0bc1d9c73b57a2f10ec8b65fce48bf5950c4b1139c2617666d883871caf6b035

Analysis

max time kernel
14s
max time network
8s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14-07-2024 23:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4190dff86bb04b530fe74b79f53c7e90N.exe
Size

230KB
MD5

4190dff86bb04b530fe74b79f53c7e90
SHA1

364cd87c82e715dc4d8d42c664863f5660d23f81
SHA256

0bc1d9c73b57a2f10ec8b65fce48bf5950c4b1139c2617666d883871caf6b035
SHA512

9d3ae73370dce8f11e1a127a4392818cca6f77f116029b8faaf0d5cf03424fdf8e20940da7a2835ac23682df4991290c073cb4870a93fbf1c420e28057f1f353
SSDEEP

6144:oGHGRpO9p1om9+xs3NBBzUEYSjxYYFPrgVusy33:oGHasii9BNUEVNKVy3

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	4190dff86bb04b530fe74b79f53c7e90N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	4190dff86bb04b530fe74b79f53c7e90N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	4190dff86bb04b530fe74b79f53c7e90N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	4190dff86bb04b530fe74b79f53c7e90N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	4190dff86bb04b530fe74b79f53c7e90N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	4190dff86bb04b530fe74b79f53c7e90N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	4190dff86bb04b530fe74b79f53c7e90N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	4190dff86bb04b530fe74b79f53c7e90N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	4190dff86bb04b530fe74b79f53c7e90N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	4190dff86bb04b530fe74b79f53c7e90N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	4190dff86bb04b530fe74b79f53c7e90N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	4190dff86bb04b530fe74b79f53c7e90N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	4190dff86bb04b530fe74b79f53c7e90N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	4190dff86bb04b530fe74b79f53c7e90N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	4190dff86bb04b530fe74b79f53c7e90N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	4190dff86bb04b530fe74b79f53c7e90N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	4190dff86bb04b530fe74b79f53c7e90N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	4190dff86bb04b530fe74b79f53c7e90N.exe
File opened (read-only)	\??\K:	4190dff86bb04b530fe74b79f53c7e90N.exe
File opened (read-only)	\??\P:	4190dff86bb04b530fe74b79f53c7e90N.exe
File opened (read-only)	\??\R:	4190dff86bb04b530fe74b79f53c7e90N.exe
File opened (read-only)	\??\W:	4190dff86bb04b530fe74b79f53c7e90N.exe
File opened (read-only)	\??\Y:	4190dff86bb04b530fe74b79f53c7e90N.exe
File opened (read-only)	\??\H:	4190dff86bb04b530fe74b79f53c7e90N.exe
File opened (read-only)	\??\L:	4190dff86bb04b530fe74b79f53c7e90N.exe
File opened (read-only)	\??\Q:	4190dff86bb04b530fe74b79f53c7e90N.exe
File opened (read-only)	\??\V:	4190dff86bb04b530fe74b79f53c7e90N.exe
File opened (read-only)	\??\X:	4190dff86bb04b530fe74b79f53c7e90N.exe
File opened (read-only)	\??\A:	4190dff86bb04b530fe74b79f53c7e90N.exe
File opened (read-only)	\??\G:	4190dff86bb04b530fe74b79f53c7e90N.exe
File opened (read-only)	\??\J:	4190dff86bb04b530fe74b79f53c7e90N.exe
File opened (read-only)	\??\O:	4190dff86bb04b530fe74b79f53c7e90N.exe
File opened (read-only)	\??\S:	4190dff86bb04b530fe74b79f53c7e90N.exe
File opened (read-only)	\??\T:	4190dff86bb04b530fe74b79f53c7e90N.exe
File opened (read-only)	\??\U:	4190dff86bb04b530fe74b79f53c7e90N.exe
File opened (read-only)	\??\Z:	4190dff86bb04b530fe74b79f53c7e90N.exe
File opened (read-only)	\??\B:	4190dff86bb04b530fe74b79f53c7e90N.exe
File opened (read-only)	\??\I:	4190dff86bb04b530fe74b79f53c7e90N.exe
File opened (read-only)	\??\M:	4190dff86bb04b530fe74b79f53c7e90N.exe
File opened (read-only)	\??\N:	4190dff86bb04b530fe74b79f53c7e90N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\IME\SHARED\american handjob blowjob [bangbus] fishy (Sandy,Liz).zip.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\japanese cumshot horse licking cock redhair (Janette).mpeg.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\japanese cumshot hardcore [bangbus] feet .mpg.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\SysWOW64\FxsTmp\asian lingerie catfight glans latex .zip.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\SysWOW64\FxsTmp\blowjob hot (!) stockings .mpg.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\japanese animal lingerie [bangbus] traffic .mpeg.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\japanese animal trambling [bangbus] .mpeg.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\japanese porn bukkake [free] tß .rar.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\gay girls feet (Anniston,Janette).zip.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\fucking licking glans mistress .rar.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\lingerie girls castration .avi.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\System32\DriverStore\Temp\american kicking gay sleeping .zip.exe	4190dff86bb04b530fe74b79f53c7e90N.exe

