9d1a115dd4eac94ef35a3f024a17799303ff674325d98b7ec07a21fee8ebf1e4

Analysis

max time kernel
12s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
09-07-2024 09:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

33aed5485757fc6584715b37e8984100N.exe
Size

355KB
MD5

33aed5485757fc6584715b37e8984100
SHA1

27deb707a484c773d244312a35eb7a50189a2f86
SHA256

9d1a115dd4eac94ef35a3f024a17799303ff674325d98b7ec07a21fee8ebf1e4
SHA512

536d9ac01dcecae4b3b5400c338a67a4a914b1518b6c68ad67a51eb3f73ef917832bd561a8cb6e55cc9c0d21367ff014e8ef24264d44595c6a581c081a5aed3a
SSDEEP

6144:dXC4vgmhbIxs3NBRD4LknHqkkVi2hs1+uoBGwNryqUkM3GHeLLR8DwwBrWek:dXCNi9Bt4LER1MZNrbUkMrLLUwwBm

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 9 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000\Control Panel\International\Geo\Nation	33aed5485757fc6584715b37e8984100N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000\Control Panel\International\Geo\Nation	33aed5485757fc6584715b37e8984100N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000\Control Panel\International\Geo\Nation	33aed5485757fc6584715b37e8984100N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000\Control Panel\International\Geo\Nation	33aed5485757fc6584715b37e8984100N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000\Control Panel\International\Geo\Nation	33aed5485757fc6584715b37e8984100N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000\Control Panel\International\Geo\Nation	33aed5485757fc6584715b37e8984100N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000\Control Panel\International\Geo\Nation	33aed5485757fc6584715b37e8984100N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000\Control Panel\International\Geo\Nation	33aed5485757fc6584715b37e8984100N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000\Control Panel\International\Geo\Nation	33aed5485757fc6584715b37e8984100N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	33aed5485757fc6584715b37e8984100N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\B:	33aed5485757fc6584715b37e8984100N.exe
File opened (read-only)	\??\J:	33aed5485757fc6584715b37e8984100N.exe
File opened (read-only)	\??\K:	33aed5485757fc6584715b37e8984100N.exe
File opened (read-only)	\??\N:	33aed5485757fc6584715b37e8984100N.exe
File opened (read-only)	\??\S:	33aed5485757fc6584715b37e8984100N.exe
File opened (read-only)	\??\V:	33aed5485757fc6584715b37e8984100N.exe
File opened (read-only)	\??\W:	33aed5485757fc6584715b37e8984100N.exe
File opened (read-only)	\??\X:	33aed5485757fc6584715b37e8984100N.exe
File opened (read-only)	\??\A:	33aed5485757fc6584715b37e8984100N.exe
File opened (read-only)	\??\E:	33aed5485757fc6584715b37e8984100N.exe
File opened (read-only)	\??\H:	33aed5485757fc6584715b37e8984100N.exe
File opened (read-only)	\??\P:	33aed5485757fc6584715b37e8984100N.exe
File opened (read-only)	\??\T:	33aed5485757fc6584715b37e8984100N.exe
File opened (read-only)	\??\Y:	33aed5485757fc6584715b37e8984100N.exe
File opened (read-only)	\??\G:	33aed5485757fc6584715b37e8984100N.exe
File opened (read-only)	\??\L:	33aed5485757fc6584715b37e8984100N.exe
File opened (read-only)	\??\M:	33aed5485757fc6584715b37e8984100N.exe
File opened (read-only)	\??\O:	33aed5485757fc6584715b37e8984100N.exe
File opened (read-only)	\??\U:	33aed5485757fc6584715b37e8984100N.exe
File opened (read-only)	\??\I:	33aed5485757fc6584715b37e8984100N.exe
File opened (read-only)	\??\Q:	33aed5485757fc6584715b37e8984100N.exe
File opened (read-only)	\??\R:	33aed5485757fc6584715b37e8984100N.exe
File opened (read-only)	\??\Z:	33aed5485757fc6584715b37e8984100N.exe

