7ddf9e2298251aa22a46feb366d64df7bac35838bb17b4de01d71eb36d6a9702

Analysis

max time kernel
14s
max time network
5s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13/07/2024, 03:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3fd49ece25ae1ba2334094efb7fb1200N.exe
Size

525KB
MD5

3fd49ece25ae1ba2334094efb7fb1200
SHA1

ff061b2fe7f5ec5b049ac55b3a23748cddd87b93
SHA256

7ddf9e2298251aa22a46feb366d64df7bac35838bb17b4de01d71eb36d6a9702
SHA512

4d613e693452db8aec6c56bf420b60daa2c248c18f3aaa728ac5a80aa7c7a6070e476acf5df5b40b84fe53072db7eb2648fbfe26ce1f08fbb1d5b6bdc0dcc98b
SSDEEP

12288:OWji9BzxIkGq+5PhWr1Fs6b4/C5khx3p9AlQ7VJ4ra4b3+TiK4:CzDeZhQ1av/A64rnb3gW

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\Control Panel\International\Geo\Nation	3fd49ece25ae1ba2334094efb7fb1200N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\Control Panel\International\Geo\Nation	3fd49ece25ae1ba2334094efb7fb1200N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\Control Panel\International\Geo\Nation	3fd49ece25ae1ba2334094efb7fb1200N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\Control Panel\International\Geo\Nation	3fd49ece25ae1ba2334094efb7fb1200N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\Control Panel\International\Geo\Nation	3fd49ece25ae1ba2334094efb7fb1200N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\Control Panel\International\Geo\Nation	3fd49ece25ae1ba2334094efb7fb1200N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\Control Panel\International\Geo\Nation	3fd49ece25ae1ba2334094efb7fb1200N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\Control Panel\International\Geo\Nation	3fd49ece25ae1ba2334094efb7fb1200N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\Control Panel\International\Geo\Nation	3fd49ece25ae1ba2334094efb7fb1200N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\Control Panel\International\Geo\Nation	3fd49ece25ae1ba2334094efb7fb1200N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\Control Panel\International\Geo\Nation	3fd49ece25ae1ba2334094efb7fb1200N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\Control Panel\International\Geo\Nation	3fd49ece25ae1ba2334094efb7fb1200N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\Control Panel\International\Geo\Nation	3fd49ece25ae1ba2334094efb7fb1200N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\Control Panel\International\Geo\Nation	3fd49ece25ae1ba2334094efb7fb1200N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\Control Panel\International\Geo\Nation	3fd49ece25ae1ba2334094efb7fb1200N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\Control Panel\International\Geo\Nation	3fd49ece25ae1ba2334094efb7fb1200N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	3fd49ece25ae1ba2334094efb7fb1200N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	3fd49ece25ae1ba2334094efb7fb1200N.exe
File opened (read-only)	\??\J:	3fd49ece25ae1ba2334094efb7fb1200N.exe
File opened (read-only)	\??\Q:	3fd49ece25ae1ba2334094efb7fb1200N.exe
File opened (read-only)	\??\R:	3fd49ece25ae1ba2334094efb7fb1200N.exe
File opened (read-only)	\??\T:	3fd49ece25ae1ba2334094efb7fb1200N.exe
File opened (read-only)	\??\X:	3fd49ece25ae1ba2334094efb7fb1200N.exe
File opened (read-only)	\??\Y:	3fd49ece25ae1ba2334094efb7fb1200N.exe
File opened (read-only)	\??\G:	3fd49ece25ae1ba2334094efb7fb1200N.exe
File opened (read-only)	\??\N:	3fd49ece25ae1ba2334094efb7fb1200N.exe
File opened (read-only)	\??\S:	3fd49ece25ae1ba2334094efb7fb1200N.exe
File opened (read-only)	\??\U:	3fd49ece25ae1ba2334094efb7fb1200N.exe
File opened (read-only)	\??\E:	3fd49ece25ae1ba2334094efb7fb1200N.exe
File opened (read-only)	\??\H:	3fd49ece25ae1ba2334094efb7fb1200N.exe
File opened (read-only)	\??\L:	3fd49ece25ae1ba2334094efb7fb1200N.exe
File opened (read-only)	\??\M:	3fd49ece25ae1ba2334094efb7fb1200N.exe
File opened (read-only)	\??\W:	3fd49ece25ae1ba2334094efb7fb1200N.exe
File opened (read-only)	\??\A:	3fd49ece25ae1ba2334094efb7fb1200N.exe
File opened (read-only)	\??\K:	3fd49ece25ae1ba2334094efb7fb1200N.exe
File opened (read-only)	\??\O:	3fd49ece25ae1ba2334094efb7fb1200N.exe
File opened (read-only)	\??\P:	3fd49ece25ae1ba2334094efb7fb1200N.exe
File opened (read-only)	\??\V:	3fd49ece25ae1ba2334094efb7fb1200N.exe
File opened (read-only)	\??\Z:	3fd49ece25ae1ba2334094efb7fb1200N.exe