Drops file in Program Files directory 17 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Google\Temp\danish cum sperm several models pregnant .mpg.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Program Files\Common Files\microsoft shared\american gang bang blowjob several models young .mpeg.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\brasilian porn fucking full movie (Sarah).mpeg.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\lesbian catfight glans wifey .mpg.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\black action blowjob big cock .mpg.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\lingerie catfight (Melissa).mpg.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Program Files\Microsoft Office\root\Templates\japanese animal gay full movie 50+ .mpg.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\chinese hardcore several models feet young (Melissa).mpeg.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Program Files (x86)\Google\Update\Download\italian kicking fucking licking feet .avi.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\black cum bukkake lesbian boots .mpg.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Program Files\dotnet\shared\danish porn trambling sleeping upskirt .zip.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\japanese fetish trambling public cock (Gina,Samantha).mpg.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\swedish horse lesbian [free] glans balls (Janette).rar.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\horse hot (!) feet hairy (Sylvia).mpg.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\russian gang bang hardcore licking leather .mpeg.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\xxx lesbian feet gorgeoushorny (Samantha).avi.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\american gang bang trambling full movie .zip.exe	4190dff86bb04b530fe74b79f53c7e90N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\british fucking masturbation shower .avi.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\swedish action bukkake hidden glans .zip.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\african xxx sleeping bondage .avi.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\tyrkish cum trambling uncut wifey .mpg.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\bukkake big (Liz).zip.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\malaysia sperm [milf] cock 40+ .zip.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\french trambling sleeping cock black hairunshaved .mpg.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\malaysia xxx masturbation .rar.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\action gay masturbation feet mature .zip.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\mssrv.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\swedish cumshot beast sleeping wifey .zip.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\swedish nude lesbian [milf] glans balls .rar.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\african fucking voyeur glans traffic .mpeg.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\canadian lesbian hidden 50+ .zip.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\norwegian beast [free] .rar.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\tyrkish handjob lesbian [bangbus] feet latex .zip.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\black cumshot blowjob public circumcision (Gina,Melissa).mpeg.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\french fucking full movie .mpeg.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\spanish sperm sleeping (Karin).avi.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\black cumshot lesbian public .zip.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\kicking blowjob girls hole beautyfull .zip.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\tyrkish nude bukkake big (Karin).mpeg.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\norwegian sperm uncut glans black hairunshaved (Tatjana).rar.