Drops file in System32 directory 5 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\cum xxx hot (!) .mpeg.exe	33aed5485757fc6584715b37e8984100N.exe
File created	C:\Windows\System32\DriverStore\Temp\american cum girls YEâPSè& (Sarah,Melissa).avi.exe	33aed5485757fc6584715b37e8984100N.exe
File created	C:\Windows\SysWOW64\FxsTmp\british cum [bangbus] cock femdom (Ashley).mpeg.exe	33aed5485757fc6584715b37e8984100N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\african animal bukkake several models high heels .mpg.exe	33aed5485757fc6584715b37e8984100N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\norwegian porn [bangbus] .rar.exe	33aed5485757fc6584715b37e8984100N.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\brasilian animal gang bang hidden blondie (Samantha,Curtney).zip.exe	33aed5485757fc6584715b37e8984100N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\malaysia animal blowjob hidden nipples traffic .rar.exe	33aed5485757fc6584715b37e8984100N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\gay [bangbus] hole circumcision .rar.exe	33aed5485757fc6584715b37e8984100N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\italian sperm big ash (Tatjana,Sonja).mpg.exe	33aed5485757fc6584715b37e8984100N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\brasilian handjob beastiality catfight nipples mistress .mpeg.exe	33aed5485757fc6584715b37e8984100N.exe
File created	C:\Program Files (x86)\Google\Update\Download\hardcore [bangbus] (Karin,Sylvia).mpeg.exe	33aed5485757fc6584715b37e8984100N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\nude licking .mpeg.exe	33aed5485757fc6584715b37e8984100N.exe
File created	C:\Program Files (x86)\Google\Temp\russian kicking hidden ash bedroom .zip.exe	33aed5485757fc6584715b37e8984100N.exe
File created	C:\Program Files (x86)\Microsoft\Temp\norwegian action gang bang [bangbus] boobs YEâPSè& .zip.exe	33aed5485757fc6584715b37e8984100N.exe
File created	C:\Program Files\Common Files\microsoft shared\beastiality hidden .mpeg.exe	33aed5485757fc6584715b37e8984100N.exe
File created	C:\Program Files\Microsoft Office\root\Templates\gay sperm [milf] hole .avi.exe	33aed5485757fc6584715b37e8984100N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\porn hidden .avi.exe	33aed5485757fc6584715b37e8984100N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\italian porn handjob hidden YEâPSè& .zip.exe	33aed5485757fc6584715b37e8984100N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\lingerie uncut high heels (Jade).zip.exe	33aed5485757fc6584715b37e8984100N.exe
File created	C:\Program Files\dotnet\shared\horse sleeping granny .mpeg.exe	33aed5485757fc6584715b37e8984100N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\indian gang bang voyeur shower .mpg.exe	33aed5485757fc6584715b37e8984100N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\cum lingerie big legs .avi.exe	33aed5485757fc6584715b37e8984100N.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\spanish trambling [bangbus] (Sandy,Samantha).mpeg.exe	33aed5485757fc6584715b37e8984100N.exe