File opened (read-only)	\??\B:	3fd49ece25ae1ba2334094efb7fb1200N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\System32\LogFiles\Fax\Incoming\swedish bukkake nude catfight girly (Curtney).mpeg.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\spanish trambling cum big feet 40+ (Christine,Tatjana).mpeg.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\french cumshot [free] feet ash (Britney).mpeg.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\asian horse licking circumcision .mpeg.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\SysWOW64\FxsTmp\tyrkish lesbian sleeping wifey .zip.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\animal [milf] (Britney).mpg.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\System32\DriverStore\Temp\french beastiality several models vagina fishy .mpg.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\SysWOW64\FxsTmp\gang bang sleeping beautyfull .rar.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\lingerie xxx hidden swallow (Sarah).rar.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\french handjob animal several models wifey .mpeg.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\brasilian fucking nude masturbation .mpg.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\african blowjob [milf] black hairunshaved .mpg.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Templates\indian beast cum several models high heels .rar.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\canadian kicking action hidden mature .mpg.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Program Files\Common Files\microsoft shared\french horse cum masturbation ash 50+ (Anniston,Sarah).avi.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\french lesbian hot (!) femdom (Liz,Tatjana).rar.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\russian horse hardcore lesbian penetration (Janette,Kathrin).mpeg.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\swedish xxx lingerie masturbation latex .rar.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Program Files (x86)\Google\Temp\beast hidden fishy (Samantha).zip.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Program Files\dotnet\shared\asian animal trambling public .zip.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\kicking kicking several models penetration .rar.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\porn trambling full movie legs (Jade,Melissa).rar.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\danish handjob blowjob uncut .mpg.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\horse licking .zip.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\black trambling catfight latex (Sandy).mpeg.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\cum nude [milf] titts boots .mpg.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\kicking trambling [free] granny .zip.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Program Files (x86)\Google\Update\Download\blowjob trambling catfight upskirt .mpeg.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\japanese horse [milf] .mpeg.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Program Files (x86)\Microsoft\Temp\japanese fucking girls (Sonja).mpg.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\malaysia beast lingerie masturbation .mpg.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\action voyeur .mpeg.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\swedish porn uncut granny .zip.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\action bukkake catfight vagina .mpg.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\canadian cumshot full movie (Sonja,Karin).mpg.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\chinese kicking [milf] cock .mpeg.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\xxx gang bang girls nipples balls .mpeg.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\handjob handjob licking sm .avi.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\hardcore hot (!) cock hairy .rar.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\french animal xxx hidden upskirt .mpg.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\lesbian kicking [milf] boobs bondage .mpg.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\kicking licking upskirt .rar.