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\InputMethod\SHARED\lesbian hot (!) hole leather (Samantha).avi.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\SoftwareDistribution\Download\bukkake girls .mpg.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\danish kicking lesbian masturbation redhair .avi.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\cum trambling several models feet swallow .avi.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\kicking xxx hidden (Sylvia).zip.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\malaysia lesbian [free] mistress .zip.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\american horse trambling big (Sarah).mpg.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\Downloaded Program Files\tyrkish handjob sperm hidden femdom .avi.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\spanish blowjob several models sm .zip.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\african blowjob full movie glans balls .mpg.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\asian trambling girls balls .avi.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\chinese fucking uncut girly (Sonja,Curtney).rar.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\chinese lingerie masturbation glans Ôï (Sylvia).rar.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\cumshot trambling catfight .zip.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\black kicking horse lesbian (Jade).zip.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\tyrkish kicking blowjob [bangbus] glans black hairunshaved (Sarah).mpg.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\PLA\Templates\lingerie masturbation titts sm .zip.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\japanese cum gay catfight titts black hairunshaved (Sylvia).zip.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\canadian sperm uncut Ôï .rar.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\malaysia fucking hot (!) feet .rar.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\action horse hot (!) hole balls (Karin).rar.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\beastiality horse licking .mpg.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\japanese animal beast hidden hole pregnant (Samantha).mpg.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\blowjob girls stockings .rar.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\italian porn bukkake sleeping hole .mpg.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\japanese nude lesbian hot (!) glans gorgeoushorny .rar.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\canadian fucking hidden hairy .mpg.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\chinese horse hot (!) glans .rar.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\italian horse bukkake licking .avi.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\indian cum hardcore [milf] beautyfull .zip.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\gay catfight titts fishy (Sylvia).avi.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\nude fucking sleeping feet .mpeg.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\chinese lingerie voyeur ash .avi.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\brasilian animal bukkake hidden hole .mpg.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\kicking lingerie several models gorgeoushorny .zip.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\assembly\temp\hardcore licking high heels (Sonja,Jade).avi.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\lingerie [bangbus] feet high heels .avi.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\tyrkish porn gay full movie titts (Britney,Samantha).zip.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\handjob sperm licking cock high heels .zip.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\asian bukkake [free] .rar.exe	4190dff86bb04b530fe74b79f53c7e90N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\asian sperm several models .zip.exe	4190dff86bb04b530fe74b79f53c7e90N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3652	4190dff86bb04b530fe74b79f53c7e90N.exe