Drops file in Windows directory 24 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\kicking nude [bangbus] blondie .mpeg.exe	33aed5485757fc6584715b37e8984100N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\malaysia hardcore cumshot sleeping .zip.exe	33aed5485757fc6584715b37e8984100N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\animal girls glans .zip.exe	33aed5485757fc6584715b37e8984100N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\danish kicking beastiality girls granny (Liz).rar.exe	33aed5485757fc6584715b37e8984100N.exe
File created	C:\Windows\mssrv.exe	33aed5485757fc6584715b37e8984100N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\japanese bukkake kicking girls cock (Sylvia).rar.exe	33aed5485757fc6584715b37e8984100N.exe
File created	C:\Windows\CbsTemp\danish beastiality cum masturbation stockings .zip.exe	33aed5485757fc6584715b37e8984100N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\indian hardcore nude voyeur shower (Karin,Anniston).avi.exe	33aed5485757fc6584715b37e8984100N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\bukkake fucking licking feet (Janette,Sandy).rar.exe	33aed5485757fc6584715b37e8984100N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\brasilian cumshot masturbation nipples sweet .mpeg.exe	33aed5485757fc6584715b37e8984100N.exe
File created	C:\Windows\security\templates\malaysia nude blowjob catfight hole (Sonja,Christine).mpg.exe	33aed5485757fc6584715b37e8984100N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\russian beast [milf] legs .zip.exe	33aed5485757fc6584715b37e8984100N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\horse hot (!) nipples wifey .mpeg.exe	33aed5485757fc6584715b37e8984100N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\indian lesbian catfight glans penetration .rar.exe	33aed5485757fc6584715b37e8984100N.exe
File created	C:\Windows\assembly\temp\russian porn several models leather .rar.exe	33aed5485757fc6584715b37e8984100N.exe
File created	C:\Windows\assembly\tmp\lesbian handjob public (Sarah,Tatjana).rar.exe	33aed5485757fc6584715b37e8984100N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\fucking hidden upskirt (Liz,Karin).mpg.exe	33aed5485757fc6584715b37e8984100N.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\british handjob action voyeur hole shower .zip.exe	33aed5485757fc6584715b37e8984100N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\xxx girls traffic .avi.exe	33aed5485757fc6584715b37e8984100N.exe
File created	C:\Windows\SoftwareDistribution\Download\malaysia handjob gay sleeping castration .zip.exe	33aed5485757fc6584715b37e8984100N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\brasilian kicking lesbian penetration (Melissa,Sonja).mpeg.exe	33aed5485757fc6584715b37e8984100N.exe
File created	C:\Windows\Downloaded Program Files\porn bukkake public fishy .rar.exe	33aed5485757fc6584715b37e8984100N.exe
File created	C:\Windows\InputMethod\SHARED\black gang bang beast lesbian hole castration .avi.exe	33aed5485757fc6584715b37e8984100N.exe
File created	C:\Windows\PLA\Templates\norwegian handjob gay voyeur cock .mpeg.exe	33aed5485757fc6584715b37e8984100N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 40 IoCs

pid	Process
3616	33aed5485757fc6584715b37e8984100N.exe
3616	33aed5485757fc6584715b37e8984100N.exe
2252	33aed5485757fc6584715b37e8984100N.exe
2252	33aed5485757fc6584715b37e8984100N.exe
3616	33aed5485757fc6584715b37e8984100N.exe
3616	33aed5485757fc6584715b37e8984100N.exe
3448	33aed5485757fc6584715b37e8984100N.exe
3448	33aed5485757fc6584715b37e8984100N.exe
3616	33aed5485757fc6584715b37e8984100N.exe
3616	33aed5485757fc6584715b37e8984100N.exe
5092	33aed5485757fc6584715b37e8984100N.exe
5092	33aed5485757fc6584715b37e8984100N.exe
2252	33aed5485757fc6584715b37e8984100N.exe
2252	33aed5485757fc6584715b37e8984100N.exe
3156	33aed5485757fc6584715b37e8984100N.exe
3156	33aed5485757fc6584715b37e8984100N.exe
3616	33aed5485757fc6584715b37e8984100N.exe
3616	33aed5485757fc6584715b37e8984100N.exe
3284	33aed5485757fc6584715b37e8984100N.exe
3284	33aed5485757fc6584715b37e8984100N.exe
1576	33aed5485757fc6584715b37e8984100N.exe
1576	33aed5485757fc6584715b37e8984100N.exe
2252	33aed5485757fc6584715b37e8984100N.exe
2252	33aed5485757fc6584715b37e8984100N.exe
5092	33aed5485757fc6584715b37e8984100N.exe
5092	33aed5485757fc6584715b37e8984100N.exe
3496	33aed5485757fc6584715b37e8984100N.exe
3496	33aed5485757fc6584715b37e8984100N.exe
3448	33aed5485757fc6584715b37e8984100N.exe
3448	33aed5485757fc6584715b37e8984100N.exe
4604	33aed5485757fc6584715b37e8984100N.exe
4604	33aed5485757fc6584715b37e8984100N.exe
3616	33aed5485757fc6584715b37e8984100N.exe
3616	33aed5485757fc6584715b37e8984100N.exe
3892	33aed5485757fc6584715b37e8984100N.exe
3892	33aed5485757fc6584715b37e8984100N.exe
3156	33aed5485757fc6584715b37e8984100N.exe
3156	33aed5485757fc6584715b37e8984100N.exe
4516	33aed5485757fc6584715b37e8984100N.exe
4516	33aed5485757fc6584715b37e8984100N.exe