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\chinese blowjob nude licking girly .zip.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\kicking full movie hotel .avi.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\nude licking legs hairy (Britney).mpeg.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\german lesbian lesbian [bangbus] .rar.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\canadian gang bang action public balls .mpg.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\american blowjob blowjob several models legs .avi.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\asian fucking catfight .mpeg.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\blowjob licking boobs hotel (Samantha).rar.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\brasilian xxx [free] .zip.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\cumshot licking .rar.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\british xxx lesbian uncut boobs 50+ (Sylvia,Samantha).avi.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\norwegian animal public .zip.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\brasilian porn [bangbus] gorgeoushorny (Kathrin).zip.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\Downloaded Program Files\porn xxx several models .mpeg.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\PLA\Templates\danish beast nude [bangbus] ash .avi.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\fetish uncut .avi.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\indian cum animal [milf] wifey .zip.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\malaysia animal xxx hidden .rar.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\black hardcore several models wifey .avi.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\british handjob horse catfight ash .rar.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\brasilian bukkake sleeping boots (Christine).avi.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\CbsTemp\malaysia fucking several models (Kathrin).mpg.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\InputMethod\SHARED\action lesbian [bangbus] .mpg.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\brasilian horse catfight circumcision .avi.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\indian handjob [milf] titts leather (Jenna).zip.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\canadian beast blowjob public (Tatjana).avi.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\american lingerie cum masturbation ejaculation (Melissa,Curtney).mpeg.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\assembly\tmp\british gay lesbian .avi.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\swedish kicking lingerie full movie hole castration .avi.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\german bukkake girls (Tatjana,Samantha).zip.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\swedish kicking cumshot big (Anniston,Anniston).zip.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\blowjob horse several models fishy .avi.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\french cum lingerie masturbation black hairunshaved .zip.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\gang bang lesbian voyeur vagina YEâPSè& .mpg.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\japanese animal uncut mature .zip.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\swedish horse [free] glans ejaculation .mpeg.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\mssrv.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\american fetish several models cock hairy .mpg.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\black fucking girls glans .mpg.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\handjob action hidden fishy (Sandy).mpg.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\fetish several models mistress (Tatjana,Ashley).rar.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\black bukkake hardcore big .mpeg.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\SoftwareDistribution\Download\asian beast voyeur .avi.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\beast hardcore [free] .rar.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\nude cum licking feet (Karin).zip.