuBua\ = "rSyXvp^Sjmv`_B``"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\hszsjyrXG\ = "\x7fUDYijwLRJMHCG}Mj[eThcWj"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{54659997-AE7E-9524-DC29-D79920BCD584}\mgkof\ = "DfS_cuSHFhABvAhIHIu\|bM^VTi"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\hszsjyrXG\ = "\x7fUDXEjwLRJMOkG}Mj[eThcWj"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2039016743-699959520-214465309-1000_CLASSES\{DC58651D-B945-13D1-B2E4-0060975B8649}\hszsjyrXG\ = "\x7fUDYijwLRJMHCG}Mj[eThcWj"	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

NTFS ADS 64 IoCs

description	ioc	Process
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
File opened for modification	C:\ProgramData\TEMP:DC58651D	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	2884	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: SeIncBasePriorityPrivilege	2884	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: 33	2740	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: SeIncBasePriorityPrivilege	2740	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: 33	1788	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: SeIncBasePriorityPrivilege	1788	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: 33	2052	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: SeIncBasePriorityPrivilege	2052	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: 33	1244	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: SeIncBasePriorityPrivilege	1244	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: 33	1424	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: SeIncBasePriorityPrivilege	1424	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: 33	2056	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: SeIncBasePriorityPrivilege	2056	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: 33	884	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: SeIncBasePriorityPrivilege	884	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: 33	2572	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: SeIncBasePriorityPrivilege	2572	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: 33	1624	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: SeIncBasePriorityPrivilege	1624	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: 33	604	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: SeIncBasePriorityPrivilege	604	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: 33	2560	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: SeIncBasePriorityPrivilege	2560	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: 33	2516	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: SeIncBasePriorityPrivilege	2516	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: 33	2512	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: SeIncBasePriorityPrivilege	2512	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: 33	2556	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: SeIncBasePriorityPrivilege	2556	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: 33	1776	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: SeIncBasePriorityPrivilege	1776	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: 33	1284	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: SeIncBasePriorityPrivilege	1284	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: 33	2324	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: SeIncBasePriorityPrivilege	2324	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: 33	2792	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: SeIncBasePriorityPrivilege	2792	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: 33	2748	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: SeIncBasePriorityPrivilege	2748	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: 33	1612	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: SeIncBasePriorityPrivilege	1612	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: 33	1440	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: SeIncBasePriorityPrivilege	1440	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: 33	1540	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: SeIncBasePriorityPrivilege	1540	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: 33	2248	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: SeIncBasePriorityPrivilege	2248	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: 33	976	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: SeIncBasePriorityPrivilege	976	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: 33	2532	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: SeIncBasePriorityPrivilege	2532	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: 33	2144	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: SeIncBasePriorityPrivilege	2144	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: 33	2424	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: SeIncBasePriorityPrivilege	2424	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: 33	2088	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: SeIncBasePriorityPrivilege	2088	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: 33	2360	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: SeIncBasePriorityPrivilege	2360	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: 33	1676	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: SeIncBasePriorityPrivilege	1676	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: 33	552	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
Token: SeIncBasePriorityPrivilege	552	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2884 wrote to memory of 2740	2884	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	31
PID 2884 wrote to memory of 2740	2884	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	31
PID 2884 wrote to memory of 2740	2884	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	31
PID 2884 wrote to memory of 2740	2884	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	31
PID 2884 wrote to memory of 2052	2884	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	32
PID 2884 wrote to memory of 2052	2884	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	32
PID 2884 wrote to memory of 2052	2884	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	32
PID 2884 wrote to memory of 2052	2884	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	32
PID 2740 wrote to memory of 1788	2740	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	33
PID 2740 wrote to memory of 1788	2740	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	33
PID 2740 wrote to memory of 1788	2740	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	33
PID 2740 wrote to memory of 1788	2740	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	33
PID 2740 wrote to memory of 1424	2740	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	34
PID 2740 wrote to memory of 1424	2740	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	34
PID 2740 wrote to memory of 1424	2740	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	34
PID 2740 wrote to memory of 1424	2740	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	34
PID 1788 wrote to memory of 1244	1788	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	35
PID 1788 wrote to memory of 1244	1788	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	35
PID 1788 wrote to memory of 1244	1788	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	35
PID 1788 wrote to memory of 1244	1788	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	35
PID 2052 wrote to memory of 2056	2052	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	36
PID 2052 wrote to memory of 2056	2052	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	36
PID 2052 wrote to memory of 2056	2052	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	36
PID 2052 wrote to memory of 2056	2052	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	36
PID 1244 wrote to memory of 604	1244	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	38
PID 1244 wrote to memory of 604	1244	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	38
PID 1244 wrote to memory of 604	1244	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	38
PID 1244 wrote to memory of 604	1244	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	38
PID 1424 wrote to memory of 884	1424	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	37
PID 1424 wrote to memory of 884	1424	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	37
PID 1424 wrote to memory of 884	1424	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	37
PID 1424 wrote to memory of 884	1424	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	37
PID 2056 wrote to memory of 1624	2056	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	39
PID 2056 wrote to memory of 1624	2056	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	39
PID 2056 wrote to memory of 1624	2056	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	39
PID 2056 wrote to memory of 1624	2056	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	39
PID 2052 wrote to memory of 2572	2052	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	40
PID 2052 wrote to memory of 2572	2052	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	40
PID 2052 wrote to memory of 2572	2052	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	40
PID 2052 wrote to memory of 2572	2052	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	40
PID 2052 wrote to memory of 2512	2052	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	43
PID 2052 wrote to memory of 2512	2052	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	43
PID 2052 wrote to memory of 2512	2052	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	43
PID 2052 wrote to memory of 2512	2052	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	43
PID 604 wrote to memory of 3028	604	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	42
PID 604 wrote to memory of 3028	604	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	42
PID 604 wrote to memory of 3028	604	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	42
PID 604 wrote to memory of 3028	604	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	42
PID 2572 wrote to memory of 2560	2572	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	44
PID 2572 wrote to memory of 2560	2572	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	44
PID 2572 wrote to memory of 2560	2572	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	44
PID 2572 wrote to memory of 2560	2572	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	44
PID 884 wrote to memory of 2516	884	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	45
PID 884 wrote to memory of 2516	884	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	45
PID 884 wrote to memory of 2516	884	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	45
PID 884 wrote to memory of 2516	884	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	45
PID 1624 wrote to memory of 2556	1624	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	46
PID 1624 wrote to memory of 2556	1624	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	46
PID 1624 wrote to memory of 2556	1624	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	46
PID 1624 wrote to memory of 2556	1624	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	46
PID 2556 wrote to memory of 1776	2556	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	47
PID 2556 wrote to memory of 1776	2556	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	47
PID 2556 wrote to memory of 1776	2556	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	47
PID 2556 wrote to memory of 1776	2556	2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe	47