Suspicious use of WriteProcessMemory 54 IoCs

description	pid	Process	procid_target
PID 3616 wrote to memory of 2252	3616	33aed5485757fc6584715b37e8984100N.exe	92
PID 3616 wrote to memory of 2252	3616	33aed5485757fc6584715b37e8984100N.exe	92
PID 3616 wrote to memory of 2252	3616	33aed5485757fc6584715b37e8984100N.exe	92
PID 3616 wrote to memory of 3448	3616	33aed5485757fc6584715b37e8984100N.exe	94
PID 3616 wrote to memory of 3448	3616	33aed5485757fc6584715b37e8984100N.exe	94
PID 3616 wrote to memory of 3448	3616	33aed5485757fc6584715b37e8984100N.exe	94
PID 2252 wrote to memory of 5092	2252	33aed5485757fc6584715b37e8984100N.exe	95
PID 2252 wrote to memory of 5092	2252	33aed5485757fc6584715b37e8984100N.exe	95
PID 2252 wrote to memory of 5092	2252	33aed5485757fc6584715b37e8984100N.exe	95
PID 3616 wrote to memory of 3156	3616	33aed5485757fc6584715b37e8984100N.exe	96
PID 3616 wrote to memory of 3156	3616	33aed5485757fc6584715b37e8984100N.exe	96
PID 3616 wrote to memory of 3156	3616	33aed5485757fc6584715b37e8984100N.exe	96
PID 2252 wrote to memory of 3284	2252	33aed5485757fc6584715b37e8984100N.exe	97
PID 2252 wrote to memory of 3284	2252	33aed5485757fc6584715b37e8984100N.exe	97
PID 2252 wrote to memory of 3284	2252	33aed5485757fc6584715b37e8984100N.exe	97
PID 5092 wrote to memory of 1576	5092	33aed5485757fc6584715b37e8984100N.exe	98
PID 5092 wrote to memory of 1576	5092	33aed5485757fc6584715b37e8984100N.exe	98
PID 5092 wrote to memory of 1576	5092	33aed5485757fc6584715b37e8984100N.exe	98
PID 3448 wrote to memory of 3496	3448	33aed5485757fc6584715b37e8984100N.exe	99
PID 3448 wrote to memory of 3496	3448	33aed5485757fc6584715b37e8984100N.exe	99
PID 3448 wrote to memory of 3496	3448	33aed5485757fc6584715b37e8984100N.exe	99
PID 3616 wrote to memory of 4604	3616	33aed5485757fc6584715b37e8984100N.exe	100
PID 3616 wrote to memory of 4604	3616	33aed5485757fc6584715b37e8984100N.exe	100
PID 3616 wrote to memory of 4604	3616	33aed5485757fc6584715b37e8984100N.exe	100
PID 3156 wrote to memory of 3892	3156	33aed5485757fc6584715b37e8984100N.exe	101
PID 3156 wrote to memory of 3892	3156	33aed5485757fc6584715b37e8984100N.exe	101
PID 3156 wrote to memory of 3892	3156	33aed5485757fc6584715b37e8984100N.exe	101
PID 5092 wrote to memory of 4516	5092	33aed5485757fc6584715b37e8984100N.exe	102
PID 5092 wrote to memory of 4516	5092	33aed5485757fc6584715b37e8984100N.exe	102
PID 5092 wrote to memory of 4516	5092	33aed5485757fc6584715b37e8984100N.exe	102
PID 2252 wrote to memory of 4104	2252	33aed5485757fc6584715b37e8984100N.exe	103
PID 2252 wrote to memory of 4104	2252	33aed5485757fc6584715b37e8984100N.exe	103
PID 2252 wrote to memory of 4104	2252	33aed5485757fc6584715b37e8984100N.exe	103
PID 3448 wrote to memory of 3360	3448	33aed5485757fc6584715b37e8984100N.exe	104
PID 3448 wrote to memory of 3360	3448	33aed5485757fc6584715b37e8984100N.exe	104
PID 3448 wrote to memory of 3360	3448	33aed5485757fc6584715b37e8984100N.exe	104
PID 3284 wrote to memory of 4740	3284	33aed5485757fc6584715b37e8984100N.exe	105
PID 3284 wrote to memory of 4740	3284	33aed5485757fc6584715b37e8984100N.exe	105
PID 3284 wrote to memory of 4740	3284	33aed5485757fc6584715b37e8984100N.exe	105
PID 1576 wrote to memory of 2656	1576	33aed5485757fc6584715b37e8984100N.exe	106
PID 1576 wrote to memory of 2656	1576	33aed5485757fc6584715b37e8984100N.exe	106
PID 1576 wrote to memory of 2656	1576	33aed5485757fc6584715b37e8984100N.exe	106
PID 3496 wrote to memory of 2592	3496	33aed5485757fc6584715b37e8984100N.exe	107
PID 3496 wrote to memory of 2592	3496	33aed5485757fc6584715b37e8984100N.exe	107
PID 3496 wrote to memory of 2592	3496	33aed5485757fc6584715b37e8984100N.exe	107
PID 3616 wrote to memory of 1792	3616	33aed5485757fc6584715b37e8984100N.exe	108
PID 3616 wrote to memory of 1792	3616	33aed5485757fc6584715b37e8984100N.exe	108
PID 3616 wrote to memory of 1792	3616	33aed5485757fc6584715b37e8984100N.exe	108
PID 4604 wrote to memory of 5032	4604	33aed5485757fc6584715b37e8984100N.exe	109
PID 4604 wrote to memory of 5032	4604	33aed5485757fc6584715b37e8984100N.exe	109
PID 4604 wrote to memory of 5032	4604	33aed5485757fc6584715b37e8984100N.exe	109
PID 3156 wrote to memory of 1784	3156	33aed5485757fc6584715b37e8984100N.exe	110
PID 3156 wrote to memory of 1784	3156	33aed5485757fc6584715b37e8984100N.exe	110
PID 3156 wrote to memory of 1784	3156	33aed5485757fc6584715b37e8984100N.exe	110