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\horse kicking full movie .zip.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\porn voyeur legs 40+ (Samantha,Janette).mpg.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\russian gang bang hardcore licking latex .rar.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\cum action [bangbus] YEâPSè& .mpg.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\trambling cum voyeur .mpeg.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\russian action girls blondie (Jenna).avi.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\gang bang lesbian circumcision .rar.exe	3fd49ece25ae1ba2334094efb7fb1200N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2512	3fd49ece25ae1ba2334094efb7fb1200N.exe
2512	3fd49ece25ae1ba2334094efb7fb1200N.exe
2988	3fd49ece25ae1ba2334094efb7fb1200N.exe
2988	3fd49ece25ae1ba2334094efb7fb1200N.exe
2512	3fd49ece25ae1ba2334094efb7fb1200N.exe
2512	3fd49ece25ae1ba2334094efb7fb1200N.exe
5060	3fd49ece25ae1ba2334094efb7fb1200N.exe
5060	3fd49ece25ae1ba2334094efb7fb1200N.exe
3412	3fd49ece25ae1ba2334094efb7fb1200N.exe
3412	3fd49ece25ae1ba2334094efb7fb1200N.exe
2988	3fd49ece25ae1ba2334094efb7fb1200N.exe
2988	3fd49ece25ae1ba2334094efb7fb1200N.exe
2512	3fd49ece25ae1ba2334094efb7fb1200N.exe
2512	3fd49ece25ae1ba2334094efb7fb1200N.exe
4352	3fd49ece25ae1ba2334094efb7fb1200N.exe
4352	3fd49ece25ae1ba2334094efb7fb1200N.exe
2720	3fd49ece25ae1ba2334094efb7fb1200N.exe
2720	3fd49ece25ae1ba2334094efb7fb1200N.exe
772	3fd49ece25ae1ba2334094efb7fb1200N.exe
772	3fd49ece25ae1ba2334094efb7fb1200N.exe
4948	3fd49ece25ae1ba2334094efb7fb1200N.exe
4948	3fd49ece25ae1ba2334094efb7fb1200N.exe
5060	3fd49ece25ae1ba2334094efb7fb1200N.exe
5060	3fd49ece25ae1ba2334094efb7fb1200N.exe
2988	3fd49ece25ae1ba2334094efb7fb1200N.exe
2988	3fd49ece25ae1ba2334094efb7fb1200N.exe
2512	3fd49ece25ae1ba2334094efb7fb1200N.exe
2512	3fd49ece25ae1ba2334094efb7fb1200N.exe
3412	3fd49ece25ae1ba2334094efb7fb1200N.exe
3412	3fd49ece25ae1ba2334094efb7fb1200N.exe
4616	3fd49ece25ae1ba2334094efb7fb1200N.exe
4616	3fd49ece25ae1ba2334094efb7fb1200N.exe
3656	3fd49ece25ae1ba2334094efb7fb1200N.exe
3656	3fd49ece25ae1ba2334094efb7fb1200N.exe
4352	3fd49ece25ae1ba2334094efb7fb1200N.exe
4352	3fd49ece25ae1ba2334094efb7fb1200N.exe
4504	3fd49ece25ae1ba2334094efb7fb1200N.exe
4504	3fd49ece25ae1ba2334094efb7fb1200N.exe
1008	3fd49ece25ae1ba2334094efb7fb1200N.exe
1008	3fd49ece25ae1ba2334094efb7fb1200N.exe
3888	3fd49ece25ae1ba2334094efb7fb1200N.exe
3888	3fd49ece25ae1ba2334094efb7fb1200N.exe
5060	3fd49ece25ae1ba2334094efb7fb1200N.exe
5060	3fd49ece25ae1ba2334094efb7fb1200N.exe
2988	3fd49ece25ae1ba2334094efb7fb1200N.exe
2988	3fd49ece25ae1ba2334094efb7fb1200N.exe
2512	3fd49ece25ae1ba2334094efb7fb1200N.exe
2512	3fd49ece25ae1ba2334094efb7fb1200N.exe
3412	3fd49ece25ae1ba2334094efb7fb1200N.exe
3412	3fd49ece25ae1ba2334094efb7fb1200N.exe
4880	3fd49ece25ae1ba2334094efb7fb1200N.exe
4880	3fd49ece25ae1ba2334094efb7fb1200N.exe
1096	3fd49ece25ae1ba2334094efb7fb1200N.exe
1096	3fd49ece25ae1ba2334094efb7fb1200N.exe
2720	3fd49ece25ae1ba2334094efb7fb1200N.exe
2720	3fd49ece25ae1ba2334094efb7fb1200N.exe
1228	3fd49ece25ae1ba2334094efb7fb1200N.exe
1228	3fd49ece25ae1ba2334094efb7fb1200N.exe
772	3fd49ece25ae1ba2334094efb7fb1200N.exe
772	3fd49ece25ae1ba2334094efb7fb1200N.exe
4948	3fd49ece25ae1ba2334094efb7fb1200N.exe
4948	3fd49ece25ae1ba2334094efb7fb1200N.exe
1728	3fd49ece25ae1ba2334094efb7fb1200N.exe
1728	3fd49ece25ae1ba2334094efb7fb1200N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 2988	2512	3fd49ece25ae1ba2334094efb7fb1200N.exe	86
PID 2512 wrote to memory of 2988	2512	3fd49ece25ae1ba2334094efb7fb1200N.exe	86
PID 2512 wrote to memory of 2988	2512	3fd49ece25ae1ba2334094efb7fb1200N.exe	86
PID 2988 wrote to memory of 5060	2988	3fd49ece25ae1ba2334094efb7fb1200N.exe	87
PID 2988 wrote to memory of 5060	2988	3fd49ece25ae1ba2334094efb7fb1200N.exe	87
PID 2988 wrote to memory of 5060	2988	3fd49ece25ae1ba2334094efb7fb1200N.exe	87
PID 2512 wrote to memory of 3412	2512	3fd49ece25ae1ba2334094efb7fb1200N.exe	88
PID 2512 wrote to memory of 3412	2512	3fd49ece25ae1ba2334094efb7fb1200N.exe	88
PID 2512 wrote to memory of 3412	2512	3fd49ece25ae1ba2334094efb7fb1200N.exe	88
PID 5060 wrote to memory of 4352	5060	3fd49ece25ae1ba2334094efb7fb1200N.exe	89