3652	4190dff86bb04b530fe74b79f53c7e90N.exe
3964	4190dff86bb04b530fe74b79f53c7e90N.exe
3964	4190dff86bb04b530fe74b79f53c7e90N.exe
3652	4190dff86bb04b530fe74b79f53c7e90N.exe
3652	4190dff86bb04b530fe74b79f53c7e90N.exe
3016	4190dff86bb04b530fe74b79f53c7e90N.exe
3016	4190dff86bb04b530fe74b79f53c7e90N.exe
3652	4190dff86bb04b530fe74b79f53c7e90N.exe
3652	4190dff86bb04b530fe74b79f53c7e90N.exe
4720	4190dff86bb04b530fe74b79f53c7e90N.exe
4720	4190dff86bb04b530fe74b79f53c7e90N.exe
3964	4190dff86bb04b530fe74b79f53c7e90N.exe
3964	4190dff86bb04b530fe74b79f53c7e90N.exe
1872	4190dff86bb04b530fe74b79f53c7e90N.exe
1872	4190dff86bb04b530fe74b79f53c7e90N.exe
4248	4190dff86bb04b530fe74b79f53c7e90N.exe
4248	4190dff86bb04b530fe74b79f53c7e90N.exe
3016	4190dff86bb04b530fe74b79f53c7e90N.exe
1876	4190dff86bb04b530fe74b79f53c7e90N.exe
3016	4190dff86bb04b530fe74b79f53c7e90N.exe
1876	4190dff86bb04b530fe74b79f53c7e90N.exe
868	4190dff86bb04b530fe74b79f53c7e90N.exe
868	4190dff86bb04b530fe74b79f53c7e90N.exe
3652	4190dff86bb04b530fe74b79f53c7e90N.exe
3652	4190dff86bb04b530fe74b79f53c7e90N.exe
3964	4190dff86bb04b530fe74b79f53c7e90N.exe
3964	4190dff86bb04b530fe74b79f53c7e90N.exe
4720	4190dff86bb04b530fe74b79f53c7e90N.exe
4720	4190dff86bb04b530fe74b79f53c7e90N.exe
3452	4190dff86bb04b530fe74b79f53c7e90N.exe
3452	4190dff86bb04b530fe74b79f53c7e90N.exe
3016	4190dff86bb04b530fe74b79f53c7e90N.exe
3016	4190dff86bb04b530fe74b79f53c7e90N.exe
1328	4190dff86bb04b530fe74b79f53c7e90N.exe
1328	4190dff86bb04b530fe74b79f53c7e90N.exe
1604	4190dff86bb04b530fe74b79f53c7e90N.exe
1604	4190dff86bb04b530fe74b79f53c7e90N.exe
2696	4190dff86bb04b530fe74b79f53c7e90N.exe
2696	4190dff86bb04b530fe74b79f53c7e90N.exe
3652	4190dff86bb04b530fe74b79f53c7e90N.exe
3652	4190dff86bb04b530fe74b79f53c7e90N.exe
3964	4190dff86bb04b530fe74b79f53c7e90N.exe
3964	4190dff86bb04b530fe74b79f53c7e90N.exe
1872	4190dff86bb04b530fe74b79f53c7e90N.exe
1872	4190dff86bb04b530fe74b79f53c7e90N.exe
1256	4190dff86bb04b530fe74b79f53c7e90N.exe
1256	4190dff86bb04b530fe74b79f53c7e90N.exe
4720	4190dff86bb04b530fe74b79f53c7e90N.exe
4720	4190dff86bb04b530fe74b79f53c7e90N.exe
3092	4190dff86bb04b530fe74b79f53c7e90N.exe
3092	4190dff86bb04b530fe74b79f53c7e90N.exe
4248	4190dff86bb04b530fe74b79f53c7e90N.exe
4248	4190dff86bb04b530fe74b79f53c7e90N.exe
4472	4190dff86bb04b530fe74b79f53c7e90N.exe
4472	4190dff86bb04b530fe74b79f53c7e90N.exe
920	4190dff86bb04b530fe74b79f53c7e90N.exe
920	4190dff86bb04b530fe74b79f53c7e90N.exe
1876	4190dff86bb04b530fe74b79f53c7e90N.exe
1876	4190dff86bb04b530fe74b79f53c7e90N.exe
868	4190dff86bb04b530fe74b79f53c7e90N.exe
868	4190dff86bb04b530fe74b79f53c7e90N.exe
1548	4190dff86bb04b530fe74b79f53c7e90N.exe
1548	4190dff86bb04b530fe74b79f53c7e90N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3652 wrote to memory of 3964	3652	4190dff86bb04b530fe74b79f53c7e90N.exe	86
PID 3652 wrote to memory of 3964	3652	4190dff86bb04b530fe74b79f53c7e90N.exe	86
PID 3652 wrote to memory of 3964	3652	4190dff86bb04b530fe74b79f53c7e90N.exe	86
PID 3652 wrote to memory of 3016	3652	4190dff86bb04b530fe74b79f53c7e90N.exe	87
PID 3652 wrote to memory of 3016	3652	4190dff86bb04b530fe74b79f53c7e90N.exe	87
PID 3652 wrote to memory of 3016	3652	4190dff86bb04b530fe74b79f53c7e90N.exe	87
PID 3964 wrote to memory of 4720	3964	4190dff86bb04b530fe74b79f53c7e90N.exe	88
PID 3964 wrote to memory of 4720	3964	4190dff86bb04b530fe74b79f53c7e90N.exe	88
PID 3964 wrote to memory of 4720	3964	4190dff86bb04b530fe74b79f53c7e90N.exe	88
PID 3016 wrote to memory of 1872	3016	4190dff86bb04b530fe74b79f53c7e90N.exe	89
PID 3016 wrote to memory of 1872	3016	4190dff86bb04b530fe74b79f53c7e90N.exe	89
PID 3016 wrote to memory of 1872	3016	4190dff86bb04b530fe74b79f53c7e90N.exe	89
PID 3652 wrote to memory of 4248	3652	4190dff86bb04b530fe74b79f53c7e90N.exe	90