C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
"C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
1⤵
- Checks BIOS information in registry
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2884
- C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
  "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
  2⤵
  - Checks BIOS information in registry
  - System Location Discovery: System Language Discovery
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2740
- - C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
    3⤵
    - Checks BIOS information in registry
    - System Location Discovery: System Language Discovery
    - NTFS ADS
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:1788
  - - C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
      "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
      4⤵
      Checks BIOS information in registry
      System Location Discovery: System Language Discovery
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:1244
    - - C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Modifies registry class
        NTFS ADS
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:604
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 604 -s 768
        6⤵
        Program crash
        
        PID:3028
- - C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
    3⤵
    - Checks BIOS information in registry
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - NTFS ADS
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:1424
  - - C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
      "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
      4⤵
      Checks BIOS information in registry
      System Location Discovery: System Language Discovery
      Modifies registry class
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:884
    - - C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2516
      - C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        6⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        7⤵
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        8⤵
        Checks BIOS information in registry
        System Location Discovery: System Language Discovery
        Modifies registry class
        NTFS ADS
        Suspicious use of AdjustPrivilegeToken
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        9⤵
        Checks BIOS information in registry
        NTFS ADS
        Suspicious use of AdjustPrivilegeToken
        
        PID:552
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        11⤵
        Checks BIOS information in registry
        Modifies registry class
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        12⤵
        Checks BIOS information in registry
        System Location Discovery: System Language Discovery
        NTFS ADS
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        13⤵
        Checks BIOS information in registry
        
        PID:668
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        13⤵
        System Location Discovery: System Language Discovery
        Modifies registry class
        NTFS ADS
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        13⤵
        Modifies registry class
        
        PID:3140
      - C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        6⤵
        Checks BIOS information in registry
        System Location Discovery: System Language Discovery
        Modifies registry class
        NTFS ADS
        Suspicious use of AdjustPrivilegeToken
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        7⤵
        Checks BIOS information in registry
        System Location Discovery: System Language Discovery
        NTFS ADS
        Suspicious use of AdjustPrivilegeToken
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        8⤵
        Checks BIOS information in registry
        Modifies registry class
        NTFS ADS
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        9⤵
        Checks BIOS information in registry
        System Location Discovery: System Language Discovery
        Modifies registry class
        NTFS ADS
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        10⤵
        System Location Discovery: System Language Discovery
        NTFS ADS
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        11⤵
        Checks BIOS information in registry
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        12⤵
        Modifies registry class
        NTFS ADS
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        13⤵
        NTFS ADS
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        12⤵
        Modifies registry class
        NTFS ADS
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        13⤵
        Checks BIOS information in registry
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        12⤵
        Checks BIOS information in registry
        System Location Discovery: System Language Discovery
        
        PID:3776
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        10⤵
        
        PID:708
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        11⤵
        Modifies registry class
        NTFS ADS
        
        PID:976
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        12⤵
        Checks BIOS information in registry
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        12⤵
        System Location Discovery: System Language Discovery
        NTFS ADS
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        11⤵
        Checks BIOS information in registry
        Modifies registry class
        NTFS ADS
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        11⤵
        System Location Discovery: System Language Discovery
        NTFS ADS
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        8⤵
        System Location Discovery: System Language Discovery
        NTFS ADS
        
        PID:760
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        9⤵
        Modifies registry class
        NTFS ADS
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        10⤵
        Checks BIOS information in registry
        NTFS ADS
        
        PID:764
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        11⤵
        System Location Discovery: System Language Discovery
        NTFS ADS
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        12⤵
        Checks BIOS information in registry
        System Location Discovery: System Language Discovery
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        12⤵
        System Location Discovery: System Language Discovery
        NTFS ADS
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        12⤵
        System Location Discovery: System Language Discovery
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        11⤵
        Checks BIOS information in registry
        System Location Discovery: System Language Discovery
        Modifies registry class
        NTFS ADS
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        12⤵
        Checks BIOS information in registry
        
        PID:3484
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        11⤵
        System Location Discovery: System Language Discovery
        Modifies registry class
        NTFS ADS
        
        PID:2608
- C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
  "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2052
- - C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
    3⤵
    - Checks BIOS information in registry
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2056
  - - C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
      "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Modifies registry class
      NTFS ADS
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:1624
    - - C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        5⤵
        Checks BIOS information in registry
        Modifies registry class
        NTFS ADS
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:2556
      - C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        6⤵
        System Location Discovery: System Language Discovery
        NTFS ADS
        Suspicious use of AdjustPrivilegeToken
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        7⤵
        Checks BIOS information in registry
        System Location Discovery: System Language Discovery
        NTFS ADS
        Suspicious use of AdjustPrivilegeToken
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        8⤵
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious use of AdjustPrivilegeToken
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        9⤵
        Checks BIOS information in registry
        System Location Discovery: System Language Discovery
        NTFS ADS
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        10⤵
        
        PID:796
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        12⤵
        Checks BIOS information in registry
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        13⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        14⤵
        Checks BIOS information in registry
        Modifies registry class
        NTFS ADS
        
        PID:1532
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        13⤵
        System Location Discovery: System Language Discovery
        NTFS ADS
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        13⤵
        Checks BIOS information in registry
        Modifies registry class
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        7⤵
        Checks BIOS information in registry
        NTFS ADS
        Suspicious use of AdjustPrivilegeToken
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        8⤵
        Checks BIOS information in registry
        System Location Discovery: System Language Discovery
        Modifies registry class
        NTFS ADS
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        9⤵
        Modifies registry class
        NTFS ADS
        
        PID:2304
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        10⤵
        System Location Discovery: System Language Discovery
        NTFS ADS
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        11⤵
        System Location Discovery: System Language Discovery
        Modifies registry class
        NTFS ADS
        
        PID:868
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        12⤵
        Checks BIOS information in registry
        System Location Discovery: System Language Discovery
        NTFS ADS
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        13⤵
        Checks BIOS information in registry
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        14⤵
        System Location Discovery: System Language Discovery
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        13⤵
        System Location Discovery: System Language Discovery
        
        PID:3996
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        12⤵
        Checks BIOS information in registry
        System Location Discovery: System Language Discovery
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        12⤵
        System Location Discovery: System Language Discovery
        Modifies registry class
        NTFS ADS
        