PID 5060 wrote to memory of 4352	5060	3fd49ece25ae1ba2334094efb7fb1200N.exe	89
PID 5060 wrote to memory of 4352	5060	3fd49ece25ae1ba2334094efb7fb1200N.exe	89
PID 2988 wrote to memory of 2720	2988	3fd49ece25ae1ba2334094efb7fb1200N.exe	90
PID 2988 wrote to memory of 2720	2988	3fd49ece25ae1ba2334094efb7fb1200N.exe	90
PID 2988 wrote to memory of 2720	2988	3fd49ece25ae1ba2334094efb7fb1200N.exe	90
PID 2512 wrote to memory of 772	2512	3fd49ece25ae1ba2334094efb7fb1200N.exe	91
PID 2512 wrote to memory of 772	2512	3fd49ece25ae1ba2334094efb7fb1200N.exe	91
PID 2512 wrote to memory of 772	2512	3fd49ece25ae1ba2334094efb7fb1200N.exe	91
PID 3412 wrote to memory of 4948	3412	3fd49ece25ae1ba2334094efb7fb1200N.exe	92
PID 3412 wrote to memory of 4948	3412	3fd49ece25ae1ba2334094efb7fb1200N.exe	92
PID 3412 wrote to memory of 4948	3412	3fd49ece25ae1ba2334094efb7fb1200N.exe	92
PID 4352 wrote to memory of 4616	4352	3fd49ece25ae1ba2334094efb7fb1200N.exe	93
PID 4352 wrote to memory of 4616	4352	3fd49ece25ae1ba2334094efb7fb1200N.exe	93
PID 4352 wrote to memory of 4616	4352	3fd49ece25ae1ba2334094efb7fb1200N.exe	93
PID 5060 wrote to memory of 3656	5060	3fd49ece25ae1ba2334094efb7fb1200N.exe	94
PID 5060 wrote to memory of 3656	5060	3fd49ece25ae1ba2334094efb7fb1200N.exe	94
PID 5060 wrote to memory of 3656	5060	3fd49ece25ae1ba2334094efb7fb1200N.exe	94
PID 2988 wrote to memory of 1008	2988	3fd49ece25ae1ba2334094efb7fb1200N.exe	95
PID 2988 wrote to memory of 1008	2988	3fd49ece25ae1ba2334094efb7fb1200N.exe	95
PID 2988 wrote to memory of 1008	2988	3fd49ece25ae1ba2334094efb7fb1200N.exe	95
PID 3412 wrote to memory of 4504	3412	3fd49ece25ae1ba2334094efb7fb1200N.exe	96
PID 3412 wrote to memory of 4504	3412	3fd49ece25ae1ba2334094efb7fb1200N.exe	96
PID 3412 wrote to memory of 4504	3412	3fd49ece25ae1ba2334094efb7fb1200N.exe	96
PID 2512 wrote to memory of 3888	2512	3fd49ece25ae1ba2334094efb7fb1200N.exe	97
PID 2512 wrote to memory of 3888	2512	3fd49ece25ae1ba2334094efb7fb1200N.exe	97
PID 2512 wrote to memory of 3888	2512	3fd49ece25ae1ba2334094efb7fb1200N.exe	97
PID 2720 wrote to memory of 4880	2720	3fd49ece25ae1ba2334094efb7fb1200N.exe	98
PID 2720 wrote to memory of 4880	2720	3fd49ece25ae1ba2334094efb7fb1200N.exe	98
PID 2720 wrote to memory of 4880	2720	3fd49ece25ae1ba2334094efb7fb1200N.exe	98
PID 772 wrote to memory of 1096	772	3fd49ece25ae1ba2334094efb7fb1200N.exe	99
PID 772 wrote to memory of 1096	772	3fd49ece25ae1ba2334094efb7fb1200N.exe	99
PID 772 wrote to memory of 1096	772	3fd49ece25ae1ba2334094efb7fb1200N.exe	99
PID 4948 wrote to memory of 1228	4948	3fd49ece25ae1ba2334094efb7fb1200N.exe	100
PID 4948 wrote to memory of 1228	4948	3fd49ece25ae1ba2334094efb7fb1200N.exe	100
PID 4948 wrote to memory of 1228	4948	3fd49ece25ae1ba2334094efb7fb1200N.exe	100
PID 4352 wrote to memory of 1728	4352	3fd49ece25ae1ba2334094efb7fb1200N.exe	101
PID 4352 wrote to memory of 1728	4352	3fd49ece25ae1ba2334094efb7fb1200N.exe	101
PID 4352 wrote to memory of 1728	4352	3fd49ece25ae1ba2334094efb7fb1200N.exe	101
PID 5060 wrote to memory of 4508	5060	3fd49ece25ae1ba2334094efb7fb1200N.exe	102
PID 5060 wrote to memory of 4508	5060	3fd49ece25ae1ba2334094efb7fb1200N.exe	102
PID 5060 wrote to memory of 4508	5060	3fd49ece25ae1ba2334094efb7fb1200N.exe	102
PID 2988 wrote to memory of 4932	2988	3fd49ece25ae1ba2334094efb7fb1200N.exe	103
PID 2988 wrote to memory of 4932	2988	3fd49ece25ae1ba2334094efb7fb1200N.exe	103
PID 2988 wrote to memory of 4932	2988	3fd49ece25ae1ba2334094efb7fb1200N.exe	103
PID 2512 wrote to memory of 2656	2512	3fd49ece25ae1ba2334094efb7fb1200N.exe	104
PID 2512 wrote to memory of 2656	2512	3fd49ece25ae1ba2334094efb7fb1200N.exe	104
PID 2512 wrote to memory of 2656	2512	3fd49ece25ae1ba2334094efb7fb1200N.exe	104
PID 3412 wrote to memory of 2216	3412	3fd49ece25ae1ba2334094efb7fb1200N.exe	105
PID 3412 wrote to memory of 2216	3412	3fd49ece25ae1ba2334094efb7fb1200N.exe	105
PID 3412 wrote to memory of 2216	3412	3fd49ece25ae1ba2334094efb7fb1200N.exe	105
PID 4616 wrote to memory of 4544	4616	3fd49ece25ae1ba2334094efb7fb1200N.exe	106
PID 4616 wrote to memory of 4544	4616	3fd49ece25ae1ba2334094efb7fb1200N.exe	106
PID 4616 wrote to memory of 4544	4616	3fd49ece25ae1ba2334094efb7fb1200N.exe	106
PID 772 wrote to memory of 4024	772	3fd49ece25ae1ba2334094efb7fb1200N.exe	107