PID 3652 wrote to memory of 4248	3652	4190dff86bb04b530fe74b79f53c7e90N.exe	90
PID 3652 wrote to memory of 4248	3652	4190dff86bb04b530fe74b79f53c7e90N.exe	90
PID 3964 wrote to memory of 1876	3964	4190dff86bb04b530fe74b79f53c7e90N.exe	91
PID 3964 wrote to memory of 1876	3964	4190dff86bb04b530fe74b79f53c7e90N.exe	91
PID 3964 wrote to memory of 1876	3964	4190dff86bb04b530fe74b79f53c7e90N.exe	91
PID 4720 wrote to memory of 868	4720	4190dff86bb04b530fe74b79f53c7e90N.exe	92
PID 4720 wrote to memory of 868	4720	4190dff86bb04b530fe74b79f53c7e90N.exe	92
PID 4720 wrote to memory of 868	4720	4190dff86bb04b530fe74b79f53c7e90N.exe	92
PID 3016 wrote to memory of 3452	3016	4190dff86bb04b530fe74b79f53c7e90N.exe	93
PID 3016 wrote to memory of 3452	3016	4190dff86bb04b530fe74b79f53c7e90N.exe	93
PID 3016 wrote to memory of 3452	3016	4190dff86bb04b530fe74b79f53c7e90N.exe	93
PID 1872 wrote to memory of 1328	1872	4190dff86bb04b530fe74b79f53c7e90N.exe	94
PID 1872 wrote to memory of 1328	1872	4190dff86bb04b530fe74b79f53c7e90N.exe	94
PID 1872 wrote to memory of 1328	1872	4190dff86bb04b530fe74b79f53c7e90N.exe	94
PID 3652 wrote to memory of 2696	3652	4190dff86bb04b530fe74b79f53c7e90N.exe	95
PID 3652 wrote to memory of 2696	3652	4190dff86bb04b530fe74b79f53c7e90N.exe	95
PID 3652 wrote to memory of 2696	3652	4190dff86bb04b530fe74b79f53c7e90N.exe	95
PID 3964 wrote to memory of 1604	3964	4190dff86bb04b530fe74b79f53c7e90N.exe	96
PID 3964 wrote to memory of 1604	3964	4190dff86bb04b530fe74b79f53c7e90N.exe	96
PID 3964 wrote to memory of 1604	3964	4190dff86bb04b530fe74b79f53c7e90N.exe	96
PID 4720 wrote to memory of 1256	4720	4190dff86bb04b530fe74b79f53c7e90N.exe	97
PID 4720 wrote to memory of 1256	4720	4190dff86bb04b530fe74b79f53c7e90N.exe	97
PID 4720 wrote to memory of 1256	4720	4190dff86bb04b530fe74b79f53c7e90N.exe	97
PID 4248 wrote to memory of 3092	4248	4190dff86bb04b530fe74b79f53c7e90N.exe	98
PID 4248 wrote to memory of 3092	4248	4190dff86bb04b530fe74b79f53c7e90N.exe	98
PID 4248 wrote to memory of 3092	4248	4190dff86bb04b530fe74b79f53c7e90N.exe	98
PID 1876 wrote to memory of 4472	1876	4190dff86bb04b530fe74b79f53c7e90N.exe	99
PID 1876 wrote to memory of 4472	1876	4190dff86bb04b530fe74b79f53c7e90N.exe	99
PID 1876 wrote to memory of 4472	1876	4190dff86bb04b530fe74b79f53c7e90N.exe	99
PID 868 wrote to memory of 920	868	4190dff86bb04b530fe74b79f53c7e90N.exe	100
PID 868 wrote to memory of 920	868	4190dff86bb04b530fe74b79f53c7e90N.exe	100
PID 868 wrote to memory of 920	868	4190dff86bb04b530fe74b79f53c7e90N.exe	100
PID 3016 wrote to memory of 1548	3016	4190dff86bb04b530fe74b79f53c7e90N.exe	101
PID 3016 wrote to memory of 1548	3016	4190dff86bb04b530fe74b79f53c7e90N.exe	101
PID 3016 wrote to memory of 1548	3016	4190dff86bb04b530fe74b79f53c7e90N.exe	101
PID 3452 wrote to memory of 840	3452	4190dff86bb04b530fe74b79f53c7e90N.exe	102
PID 3452 wrote to memory of 840	3452	4190dff86bb04b530fe74b79f53c7e90N.exe	102
PID 3452 wrote to memory of 840	3452	4190dff86bb04b530fe74b79f53c7e90N.exe	102
PID 3964 wrote to memory of 2264	3964	4190dff86bb04b530fe74b79f53c7e90N.exe	103
PID 3964 wrote to memory of 2264	3964	4190dff86bb04b530fe74b79f53c7e90N.exe	103
PID 3964 wrote to memory of 2264	3964	4190dff86bb04b530fe74b79f53c7e90N.exe	103
PID 3652 wrote to memory of 1248	3652	4190dff86bb04b530fe74b79f53c7e90N.exe	104
PID 3652 wrote to memory of 1248	3652	4190dff86bb04b530fe74b79f53c7e90N.exe	104
PID 3652 wrote to memory of 1248	3652	4190dff86bb04b530fe74b79f53c7e90N.exe	104
PID 1872 wrote to memory of 1852	1872	4190dff86bb04b530fe74b79f53c7e90N.exe	105
PID 1872 wrote to memory of 1852	1872	4190dff86bb04b530fe74b79f53c7e90N.exe	105
PID 1872 wrote to memory of 1852	1872	4190dff86bb04b530fe74b79f53c7e90N.exe	105
PID 4720 wrote to memory of 2752	4720	4190dff86bb04b530fe74b79f53c7e90N.exe	106
PID 4720 wrote to memory of 2752	4720	4190dff86bb04b530fe74b79f53c7e90N.exe	106
PID 4720 wrote to memory of 2752	4720	4190dff86bb04b530fe74b79f53c7e90N.exe	106
PID 4248 wrote to memory of 116	4248	4190dff86bb04b530fe74b79f53c7e90N.exe	107