        PID:3384
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        7⤵
        
        PID:2316
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        8⤵
        System Location Discovery: System Language Discovery
        Modifies registry class
        NTFS ADS
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        9⤵
        Checks BIOS information in registry
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        10⤵
        Checks BIOS information in registry
        NTFS ADS
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        11⤵
        Checks BIOS information in registry
        System Location Discovery: System Language Discovery
        Modifies registry class
        NTFS ADS
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        12⤵
        Checks BIOS information in registry
        NTFS ADS
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        12⤵
        NTFS ADS
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        11⤵
        Checks BIOS information in registry
        Modifies registry class
        NTFS ADS
        
        PID:1112
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        11⤵
        Checks BIOS information in registry
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        8⤵
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:316
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        9⤵
        Modifies registry class
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        10⤵
        Modifies registry class
        NTFS ADS
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        11⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        11⤵
        Checks BIOS information in registry
        Modifies registry class
        NTFS ADS
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        10⤵
        Modifies registry class
        NTFS ADS
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        11⤵
        Checks BIOS information in registry
        NTFS ADS
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        10⤵
        Checks BIOS information in registry
        Modifies registry class
        NTFS ADS
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        9⤵
        Checks BIOS information in registry
        Modifies registry class
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        10⤵
        Modifies registry class
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        10⤵
        System Location Discovery: System Language Discovery
        
        PID:3372
    - - C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        5⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:1284
      - C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        6⤵
        System Location Discovery: System Language Discovery
        Modifies registry class
        NTFS ADS
        Suspicious use of AdjustPrivilegeToken
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        7⤵
        Suspicious use of AdjustPrivilegeToken
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        8⤵
        Checks BIOS information in registry
        NTFS ADS
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        9⤵
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        10⤵
        Checks BIOS information in registry
        System Location Discovery: System Language Discovery
        Modifies registry class
        NTFS ADS
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        11⤵
        Modifies registry class
        
        PID:264
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        12⤵
        NTFS ADS
        
        PID:536
        
        C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 712
        13⤵
        Program crash
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        12⤵
        System Location Discovery: System Language Discovery
        NTFS ADS
        
        PID:1248
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        12⤵
        Checks BIOS information in registry
        
        PID:3648
- - C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
    3⤵
    - Checks BIOS information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
      "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
      4⤵
      Checks BIOS information in registry
      Modifies registry class
      NTFS ADS
      Suspicious use of AdjustPrivilegeToken
      PID:2560
    - - C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:2748
      - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 768
        6⤵
        Program crash
        
        PID:2564
- - C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:2512
  - - C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
      "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
      4⤵
      Checks BIOS information in registry
      System Location Discovery: System Language Discovery
      Modifies registry class
      NTFS ADS
      Suspicious use of AdjustPrivilegeToken
      PID:2324
    - - C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:1540
      - C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        6⤵
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        7⤵
        System Location Discovery: System Language Discovery
        NTFS ADS
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        8⤵
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        9⤵
        Modifies registry class
        NTFS ADS
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        10⤵
        Checks BIOS information in registry
        NTFS ADS
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        11⤵
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        12⤵
        NTFS ADS
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        13⤵
        Modifies registry class
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        11⤵
        Checks BIOS information in registry
        System Location Discovery: System Language Discovery
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2025-02-26_4d9cf71bc5b646f2126fd4141962dd9f_mafia.exe"
        11⤵
        Checks BIOS information in registry
        System Location Discovery: System Language Discovery
        Modifies registry class
        NTFS ADS
        
        PID:3500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Licenses\04E652468A66B03FB.Lic

Filesize
132B

MD5
e93f737fc32f9c41a3d88d8843038a99

SHA1
3af0909dd127c1ebbb8c3838baeb22338cff46a5

SHA256
921d6c0f907bba65ec41f94b39d4a8ac159e5adc1919ecdacc2536be62b606e6

SHA512
781f53e12c4610c2bf7a52f32598772efcca05f0d6e023c0b90e346262df4c711c6f5d6558126061d8bd28742f459a370a895a254010e31027f2b0481ec40f2e

Download Submit
C:\ProgramData\Licenses\04E652468A66B03FB.Lic

Filesize
132B

MD5
9d66a73e6c63b3fd83f5b52d0407c687

SHA1
1bcae25440fe28131232b94377e6e8c21fd47e99

SHA256
2cd10161d29b0b7ca28a05b6d0db1ee5ed0037ece029a6e0715a034c0aed8561

SHA512
cbdabfe51cca0a2f6d672e6f10759f991095410f55357ce4799e2d136aab1ff82b4d25f59bb6c6ccd693fd81ad8176834cb2224ad65ab26565a17903888f578c

Download Submit
C:\ProgramData\Licenses\04E652468A66B03FB.Lic

Filesize
132B

MD5
c6f678f4aa3cfa727d21ab2f355bf73e

SHA1
375770a090a2706956adee3a6e4e4b23df65bbea

SHA256
39f554ac1495b81dff43d2c23e54faf543670687c4ddfd4c8f568a45e95b2559

SHA512
d618b5ae0738178e9ed55685889470faac5bf64f14d4452880ea99396d2ce0baf3e4d9127b0603bb327e943c3b085a9a60850fef52392a8ae0a4ccbe380067cf

Download Submit
C:\ProgramData\Licenses\04E652468A66B03FB.Lic

Filesize
132B

MD5
3330c4a524e67bdc2190819d20dfdcb4

SHA1
af7bce334d6528709d12c6e98d9a6848094dfd73

SHA256
1eb1857c7cc314cff4587f124ac8896a830940d71ed7290d351d9e050c5732a4

SHA512
bbe6745de5658c59391d31068832e2ce1cd9ac5b61e80406ef03cb3930b7e7c06b651abe13afdba858a3c1b9554d32bb3d7bcb052e6bc61712f89e0c17994868

Download Submit
C:\ProgramData\Licenses\04E652468A66B03FB.Lic

Filesize
132B

MD5
d049eaa75873e05c23ee959fda8b2fb6

SHA1
9afcb6e2de6c61f1715f81621cb49f2b4a86c1bc

SHA256
43387f4e3f785b6452305d8a4b85ebe5d55bbf35a84c6a32b22df35b32aa5200

SHA512
fa8982281b42a6f13beda45446044100e0b40a232014cc6bbc4239e2e5c7801f9076f2254cd4c63e551cc0c8d85553fd1ac08cd901a630433d76ab34b241aacf