C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
"C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2512
- C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
  "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2988
- - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
    "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:5060
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:4352
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:4616
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:4544
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:5128
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        8⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        9⤵
        
        PID:14884
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        9⤵
        
        PID:20604
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        8⤵
        
        PID:9892
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        9⤵
        
        PID:19900
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        8⤵
        
        PID:14284
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        8⤵
        
        PID:20168
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        8⤵
        
        PID:14400
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        8⤵
        
        PID:20216
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:8504
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        8⤵
        
        PID:20120
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:12176
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:13904
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:19244
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:6808
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        8⤵
        
        PID:14352
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        8⤵
        
        PID:20280
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:9192
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        8⤵
        
        PID:12652
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:12748
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:13808
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:18892
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:5544
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:10488
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        8⤵
        
        PID:18800
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:14040
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:19740
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:7460
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:14824
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:20588
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:10140
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:18776
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:14236
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:20472
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:1728
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:5144
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        8⤵
        
        PID:14096
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        8⤵
        
        PID:19892
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:9708
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        8⤵
        
        PID:18408
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:15072
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:20792
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:14376
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:20208
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:8616
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:20112
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:12260
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:13872
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:18916
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:960
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:7268
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:14204
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:20376
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:10064
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:18344
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:14276
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:20508
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:5628
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:12024
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:13752
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:18816
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:7528
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:14784
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:20532
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:10824
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:18712
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:14008
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:19716
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:3656
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:208
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:5504
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:9500
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        8⤵
        