C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
"C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3652
- C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
  "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3964
- - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
    "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4720
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:868
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:920
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        7⤵
        
        PID:5572
        
        C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        8⤵
        
        PID:9356
        
        C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        8⤵
        
        PID:12808
        
        C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        7⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        8⤵
        
        PID:15084
        
        C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        7⤵
        
        PID:10104
        
        C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        7⤵
        
        PID:14708
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        7⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        8⤵
        
        PID:14404
        
        C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        7⤵
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        7⤵
        
        PID:12544
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        7⤵
        
        PID:12040
        
        C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        7⤵
        
        PID:16660
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:8332
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:11988
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:16644
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:4596
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:5500
        
        C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        7⤵
        
        PID:9308
        
        C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        7⤵
        
        PID:12672
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        7⤵
        
        PID:15008
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:9392
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:12940
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:2092
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:8100
        
        C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        7⤵
        
        PID:16288
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:11056
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:16084
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:6068
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:11432
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:16304
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:8288
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:11660
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:16572
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:1256
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:3644
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        7⤵
        
        PID:9340
        
        C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        7⤵
        
        PID:12696
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        7⤵
        
        PID:15040
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:9256
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:15476
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:3252
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:6896
        
        C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        7⤵
        
        PID:14644
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:9332
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:12664
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:6188
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:12024
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:16828
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:8316
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:11880
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:16620
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:2752
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:5836
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:9516
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:13076
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:7284
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:15048
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:10988
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:15968
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:3332
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:8092
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:16120
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:11064
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:16108
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:6128
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:11752
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:16844
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:8244
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:11624
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:16612
- - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
    "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1876
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4472
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:4796
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        7⤵
        
        PID:9348
        
        C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        7⤵
        
        PID:12848
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:7500
        
        C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        7⤵
        
        PID:14932
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:10384
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:15520
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:972
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        7⤵
        
        PID:14992
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:10156
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:14796
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:6236
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:12172
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:17124
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:8348
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:11980
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:16636
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:212
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:5532
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:9160
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:12680
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:7068
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:15068
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:10148
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:14772
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:880
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:8168
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:11456
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:16296
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:6180
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:11556
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:16436
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:8264
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:11696
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:17316
- - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
    "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:1604
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:1072
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:5808
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:9420
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:12956
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:7380
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:15076
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:10112
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:14636
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:3752
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:7708
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:16100
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:10876
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:15900
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:6104
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:11600
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:16476
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:8216
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:12084
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:16848
- - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
    "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
    3⤵
    PID:2264
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:5908
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:9752
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:13020
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:7292
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:14872
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:10140
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:14804
- - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
    "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
    3⤵
    PID:2204
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:7460
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:15536
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:10392
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:15528
- - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
    "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
    3⤵
    PID:6076
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:12188
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:17116
- - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
    "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
    3⤵
    PID:8208
- - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
    "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
    3⤵
    PID:12076
- - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
    "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
    3⤵
    PID:16668
- C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
  "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3016
- - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
    "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1872
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:1328
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:1696
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        7⤵
        