Download Submit
C:\ProgramData\Licenses\04E652468A66B03FB.Lic

Filesize
132B

MD5
4e8d524dfa37d77ce286ff5ed1993ae4

SHA1
64867b51d8a751eb9bd06a4f052d12864886c3e1

SHA256
b6a8c3f5af052fb93aa389fc34ea6b0a96d8b26b09e167089338281651825571

SHA512
75347979989b22761cd854cdc4fe35c585411238a318b47c608a67f068540c034eb90d08caabea80e272ce58f8c40afd3822d87a7a175d0705a1b523ccd931e4

Download Submit
C:\ProgramData\Licenses\04E652468A66B03FB.Lic

Filesize
132B

MD5
77cbd1b3a5b16079bebc849f0d66923b

SHA1
b095807cfba5d21548945d3ab392d6a8f4a4c3a8

SHA256
8fecf37cdba9444c4b1344d9ae232d20ec383ac4eb566ea59d33b260469b11f5

SHA512
a7167967774cbbc3745be4b788b581caa246ea1a6d2faa1948abc1b958f9f8310f1a4e5f10a916e8108bae41989edb2b4dd3111775be97fed595fd775fd8dcf8

Download Submit
C:\ProgramData\Licenses\04E652468A66B03FB.Lic

Filesize
132B

MD5
d7d157b12124af1be9faea474c74c970

SHA1
0151787733879d84ea16b9e7c169b91ef6992f6c

SHA256
16a3ebb5da6a34db67eb656cf2adcee88778349df2882e8a053a6038fce46ce3

SHA512
219679ba1c1ec6b549a095f57a41ddea68c0010d215db6119e72fe3d645628cbbcacc09f0404443e34c5adffd9e76c0e41382806a13ceadad4412b33a1c89e85

Download Submit
C:\ProgramData\Licenses\04E652468A66B03FB.Lic

Filesize
132B

MD5
a50e27520ea8512a911ab396ec4a0665

SHA1
f89e4adf75f5ca5a246a1e02b6b6427a19421699

SHA256
0cfdeba098bd96d7aa2027203ef66c832da04bc1e099c5111a67ca767aa42ccf

SHA512
0207c83f4a6b7d9b27c4d0d98c3588e139ccf6b6efb0428211ee105b84fd534c7758642d563e2b22864ecf8fd24c50f377093851689a62a846bc7a49a31f8c61

Download Submit
C:\ProgramData\Licenses\04E652468A66B03FB.Lic

Filesize
132B

MD5
4bf57039d3ea668847b6d8c7189a77d1

SHA1
86ed07fca892a93c6a759c067082553e22290c49

SHA256
fc9b85f396d0e100a0dd87998350328d179bd3b4767073901edcfc261a988361

SHA512
3b88eab0aa9e4f5894462b12c0314b78584ce46f7e40f04767a8a5ab4d0c99fff306cd6b8f043bfc56290eb0f46169de8551f542dbd29de80a74e467c60338e2

Download Submit
C:\ProgramData\Licenses\04E652468A66B03FB.Lic

Filesize
132B

MD5
66fd3f0f8c8509647bfdfb35450abc2d

SHA1
3be54dae88c7b0aec2dfa6ae64ce10addf0682ba

SHA256
bb920a737cfd361110f29330134986a9a14af1e48b79ec177745eb08c13e857e

SHA512
1c6cf639af5cfbb0d6cd863b52c78067e577cb0916a8c86c85b09738cdd6b9897a9c133f0c0364301f7f33d2f375e0589367f406c71a832199540fea04c0402c

Download Submit
C:\ProgramData\Licenses\04E652468A66B03FB.Lic

Filesize
132B

MD5
5caa08ee5ab52979b1d5982161c11c41

SHA1
654e90dbd970a3bf83fa5f12640ff817dea6fef2

SHA256
b2d9fe57444dcc9cc6f5ea444d1419a22af3852d8740a9600519b96884a1a1f7

SHA512
040ac90edade1e3002687ae028981db13bbaf7888c997e9429c4aa65baaa14d5595ae9f81b3e25a1681abe3d40ca1528deb8f5b3e457e94aab53c67a300f22d6

Download Submit
C:\ProgramData\Licenses\04E652468A66B03FB.Lic

Filesize
132B

MD5
11eced318a7b57fc1fa57c86ddcd1944

SHA1
d3dea0625820be7eee8cde5d2894abdabe5e261f

SHA256
42ccdd7f6d7959e4b8726f32d6d1f69dbf9fd72a31466156d8c285ceee7c0205

SHA512
7c5e9c1b062220491cfcd48134aa27973ddf5b15eb04232bd4708795965639c2a10a285dc6b534adb8c8f033f4c81c6ed2753706de3b01df894cb2a7b3586433

Download Submit
C:\ProgramData\Licenses\04E652468A66B03FB.Lic

Filesize
132B

MD5
964ce9dc05b68400b7f3371f81f963ea

SHA1
ff1d0325e96573a77a47a556d3bea3b90c5a5e32

SHA256
a43f76dcccd22d9407c564743b00df10048e2b7223161d5d2f2638a08d531927

SHA512
e646e1d591c9cf7e893d6b0e4dfe3bae1729b20dc69bf677698607e3ecbb79aa61f9c1a4a858fac7f93130a60effceb266ce1540f528856382b25cc32f7c2525

Download Submit
C:\ProgramData\Licenses\04E652468A66B03FB.Lic

Filesize
132B

MD5
182b498a82e3483cc3771d277e59711e

SHA1
00824cd0e5f1f7edd10a9756652344dd87fec684

SHA256
f28009214de7b9963a727b4bb66488a6903bf765682e7cbe1f6cf931324ce144

SHA512
7d7d2e0f49fcf305cebddc2843533dc0ffe1fe96919303b10a3458a80e4993c4b334d51b488870b6cd4bb81ec14ae4142f667df6be11b4497d289a89eaf3b38e

Download Submit
C:\ProgramData\Licenses\04E652468A66B03FB.Lic

Filesize
132B

MD5
de228856e5fa0d538586faaea93096a2

SHA1
3d7fa62c0478864a1c2fbd28b42f9a4f2bf31601

SHA256
7889ab6ec340021dfb45e45f3fbea26312cd3b3831f57e9a61ecec33c6a4906a

SHA512
5fe29d314f39dffd65cedd4f517f24d76f742b2ce2acd191602435a5fa39c0e338f6645069d108f53faa00d5665335508cd742495f15715bc5032dc31fe418dc