        PID:20128
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:14368
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:20264
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:14844
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:20596
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:10124
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:18360
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:14244
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:20456
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:3176
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:6416
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:12568
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:13744
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:19392
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:18760
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:4620
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:13880
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:19408
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:5552
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:10072
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:19636
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:14252
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:20524
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:7444
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:14832
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:13532
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:10348
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:18368
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:14064
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:19756
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:4508
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:5172
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:7496
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:14816
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:20556
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:10504
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:19252
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:14032
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:19724
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:6352
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:13720
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:20248
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:8608
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:19916
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:3328
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:13888
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:19668
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:2444
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:7284
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:14876
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:13500
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:10496
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:18792
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:14048
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:19732
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:5620
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:12116
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:13920
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:19852
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:7484
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:14212
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:20408
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:10768
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:18720
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:13768
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:18640
- - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
    "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2720
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4880
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:448
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:14056
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:19748
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:9236
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:18416
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:14424
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:20240
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:6104
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:12368
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:13864
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:19400
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:8440
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:18860
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:11888
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:13944
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:19796
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:5020
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:5300
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:14752
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:20516
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:10164
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:19424
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:14456
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:20328
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:6492
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:14384
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:20304
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:8740
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:18824
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:12544
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:13816
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:18952
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:376
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:5480
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:9544
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:20724
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:13696
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:12132
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:7300
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:14928
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:12136
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:10312
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:19644
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:14136
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:20564
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:5568
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:9672
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:19628
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:836
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:20384
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:7452
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:14920
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:12768
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:10328
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:19660
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:14128
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:20160
- - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
    "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:1008
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:4128
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:6836
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:14408
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:20224
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:9168
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:18544
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:12756
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:13800
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:18900
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:5892
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:11736
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:15504
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:20952
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:13952
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:19820
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:8060
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:14760
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:13264
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:11096
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:18980
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:13968
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:19836
- - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
    "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
    3⤵
    PID:4932
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:5136
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:7292
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:14732
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:20400
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:10156
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:18336
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:14228
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:20448
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:6268
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:12444
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:13832
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:18832
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:8520
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:20096
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:12076
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:14172
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:20500
- - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
    "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
    3⤵
    PID:2356
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:6980
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:14088
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:19764
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:9200
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:1980
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:14440
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:20312
- - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
    "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
    3⤵
    PID:5608
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:11324
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:18876
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:14180
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:20440
- - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
    "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
    3⤵
    PID:7512
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:14768
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:20580
- - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
    "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
    3⤵
    PID:10840
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:19600
- - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
    "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
    3⤵
    PID:14000
- - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
    "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
    3⤵
    PID:19876
- C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
  "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3412
- - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
    "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4948
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:1228
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:7236
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:14868
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:20612
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:9948
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:20152
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:14268
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:20492
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:6048
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:11976
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:13936
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:19828
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:8252
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:14944
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:20620
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:11364
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:18424
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:13960
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:19684
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:2996
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:7164
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:14188
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:20368
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:10028
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:19676
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:14316
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:20192
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:6640
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:13728
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:20288
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:9208
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:20076
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:14432
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:20320
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:4432
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:6956
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:14112
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:19700
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:9176
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:19924
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:14448
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:13604
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:5536
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:9404
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:20136
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:14392
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:20296
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:7436
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:14936
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:20976
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:10176
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:19932
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:14120
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:19692
- - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
    "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4504
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:1204
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:5464
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:9364
        
        C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        7⤵
        
        PID:19268
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:14416
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:20256
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:7260
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:14860
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:12848
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:9900
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:18392
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:14300
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:20432
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:5692
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:9836
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:19620
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:14308
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:20184
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:7536
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:14800
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:20540
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:10720
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:18744
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:14016
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:19860
- - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
    "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
    3⤵
    PID:2216
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:5224
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:7156
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:14104
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:19868
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:10056
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:18376
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:14912
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:12064
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:6448
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:12620
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:13736
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:18808
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:8748
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:20144
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:12404
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:13856
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:18924
- - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
    "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
    3⤵
    PID:4056
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:7252
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:14196
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:20392
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:9884
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:19612
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:14260
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:20484
- - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
    "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
    3⤵
    PID:5716
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:10728
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:19260
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:14024
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:19812
- - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
    "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
    3⤵
    PID:7504
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:14808
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:20676
- - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
    "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
    3⤵
    PID:10832
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:18704
- - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
    "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
    3⤵
    PID:13984
- - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
    "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
    3⤵
    PID:20344
- C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
  "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:772
- - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
    "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:1096
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:1976
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:6904
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:14344
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:20352
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:9116
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:20104
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:12736
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:13784
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:18908
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:5744
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:11460
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:18352
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:13760
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:18868
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:7836
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:14776
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:2468
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:10988
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:18752
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:13976
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:19804
- - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
    "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
    3⤵
    PID:4024
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:5200
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:7128
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:14080
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:19844
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:9684
      - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        6⤵
        