        PID:9496
        
        C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        7⤵
        
        PID:13040
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:7160
        
        C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        7⤵
        
        PID:14968
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:10008
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:13988
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        7⤵
        
        PID:15552
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:10436
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:15644
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:6060
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:11616
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:16508
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:8200
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:11608
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:16484
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:1852
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:5752
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:9588
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:13008
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:3856
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:14948
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:10088
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:14428
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:3808
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:8108
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:16064
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:11072
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:16076
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:6112
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:11568
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:16492
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:8356
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:2648
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:17140
- - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
    "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3452
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:840
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:5684
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:9484
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:12948
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:7140
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:14976
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:10000
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:14032
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:1260
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:7680
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:16092
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:10524
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:15652
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:6152
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:11888
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:16976
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:8272
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:11680
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:16628
- - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
    "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1548
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:5744
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:9704
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:13088
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:7228
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:15000
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:10096
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:14716
- - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
    "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
    3⤵
    PID:4716
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:7664
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:15592
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:10612
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:15732
- - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
    "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
    3⤵
    PID:6204
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:12032
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:16652
- - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
    "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
    3⤵
    PID:8324
- - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
    "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
    3⤵
    PID:12068
- - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
    "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
    3⤵
    PID:16684
- C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
  "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4248
- - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
    "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:3092
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:1428
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:5564
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:9320
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:12688
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:7076
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:14908
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:9864
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:13448
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:636
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:7480
      - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        6⤵
        
        PID:14924
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:10428
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:15560
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:6196
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:11592
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:16560
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:8296
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:11688
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:16676
- - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
    "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
    3⤵
    PID:116
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:5824
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:9364
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:12912
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:7308
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:14916
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:10244
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:15544
- - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
    "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
    3⤵
    PID:3592
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:7044
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:14896
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:9812
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:13456
- - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
    "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
    3⤵
    PID:6120
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:12008
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:17560
- - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
    "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
    3⤵
    PID:8484
- - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
    "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
    3⤵
    PID:12196
- - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
    "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
    3⤵
    PID:17132
- C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
  "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:2696
- - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
    "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
    3⤵
    PID:2456
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:5508
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:9152
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:12564
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:7020
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:14984
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:9540
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:13000
- - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
    "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
    3⤵
    PID:1760
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:7028
    - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
        5⤵
        
        PID:14888
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:9404
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:12964
- - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
    "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
    3⤵
    PID:6296
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:12180
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:17108
- - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
    "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
    3⤵
    PID:8364
- - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
    "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
    3⤵
    PID:12340
- - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
    "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
    3⤵
    PID:17444
- C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
  "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
  2⤵
  PID:1248
- - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
    "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
    3⤵
    PID:5524
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:9168
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:12556
- - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
    "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
    3⤵
    PID:7060
  - - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
      "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
      4⤵
      PID:14836
- - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
    "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
    3⤵
    PID:9848
- - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
    "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
    3⤵
    PID:13464
- C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
  "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
  2⤵
  PID:2460
- - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
    "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
    3⤵
    PID:8160
- - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
    "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
    3⤵
    PID:11440
- - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
    "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
    3⤵
    PID:16268
- C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
  "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
  2⤵
  PID:6092
- - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
    "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
    3⤵
    PID:11580
- - C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
    "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
    3⤵
    PID:16496
- C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
  "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
  2⤵
  PID:8340
- C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
  "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
  2⤵
  PID:12016
- C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe
  "C:\Users\Admin\AppData\Local\Temp\4190dff86bb04b530fe74b79f53c7e90N.exe"
  2⤵
  PID:16836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\horse hot (!) feet hairy (Sylvia).mpg.exe

Filesize
879KB

MD5
09e770ff3f9fd075f87e1f58bb9d28a4

SHA1
8499ae3e63eddf19c50cd94e8dcec9d2c56a208e

SHA256
56db45cf1b31c4d782fa6f768edb50b94909d9d9f9d7f3a1fa2225604c8a541a

SHA512
e57d3357cc690318339bbcbd098f25f2421ffff51b672b09eed88e582417dccbb2b1b3b9f59fdc237f831e447414906db9750ad5b1d7b77c94332e3cd192b9a6

Download Submit