Download Submit
C:\ProgramData\Licenses\04E652468A66B03FB.Lic

Filesize
132B

MD5
b22b6f9f73fcfcc4154b063e2f8ce134

SHA1
a08bc7be2bbec4e8c68c34f84c792fbe7164192c

SHA256
d5e1c151d5bc39ce8da1869a1816f1b65df7251ef24df064e5e71550e183e1b1

SHA512
62a12507b871c8c4885f5513f363f28ebb35235ca7ec5d4ed11646286f92ed60ad9e2f1c38887a2d3cf4b433e26659a21ed141a391eeeb5978346eafb05c1585

Download Submit
C:\ProgramData\Licenses\04E652468A66B03FB.Lic

Filesize
132B

MD5
f83fab53c9e76d69bbf139a0092d764d

SHA1
8ab382996d2209bbc556bd3a26892332d58ee237

SHA256
76b3abba518c4d2ebade1fc13ae91b710cd5e28eb68e0fb50d812264972b00f2

SHA512
c39e3933a74c0a13c2f0899dd16aeda569871b86d35dedaed71a806dc0ad9157782939efe894cd2702c1ceb3d589a7f09e781991460adf96ee77f9fa7b779e84

Download Submit
C:\ProgramData\Licenses\04E652468A66B03FB.Lic

Filesize
132B

MD5
3e7b1356cf8716562791c213ebcfb0d1

SHA1
199874aa0d12c92d5e8edc49cd29a1f87536fa5e

SHA256
fc29e7a2a23bc9bc370f9fd841b125bc9e4a2bb84deb3e1faac9524c2ff0b048

SHA512
86f604e916dfd2e8d8106f862cbfb2c8d536a04f2988bb81c11c887b90768060bd4f400cb4f35c140baf6dc84cc351ea9b77535d4740b58d4a1809ce1cbe4d17

Download Submit
C:\ProgramData\Licenses\04E652468A66B03FB.Lic

Filesize
132B

MD5
58856216cca2193ca5aec30435809b7c

SHA1
4a1826854c826a5dc055ffc0245b2c7a55c3c005

SHA256
1bc1d98c7fd94143100037b04b694b751c0c143c1777fa4719631094db472766

SHA512
a68cd763db7452eee6453e0edfa7ad98f27eb8efb7094dae285cd7056aa264027a3fc8bbc7c3946645e7b578a6f57579673ffd7912f7012c8f2027793f28b64a

Download Submit
C:\ProgramData\Licenses\04E652468A66B03FB.Lic

Filesize
132B

MD5
b5141bf95639220334c944c289b4e2ee

SHA1
09d8515b002d168168f84e4d23ac432bdbf155f1

SHA256
5eba6853a61284baf9bdd2430ca7c8b3543becb70ed54fdb4008625c20677525

SHA512
705ac3731ae13ac4e1540b9e8e928269adb2cf5776de84a770e97215c72162661ef0ce5ce86a18f50e2caac6df4694593109a32a0cf49538eb17e8228f9cbadc

Download Submit
C:\ProgramData\Licenses\04E652468A66B03FB.Lic

Filesize
132B

MD5
fa43ecaf89df0f13ebb453945ff3049b

SHA1
fd7bc32223f95efae4ec0c88ba9d8277a00d98be

SHA256
43116fce0e51807beb5dae33c95308e80967d13443b3fee0f59fbda0e868ccce

SHA512
747d859b99377d060c8f773318931de6282f105f201826aebaff5a349bfbe2b36bd39298b1944e2c56756b52bbddc51d2f5b7d2f670fa9ccc2ef03cf008c3ed3

Download Submit
C:\ProgramData\Licenses\04E652468A66B03FB.Lic

Filesize
132B

MD5
75361a93e39f40a1c3cf8d6c585380e8

SHA1
b72276b0ec5a74bd7498f192ec1acad685456e6f

SHA256
5fb173b3cfe25bee383d09afc342d6645d124b4317fbf6699ec0964e50246f0a

SHA512
6c7a26bad4a5da75c34d7bdd8bfc2760428201f13b130f00066047ed95de85762a7c96f9e637df5012f13ceedcd86c480fe4c2d8270f205061be320e1cb13674

Download Submit
C:\ProgramData\Licenses\04E652468A66B03FB.Lic

Filesize
132B

MD5
ee67c959a3994116da09913777eefe7b

SHA1
526a8f4f25c0878e609816d922ac7c8e9f1d385e

SHA256
875ed15b8edb59753ab8f161d6c8987d63570302753de5b749c70c85822be6bd

SHA512
5eff7c9edcb28dbf176d8fcf848d232a1cb04f50de9575cc1ad455e97b2ba90fc624c0e4c811698be3688550a9ce8a4572dd15376fe3f31974af1413e509f680

Download Submit
C:\ProgramData\Licenses\04E652468A66B03FB.Lic

Filesize
132B

MD5
ad8787d3d613667eec3655997935a810

SHA1
c24b8f601762656038fb14f43b3a76d7b8c8cb07

SHA256
6ed36685500e0db90fd299eb1277bc41961fddbb3032b08d98c1d52ccaceb9b6

SHA512
4ace0a6e53ea5802d7c58fa4d38b75856518c5e5e55d6e298fbe0b78ecc5a47df3929959aad47e8c78614f468a250a06b9139518dd520d507f9d87098c9c7a8a

Download Submit
C:\ProgramData\Licenses\04E652468A66B03FB.Lic

Filesize
132B

MD5
b4c67009506b811e061948e6855e5565

SHA1
393adb3a848fb2f92aa5a1441238d3c3410cf050

SHA256
775f13240008f8091e386611f7ccfd4f9d814ee54574801ee16a24e3b6dce871

SHA512
3b8e5abb5794a3be856d2eb074a91288ad5f743022a043d35c0911186e9c510da1905ef8d77122bb8e47b1c5752326d1f3e1e6da627421493215a409b0e6ad93

Download Submit
C:\ProgramData\TEMP:DC58651D

Filesize
132B

MD5
37ccd1f8be000751b661766c827eb02d

SHA1
ec846eb13d6e64a93309406dd2191d1f6c0b082e

SHA256
c09c63703f9a33c635a7f3fa0a7313caddee28fd0cc20fd7fa85f40704cd8c0b

SHA512
737f08a9e2fb45c0c697de82f4fbe6f2227707f97ddffed45f400e65a3a62236461fd68fc431805d4b87c954827489014e7c34c626b4b8c2f31d3ba9c61d3213