        PID:19192
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:14324
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:20424
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:6384
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:12560
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:13840
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:18944
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:8844
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:18728
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:12436
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:13848
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:18884
- - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
    "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
    3⤵
    PID:2732
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:6476
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:14332
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:20336
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:8544
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:19884
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:12168
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:13912
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:19780
- - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
    "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
    3⤵
    PID:5560
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:9876
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:20068
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:14292
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:20176
- - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
    "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
    3⤵
    PID:7352
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:14852
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:20572
- - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
    "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
    3⤵
    PID:10148
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:18384
- - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
    "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
    3⤵
    PID:14220
- - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
    "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
    3⤵
    PID:20464
- C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
  "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:3888
- - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
    "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
    3⤵
    PID:1988
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:7324
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:14720
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:20360
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:10364
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:18736
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:14072
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:19772
- - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
    "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
    3⤵
    PID:6252
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:12536
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:13824
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:18960
- - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
    "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
    3⤵
    PID:8512
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:19908
- - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
    "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
    3⤵
    PID:12068
- - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
    "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
    3⤵
    PID:13928
- - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
    "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
    3⤵
    PID:19788
- C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
  "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
  2⤵
  PID:2656
- - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
    "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
    3⤵
    PID:5308
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:7468
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:14952
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:13568
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:10320
    - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
        5⤵
        
        PID:19416
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:14904
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:20784
- - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
    "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
    3⤵
    PID:6520
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:14360
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:20272
- - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
    "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
    3⤵
    PID:9112
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:19380
- - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
    "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
    3⤵
    PID:12728
- - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
    "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
    3⤵
    PID:13792
- - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
    "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
    3⤵
    PID:19652
- C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
  "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
  2⤵
  PID:2404
- - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
    "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
    3⤵
    PID:6484
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:13688
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:20200
- - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
    "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
    3⤵
    PID:8660
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:18784
- - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
    "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
    3⤵
    PID:12240
- - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
    "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
    3⤵
    PID:13896
- - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
    "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
    3⤵
    PID:18932
- C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
  "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
  2⤵
  PID:5684
- - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
    "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
    3⤵
    PID:9700
  - - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
      "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
      4⤵
      PID:18400
- - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
    "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
    3⤵
    PID:12272
- - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
    "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
    3⤵
    PID:20416
- C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
  "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
  2⤵
  PID:7520
- - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
    "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
    3⤵
    PID:14792
- - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
    "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
    3⤵
    PID:20548
- C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
  "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
  2⤵
  PID:10816
- - C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
    "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
    3⤵
    PID:18768
- C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
  "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
  2⤵
  PID:13992
- C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe
  "C:\Users\Admin\AppData\Local\Temp\3fd49ece25ae1ba2334094efb7fb1200N.exe"
  2⤵
  PID:19708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\french lesbian hot (!) femdom (Liz,Tatjana).rar.exe

Filesize
1.2MB

MD5
cc141937f5141a4eb879397d17c7bcdc

SHA1
4f0a95b44e6441d0a8a99a9ad41859beb6faca7b

SHA256
9483d68e5ff638f2f7eaea73ff7569d355cf60a4bc52466ef473106dc5ae27a6

SHA512
8675e280f13012b4d5c40e31b535b6e1d24881bdf473ab415e1e76f2375eb51dbcaf3fba5bae4cded3261c613c6d0bec7ee2b5b9341f7323d6f618d82c373142

Download Submit