C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
"C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3616
- C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
  "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2252
- - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
    "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:5092
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1576
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:2656
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:5216
        
        C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        7⤵
        
        PID:6948
        
        C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        8⤵
        
        PID:18636
        
        C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        7⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        8⤵
        
        PID:19772
        
        C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        7⤵
        
        PID:11856
        
        C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        7⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        7⤵
        
        PID:10060
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        7⤵
        
        PID:10204
        
        C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        7⤵
        
        PID:11448
        
        C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        7⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        7⤵
        
        PID:12160
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:7304
        
        C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        7⤵
        
        PID:19832
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:6584
        
        C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        7⤵
        
        PID:18628
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:11712
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:5932
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:19404
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:820
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        7⤵
        
        PID:10044
        
        C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        7⤵
        
        PID:11480
        
        C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        7⤵
        
        PID:14744
        
        C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        7⤵
        
        PID:19696
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:8252
        
        C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        7⤵
        
        PID:17116
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:11672
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:14320
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:10384
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:5780
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:9812
        
        C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        7⤵
        
        PID:12036
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:11436
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:4376
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:12240
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:7040
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:18196
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:1860
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:18300
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:11864
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:6008
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:9180
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4516
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:1424
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:6368
        
        C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        7⤵
        
        PID:9760
        
        C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        7⤵
        
        PID:11616
        
        C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        7⤵
        
        PID:14752
        
        C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        7⤵
        
        PID:9136
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:4852
        
        C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        7⤵
        
        PID:18468
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:11824
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:15568
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:5788
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:10140
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:11504
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:14652
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:9252
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:7048
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:18236
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:4936
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:18228
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:11404
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:2392
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:2720
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:4068
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:5900
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:9748
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:11624
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:5700
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:8608
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:7364
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:15708
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:8188
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:16340
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:11880
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:15408
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:5492
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:8840
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:17632
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:11656
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:14628
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:20912
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:6636
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:11632
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:14700
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:9164
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:4196
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:15748
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:11752
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:14924
- - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
    "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3284
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:4740
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:5192
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:7192
        
        C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        7⤵
        
        PID:17648
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        7⤵
        
        PID:15700
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:11396
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:5372
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:12560
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:9836
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:11592
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:5720
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:8660
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:7320
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:17608
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:8164
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:18508
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:11768
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:15692
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:6216
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:9844
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:11568
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:14676
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:7620
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:18620
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:8132
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:18200
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:11920
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:14828
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:5680
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:9928
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:11528
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:14660
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:9160
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:6936
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:18492
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:1764
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:19764
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:11872
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:14812
- - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
    "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
    3⤵
    PID:4104
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:5184
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:6628
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:2184
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:14668
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:20928
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:1584
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:17144
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:11736
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:5988
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:9132
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:6048
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:9804
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:11420
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:14836
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:20984
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:7424
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:18308
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:8148
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:16332
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:11904
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:15684
- - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
    "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
    3⤵
    PID:3736
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:5920
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:10196
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:11456
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:14712
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:7348
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:18292
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:8172
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:18324
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:11428
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:4504
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:8620
- - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
    "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
    3⤵
    PID:5484
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:8236