Download Submit
C:\ProgramData\TEMP:DC58651D

Filesize
132B

MD5
bd0b0676c5b710d877133deb0496f4c6

SHA1
b2f2d8a5ec4a87df56fec1868d584aa486682949

SHA256
1bb6ca3ef8beefc3408830450bf0b84357f7349497d02ed2c13bcf066571499e

SHA512
743e5dd46da104db88b599b243689b14c40a15e3d9a258ea6ce80542053ab9e53517d360464ed82fb5bb4e6e588be6da2ac205a4736fa4e69f1d1ff7012a11f2

Download Submit
C:\ProgramData\TEMP:DC58651D

Filesize
132B

MD5
3fa53a6526d4ad582ceeb8cebf540699

SHA1
e88170aaf3559844b646a486f3958f753c712757

SHA256
5c0890035938f5a9e31386eb68f6a1f71db9e55bb121246ac3e87375de89efaa

SHA512
f8bfcf8ca6c788ee5a3c23746c0826ae909c869c23fb767e38e421299326f87ed4db0fbdd19d11c8aa29f1b9c259538c4a7e8603cdac011802ec5fe36929cb64

Download Submit
C:\ProgramData\TEMP:DC58651D

Filesize
132B

MD5
9c37ffbacab245f6399756e6254fd803

SHA1
0cd74679180a5ade996d2bca8bde8ed1190b4c0f

SHA256
71db648629651b5b796f46a9a38f7374e647c4997c749b96cfdbe1b941527539

SHA512
f2b78cad79492f7e33fc3ab67549aa0771288bdc2fb5b030aff449ada5ba76be5c7b10b502da793da68276eea583a6d5a325b7e8cea6b7b390dfaeac94f8c3f8

Download Submit
C:\ProgramData\TEMP:DC58651D

Filesize
132B

MD5
e4a18f3700fcc75d6aadc686cf42c277

SHA1
bc5accf58627f4a3e153a423a2346158a2b10d94

SHA256
c78826e6203ab0101107d5451257b8c18d9976704025d466f252f77b553c7858

SHA512
e465c6061cd0c72ff8834a77615e9ac6d3f5b3b81c23400bdb3a49666538493139121be75a8e9dc060be2245ea3dd93a89d03babbfe558dfaf9a80bb5e3e78a0

Download Submit
C:\ProgramData\TEMP:DC58651D

Filesize
132B

MD5
882d4fb452dc59d950954e5f1cc74b98

SHA1
5dd1e30795052144fe15f959ec71e4188e7cfce2

SHA256
670bb22d78000ebf3678e3a9b4b5bb10603e88c0b4e4ec3dd96bb04642ea5422

SHA512
9c09d6b5f960e51ea2c33f389ebeb4fe2f2bb26bfed6c371df2b62061d2952b88cade86a9bc5e47d9654e5931544757cd1bb8bdb0b6e28a3486cade8b1f6cf4d

Download Submit
C:\ProgramData\TEMP:DC58651D

Filesize
132B

MD5
5be78c3edd916c5fbdcd4f9171ffb0e6

SHA1
0845a5bc955ca1851dfb6f8cffd08d612a657cc6

SHA256
6a0a34de63d18d0a17ab1448a12d358f40630bc4560640a4c0c39616efcae162

SHA512
a8b73ab7478849cd439faa2b60763d5b3f722ed6befc509e99de382d5f5dd8db564c797606f90447423fab4bf67beed30697968c3535d29da9a1cc55caeee937

Download Submit
C:\ProgramData\TEMP:DC58651D

Filesize
132B

MD5
3b9006695b3ac977ac499bb01d6ead5d

SHA1
faa5ad9c4ae38f9922c761bbc19e16fbf390b2b9

SHA256
f2bfe09573a0c263ea0e25a6b466833a034e398769192a993f4a33e8aaf2b22f

SHA512
62dd92dc30ef918e9679ca4401c3456cc945761837630dbab03477318a12bc41bc7bd7ffc552349609462a7eecb7de07545988ef30d57df9b4cc9a9d0e8559c5

Download Submit
C:\ProgramData\TEMP:DC58651D

Filesize
132B

MD5
7b12ca486d0878c22737a7636a26be65

SHA1
fac0c33f33b6e1b5bbcf0d7f4bc9580018a9b673

SHA256
7b1deb1b6cf874270fa0249e21049995f68eca4af1f8d1fe67a9fe85a12ea967

SHA512
fc8294fabec32341de4d589d35fb8f096c2de289aa4af85328a8505065ff280765e775422e2d61fb44a1dae4fccaf281e289849d30d274719ef7c5bb669cdd98

Download Submit
C:\ProgramData\TEMP:DC58651D

Filesize
132B

MD5
a3ae759bd8d0d97116c7f30cc87922f3

SHA1
949326358a26da641e122dc4eb87d9fd58eb4954

SHA256
2c3b595e44188b3e064ac371656ba722edff467e7362629c48e8c6b760dd6f19

SHA512
0f0ead53d64d9cefa06b024cb12ea9b3667276976595e7ac33e7a6c28c1012e6ae4b2c1ceb3507ca2fbee1a4f248b156d401e29811ad36da49070e96e78e3f25

Download Submit
C:\ProgramData\TEMP:DC58651D

Filesize
132B

MD5
d9621157bde5ba448f08ab8e30fb7acd

SHA1
c1301b0017b66b10de833dd67a275aa16bed142e

SHA256
45013bb8c9263340775d3257ace2e91aa8053fc9fcef86b0b603a3acdd3cf5c3

SHA512
637d0149c3015b55026760295f25f57fec7ac7de075f638b572f4c91d3da0c9b2e9f880fee95184f7a5d05d1b76a6d1d0aa8ca1793352942e7b9613bc7f59556

Download Submit
C:\ProgramData\TEMP:DC58651D

Filesize
132B

MD5
f6f199bede47b76364d8e1db1597683d

SHA1
ec0e698bc23139273fd29d1a83af14b417ae86d0

SHA256
1baa2509dce2d22a6ebde928f757b366906bd231e66de74de0b4e3869067fb17

SHA512
c440ec4810bf84712a2a59b2f75de0add273560133f51a2d85f362a96a26cfd55eaca5b856af3dde602bb25a925ed05caeafb377aafe49ef3e57d071515cf553

Download Submit
C:\ProgramData\TEMP:DC58651D

Filesize
132B

MD5
60c0c952ccca30560ac2ef52afa2e0ab

SHA1
023318812af5be5d96ba7f6554421ef1082eeec6

SHA256
49aa9404a7ed313ca2d0bf0636464bd4be865ebbc3e353e2103357a19624e7bd

SHA512
b9c8170fcc45676105e6ea6972c5697ae279e12d4e826440ad832ca521bdc8fef0b778c206acd2a080ab1edf489cdb0e6dfd2ecf17cfafbd3a036f3b59c35927