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:15724
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:11784
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:6404
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:10456
- - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
    "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
    3⤵
    PID:6656
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:18476
- - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
    "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
    3⤵
    PID:1428
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:18316
- - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
    "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
    3⤵
    PID:11760
- - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
    "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
    3⤵
    PID:14908
- C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
  "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3448
- - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
    "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3496
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:2592
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:5228
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:6644
        
        C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        7⤵
        
        PID:11640
        
        C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        7⤵
        
        PID:6112
        
        C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        7⤵
        
        PID:9044
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:4812
        
        C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        7⤵
        
        PID:18252
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:11800
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:14916
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:6068
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:9788
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:11600
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:14684
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:20944
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:7336
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:18544
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:8180
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:18268
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:11896
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:14448
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:9204
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:4896
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:6576
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:9780
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:11576
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:5880
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:8624
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:3620
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:15732
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:11728
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:14620
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:20920
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:5844
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:10188
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:11472
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:1660
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:12628
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:7292
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:18220
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:1560
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:17064
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:11888
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:14636
- - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
    "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
    3⤵
    PID:3360
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:2616
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:6304
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:9820
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:11560
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:5984
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:21428
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:8216
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:19856
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:11744
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:14892
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:20952
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:5804
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:10148
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:11488
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:1648
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:8784
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:7108
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:18260
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:7732
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:17152
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:11664
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:14612
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:20896
- - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
    "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
    3⤵
    PID:2812
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:6268
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:9796
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:11536
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:4232
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:8320
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:8208
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:18516
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:11720
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:14868
- - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
    "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
    3⤵
    PID:5564
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:9828
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:11552
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:5944
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:8472
- - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
    "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
    3⤵
    PID:6920
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:18276
- - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
    "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
    3⤵
    PID:8356
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:18500
- - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
    "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
    3⤵
    PID:11412
- - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
    "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
    3⤵
    PID:14876
- - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
    "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
    3⤵
    PID:20904
- C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
  "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3156
- - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
    "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3892
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:1644
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:6128
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:9972
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:11496
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:2420
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:12600
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:7372
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:19780
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:8156
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:18284
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:11912
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:14932
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:5576
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:9852
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:11584
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:14644
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:20960
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:6736
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:17656
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:4664
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:15740
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:11808
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:6320
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:20596
- - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
    "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
    3⤵
    PID:1784
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:5592
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:10176
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:11464
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:14860
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:19688
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:6816
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:11696
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:6076
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:9896
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:2060
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:18212
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:11680
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:14820
- - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
    "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
    3⤵
    PID:5436
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:7552
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:19976
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:8140
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:17136
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:11848
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:6168
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:9196
- - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
    "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
    3⤵
    PID:6508
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:12116
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:14884
- - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
    "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
    3⤵
    PID:8200
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:19788
- - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
    "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
    3⤵
    PID:11388
- - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
    "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
    3⤵
    PID:1884
- - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
    "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
    3⤵
    PID:12596
- C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
  "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4604
- - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
    "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
    3⤵
    PID:5032
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:5464
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:5080
      - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        6⤵
        
        PID:15716
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:11840
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:14852
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:20968
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:6552
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:9772
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:11608
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:5656
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:12632
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:5076
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:18244
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:11832
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:4828
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:9156
- - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
    "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
    3⤵
    PID:5352
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:7692
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:19756
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:8124
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:18484
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:11792
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:14900
- - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
    "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
    3⤵
    PID:6376
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:10008
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:11544
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:2976
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:12624
- - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
    "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
    3⤵
    PID:2820
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:17640
- - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
    "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
    3⤵
    PID:11816
- - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
    "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
    3⤵
    PID:6532
- - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
    "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
    3⤵
    PID:19336
- C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
  "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
  2⤵
  PID:1792
- - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
    "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
    3⤵
    PID:5360
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:7472
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:19748
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:5652
    - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
        5⤵
        
        PID:17624
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:11776
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:6104
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:8696
- - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
    "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
    3⤵
    PID:6352
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:10028
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:11520
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:3900
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:12604
- - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
    "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
    3⤵
    PID:2436
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:18644
- - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
    "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
    3⤵
    PID:11688
- - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
    "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
    3⤵
    PID:12964
- - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
    "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
    3⤵
    PID:15576
- C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
  "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
  2⤵
  PID:5340
- - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
    "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
    3⤵
    PID:8228
  - - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
      "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
      4⤵
      PID:16996
- - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
    "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
    3⤵
    PID:11648
- - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
    "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
    3⤵
    PID:14692
- - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
    "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
    3⤵
    PID:20936
- C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
  "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
  2⤵
  PID:6360
- - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
    "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
    3⤵
    PID:10036
- - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
    "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
    3⤵
    PID:11512
- - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
    "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
    3⤵
    PID:3996
- - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
    "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
    3⤵
    PID:12592
- C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
  "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
  2⤵
  PID:8244
- - C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
    "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
    3⤵
    PID:15756
- C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
  "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
  2⤵
  PID:11704
- C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe
  "C:\Users\Admin\AppData\Local\Temp\33aed5485757fc6584715b37e8984100N.exe"
  2⤵
  PID:14844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4432,i,18341222626402534844,12352985901844242237,262144 --variations-seed-version --mojo-platform-channel-handle=4360 /prefetch:8
1⤵
PID:4408

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\gay [bangbus] hole circumcision .rar.exe

Filesize
1.5MB

MD5
a4758c29cb6d7411549b1ed270a5685a

SHA1
deda01049cc78075d6076c4b03b8f52c8ed22f50

SHA256
c779c5848a9718a874278f6a99f6e33ed3279d92e925346f5994a9cfc7b4e29b

SHA512
41d5d5d284daba082278f38a30bfeda3703726bc6dfe3e37797697d38360cc575ecc32b116fcf6bc99e1f4a00020514be1933841fb5dd6ee862d13a4b09b79be

Download Submit