Download Submit
C:\ProgramData\TEMP:DC58651D

Filesize
132B

MD5
3220408ea1be45f1fa85fb55dac210d4

SHA1
e1bfcda98f823884d1e64e3ad6a05f30e124a458

SHA256
2d7c19fb518b3c7dd9de04aefe6ee32c0b96d4c76cded39ac64a5caee8a084d6

SHA512
8c72ee42b284b73e0875bfd09f1572a8214e35329530fd0dff84f0bca97893fbd4d6c4add128a813ac72f65e8632a8f86c432952e1ef46bbfbe8be635ffd0af6

Download Submit
C:\ProgramData\TEMP:DC58651D

Filesize
132B

MD5
dd06518dfd7464e5dde208bb24c4f200

SHA1
fd18a30d56a2051e1ac58caa921abd06cceda286

SHA256
0c5eba1d508ff5625e9cb726e82acba3f610d161d75bb4afd3f21c560947c56e

SHA512
3e1640a65197b0c6af83159dba7b914aeddfe63106b34699ba5473bc2b4d6862ee4f9a5175ba1ca0396d5d6b599a2804b09aa79976af3437a57acf8a6ed311c2

Download Submit
C:\ProgramData\TEMP:DC58651D

Filesize
132B

MD5
0588d2cba3b21790929649dbd0a0d765

SHA1
18d678b9a758f4f0957308807a7685639d72bef0

SHA256
8397b2cd01278ce6ceb48eae9b9692f9991be4a78956ee4116fbd346629f82dd

SHA512
c60c1b693d78d38f2fb0f2c272025cc38839662605e93ada9cf01604d8edbb9bcedacc2f57e49bb28da3aca98e65e8ad9bf3e9d78cd3bb0766690994acf4e150

Download Submit
C:\ProgramData\TEMP:DC58651D

Filesize
132B

MD5
b090551d9dae4a8070045721b9a616e6

SHA1
4e09ff80aef5f7dc036fa76dab7ae6fac6c36b75

SHA256
1bd4b5d370205d16c5f7571830d4b51948d23970120c39b7836b28eb0736624c

SHA512
b6bf43cae2c01f8b6178d4c82b3b6227229d16b8403549b279560c5ebb3e3c05c3f6c6641625b0808e2f6577744a38564c45a8f762464c572ce252b5f6700eca

Download Submit
C:\ProgramData\TEMP:DC58651D

Filesize
132B

MD5
3cb0b10eaacd9b270feac1d51ab82fe7

SHA1
72374f30c3f97071c066955dd7c8f02817527042

SHA256
100aaa289c7d9c7548234f4d13bcd28881678eb1ce285680d0a66e6fee0267e9

SHA512
c724ec1aed3a0122835a8f4d8c0e711ec005d6fa542da4111117fac47745fac87600d4a7918260afdace1ac12bbbcd65423de14db7074233fb323b773bb4e72f

Download Submit
C:\ProgramData\TEMP:DC58651D

Filesize
132B

MD5
cf3a7c33c4e2962969cd977efd119486

SHA1
f45ba3e2886c37396c9470ba36aae5f280bbff5b

SHA256
5c178ad517c2d484c8ea5d30cd2cd44e1537969abb5728df511f206986b6d74d

SHA512
1dae91ad4cc47f755ac23b328a19823a00403eef660d64553b7a049cacfb0ed00ff6dc2a02cb97249a2cdf23bd29cbdf607c699cd15abc2d34ed663c320b0239

Download Submit
C:\ProgramData\TEMP:DC58651D

Filesize
132B

MD5
9653a462ec0c903982b4900dcba55323

SHA1
c3fd634aebd4f7382b64842fdc8d74a3f528c6d7

SHA256
cecbf26d8fdccb78f8b35ef5317bdfd0ec6b71ff906a92205812b4d08d325fa6

SHA512
2d9971e1e7cdfd8e6d496576e1c88fa50df3773af465887266bdbeb8de248eaba32af8eeb22bf5912ae6d01f1c493348f5cc7bd1c1f1a886adb3f4f2cf184c75

Download Submit
C:\ProgramData\TEMP:DC58651D

Filesize
132B

MD5
b5152c4b0084984e7f41e1136822b90c

SHA1
6b05d313dd47e87bc8f1164998c71600b22f6439

SHA256
af7d7933fc721c1382c23bed22ac7f9277a9a5ca4fb17f863ae2f7847cfc4e97

SHA512
369e10acce151159d722835ed12a863989fbe3274dbec71b782d16a546ba4a9b157f67c20ba5e83d3ee0a5a0c997d897a55774ddbbdc304a2d40d70bb43a9ac3

Download Submit
C:\ProgramData\TEMP:DC58651D

Filesize
132B

MD5
abb53d15d785c18a87dd2fef47f14dd0

SHA1
95f8c1ef1344451a5238ddb2e2d9a6f90598dc4a

SHA256
e30b2366ac0e01e9e874f49d0964d042b88441a38d3a9b8ece043c587014d6e2

SHA512
d4d8fef5968dc2c53c63fb0b5b926317b743cacf531e29a961403e02e778735bd8bec0762e2ca14f6724248cf72a92268c36f459c8a4c32365f6541e31072399

Download Submit
C:\ProgramData\TEMP:DC58651D

Filesize
132B

MD5
9eb23c49f618712bc541e86b52198c7e

SHA1
e6055ef040e53d0489a81a17ce7cf12f3bb7275a

SHA256
b20ddcb2aca04752d7f85a370e512778c691893cfe37cc021c02d4ef2095f6d1

SHA512
664aaa01f29e089334503cd89804424b40322c0f78709ce07665d5ced2d5b60d7d6ee6ba3aa582382f76e308af2218afb0997256ab50a9ea66daf0cefd04892b

Download Submit
C:\ProgramData\TEMP:DC58651D

Filesize
132B

MD5
65cbd437a44969e426dd3ad2a67d6c1d

SHA1
89e1beeb4b0b92f1f34a184dc633efa918655f38

SHA256
82f38a115bf094e5cc0bbcea23491edab9d0833aac9b3c5be04ef29cb6cc3a5d

SHA512
51063dd75929afba2bceb025ab2450a4c750a618f2bd2b1401e913f5855a467ef6482da75dd78b6365dfe20604532bc6c5d37c853b9a24fce6588182b8548eb7

Download Submit
C:\ProgramData\TEMP:DC58651D

Filesize
132B

MD5
64354d956a5e903d63a5774349c4f520

SHA1
9791b43a8fa90471938dbf710f13322bd1844ab0

SHA256
4c7ac97b9374ec7166d221ccfdff09cc979828e0600b930fd61335a4218ace09

SHA512
6561f98953a71ed9ad121b8c5bd382c7f17ab2f258c99db636011a10ec5e51905a907cef3021b78221f477a6dac7bf2ed47d709cf4e1011385c25ee157069e8a

Download Submit
C:\Users\Admin\AppData\Roaming\OneNoteGem\NoteFavorites\configuration.xml

Filesize
281B

MD5
095d116707c05c1451879cf0e4e64eb5

SHA1
465ff3aa448414ab276adc71e8f1befea039c426

SHA256
4a16fb3e65d55a42b4332f71ca5cdb914ff88b87c0384e50ef850556d2f6ef5b

SHA512
f3935b8e6766f9d5cdb1923b573d8fb52b4116fbbb6de7a00567fc13bc890475fa339c19454e25c87e5edbf084fbd2e2b8634b7bc615c8ab67cdff661569ec6d

Download Submit
memory/604-591-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/604-309-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/884-193-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/884-305-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/884-343-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/1244-192-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/1244-122-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/1284-587-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/1424-116-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/1424-207-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/1424-110-0x00000000025A0000-0x00000000027A1000-memory.dmp

Filesize
2.0MB

Download
memory/1424-196-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/1624-570-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/1624-447-0x0000000005F50000-0x00000000061FA000-memory.dmp

Filesize
2.7MB

Download
memory/1624-430-0x0000000006570000-0x000000000681A000-memory.dmp

Filesize
2.7MB

Download
memory/1624-307-0x0000000005F50000-0x00000000061FA000-memory.dmp

Filesize
2.7MB

Download
memory/1624-306-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/1776-662-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/1776-1030-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/1788-74-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/1788-62-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/1788-76-0x0000000002660000-0x0000000002861000-memory.dmp

Filesize
2.0MB

Download
memory/1788-75-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/1788-115-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/1788-60-0x0000000002660000-0x0000000002861000-memory.dmp

Filesize
2.0MB

Download
memory/1788-73-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/1788-56-0x0000000002660000-0x0000000002861000-memory.dmp

Filesize
2.0MB

Download
memory/1788-72-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/1788-71-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/1788-93-0x0000000002660000-0x0000000002861000-memory.dmp

Filesize
2.0MB

Download
memory/2052-87-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/2052-308-0x0000000006190000-0x000000000643A000-memory.dmp

Filesize
2.7MB

Download
memory/2052-86-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/2052-195-0x0000000006090000-0x000000000633A000-memory.dmp

Filesize
2.7MB

Download
memory/2052-54-0x0000000002520000-0x0000000002721000-memory.dmp

Filesize
2.0MB

Download
memory/2052-88-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/2052-90-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/2052-194-0x0000000006190000-0x000000000643A000-memory.dmp

Filesize
2.7MB

Download
memory/2052-421-0x0000000006190000-0x000000000643A000-memory.dmp

Filesize
2.7MB

Download
memory/2052-91-0x0000000002520000-0x0000000002721000-memory.dmp

Filesize
2.0MB

Download
memory/2052-89-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/2052-97-0x0000000002520000-0x0000000002721000-memory.dmp

Filesize
2.0MB

Download
memory/2052-50-0x0000000002520000-0x0000000002721000-memory.dmp

Filesize
2.0MB

Download
memory/2052-123-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/2052-61-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/2052-480-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/2056-304-0x00000000061B0000-0x000000000645A000-memory.dmp

Filesize
2.7MB

Download
memory/2056-130-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/2056-345-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/2056-191-0x00000000061B0000-0x000000000645A000-memory.dmp

Filesize
2.7MB

Download
memory/2056-298-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/2324-429-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/2324-586-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/2512-441-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/2512-452-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/2512-428-0x0000000004CC0000-0x0000000004F6A000-memory.dmp

Filesize
2.7MB

Download
memory/2516-669-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/2516-463-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/2516-664-0x00000000061B0000-0x000000000645A000-memory.dmp

Filesize
2.7MB

Download
memory/2516-451-0x00000000061B0000-0x000000000645A000-memory.dmp

Filesize
2.7MB

Download
memory/2556-462-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/2560-465-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/2560-422-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/2572-303-0x0000000004DA0000-0x000000000504A000-memory.dmp

Filesize
2.7MB

Download
memory/2572-333-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/2740-37-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/2740-29-0x0000000002570000-0x0000000002771000-memory.dmp

Filesize
2.0MB

Download
memory/2740-94-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/2740-129-0x0000000006150000-0x00000000063FA000-memory.dmp

Filesize
2.7MB

Download
memory/2740-218-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/2740-63-0x0000000006150000-0x00000000063FA000-memory.dmp

Filesize
2.7MB

Download
memory/2740-47-0x0000000002570000-0x0000000002771000-memory.dmp

Filesize
2.0MB

Download
memory/2740-36-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/2740-22-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/2740-38-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/2740-45-0x0000000002500000-0x0000000002501000-memory.dmp

Filesize
4KB

Download
memory/2740-98-0x0000000002500000-0x0000000002501000-memory.dmp

Filesize
4KB

Download
memory/2740-23-0x0000000002570000-0x0000000002771000-memory.dmp

Filesize
2.0MB

Download
memory/2740-39-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/2740-40-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/2740-41-0x0000000002570000-0x0000000002771000-memory.dmp

Filesize
2.0MB

Download
memory/2792-453-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/2792-574-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/2884-44-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/2884-105-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/2884-55-0x0000000006250000-0x00000000064FA000-memory.dmp

Filesize
2.7MB

Download
memory/2884-0-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/2884-20-0x00000000024F0000-0x00000000026F1000-memory.dmp

Filesize
2.0MB

Download
memory/2884-12-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/2884-13-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/2884-14-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/2884-15-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/2884-19-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/2884-16-0x0000000000400000-0x00000000006AA000-memory.dmp

Filesize
2.7MB

Download
memory/2884-17-0x00000000024F0000-0x00000000026F1000-memory.dmp

Filesize
2.0MB

Download
memory/2884-7-0x00000000024F0000-0x00000000026F1000-memory.dmp

Filesize
2.0MB

Download
memory/2884-1-0x00000000024F0000-0x00000000026F1000-memory.dmp

Filesize
2.0MB

Download