ebf2a65417b43ed6faa271b571e68f7b2b8f8ca8fb4291e73d95d76c6f0f2dfa

Analysis

max time kernel
11s
max time network
7s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2024, 00:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4d1a51a7115a786c983aa8bb83071960N.exe
Size

1.2MB
MD5

4d1a51a7115a786c983aa8bb83071960
SHA1

6bf6ad7901b95ed5d252f07cd1693264da2a4260
SHA256

ebf2a65417b43ed6faa271b571e68f7b2b8f8ca8fb4291e73d95d76c6f0f2dfa
SHA512

4f99332d34d1268cf233846df049e058188e72ae7819653c533eab9c7829d2a69ba228586ddb630bee6efe5a97bc67ad0418788e4360b01a05152dde69ecf559
SSDEEP

24576:oWIHiem3rMw4f43HEbi0fzv4KiYPQ8tc9Aw0/um0MnpIeUJWHocn:VICem3ww4g3EbiWwKFPJSQGm0mE5cn

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 8 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	4d1a51a7115a786c983aa8bb83071960N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	4d1a51a7115a786c983aa8bb83071960N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	4d1a51a7115a786c983aa8bb83071960N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	4d1a51a7115a786c983aa8bb83071960N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	4d1a51a7115a786c983aa8bb83071960N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	4d1a51a7115a786c983aa8bb83071960N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	4d1a51a7115a786c983aa8bb83071960N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	4d1a51a7115a786c983aa8bb83071960N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	4d1a51a7115a786c983aa8bb83071960N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\B:	4d1a51a7115a786c983aa8bb83071960N.exe
File opened (read-only)	\??\G:	4d1a51a7115a786c983aa8bb83071960N.exe
File opened (read-only)	\??\O:	4d1a51a7115a786c983aa8bb83071960N.exe
File opened (read-only)	\??\P:	4d1a51a7115a786c983aa8bb83071960N.exe
File opened (read-only)	\??\R:	4d1a51a7115a786c983aa8bb83071960N.exe
File opened (read-only)	\??\T:	4d1a51a7115a786c983aa8bb83071960N.exe
File opened (read-only)	\??\U:	4d1a51a7115a786c983aa8bb83071960N.exe
File opened (read-only)	\??\V:	4d1a51a7115a786c983aa8bb83071960N.exe
File opened (read-only)	\??\X:	4d1a51a7115a786c983aa8bb83071960N.exe
File opened (read-only)	\??\L:	4d1a51a7115a786c983aa8bb83071960N.exe
File opened (read-only)	\??\Y:	4d1a51a7115a786c983aa8bb83071960N.exe
File opened (read-only)	\??\A:	4d1a51a7115a786c983aa8bb83071960N.exe
File opened (read-only)	\??\I:	4d1a51a7115a786c983aa8bb83071960N.exe
File opened (read-only)	\??\J:	4d1a51a7115a786c983aa8bb83071960N.exe
File opened (read-only)	\??\K:	4d1a51a7115a786c983aa8bb83071960N.exe
File opened (read-only)	\??\N:	4d1a51a7115a786c983aa8bb83071960N.exe
File opened (read-only)	\??\Q:	4d1a51a7115a786c983aa8bb83071960N.exe
File opened (read-only)	\??\W:	4d1a51a7115a786c983aa8bb83071960N.exe
File opened (read-only)	\??\E:	4d1a51a7115a786c983aa8bb83071960N.exe
File opened (read-only)	\??\H:	4d1a51a7115a786c983aa8bb83071960N.exe
File opened (read-only)	\??\M:	4d1a51a7115a786c983aa8bb83071960N.exe
File opened (read-only)	\??\S:	4d1a51a7115a786c983aa8bb83071960N.exe
File opened (read-only)	\??\Z:	4d1a51a7115a786c983aa8bb83071960N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\british action catfight titts beautyfull .mpg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\System32\DriverStore\Temp\indian cumshot kicking girls bondage (Sarah).avi.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\danish bukkake nude full movie feet .avi.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\beastiality action sleeping 50+ .rar.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\SysWOW64\FxsTmp\spanish lesbian hidden glans balls .mpeg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\action sleeping .mpg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\fetish bukkake [milf] cock .avi.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\swedish beastiality cum big feet bedroom .mpeg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\SysWOW64\FxsTmp\indian lesbian fetish lesbian ash (Sandy).zip.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\chinese beastiality animal voyeur (Ashley,Kathrin).mpg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\cumshot big .mpg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\black porn bukkake uncut .mpg.exe	4d1a51a7115a786c983aa8bb83071960N.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\canadian nude gang bang licking fishy .zip.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\kicking xxx lesbian (Kathrin).rar.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\cum sperm voyeur glans bedroom .mpg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Program Files (x86)\Google\Temp\norwegian hardcore hot (!) hole 50+ .mpeg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Program Files (x86)\Microsoft\Temp\canadian lesbian blowjob voyeur fishy .zip.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\porn sperm catfight upskirt .mpeg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Program Files\dotnet\shared\beastiality uncut Ôï (Karin).mpeg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\russian hardcore masturbation .mpg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Program Files (x86)\Google\Update\Download\nude kicking full movie legs (Liz,Britney).rar.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\malaysia fucking masturbation black hairunshaved (Ashley,Sarah).mpeg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\brasilian horse horse several models (Christine,Curtney).zip.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\porn hidden cock granny .mpg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\french porn public glans wifey .mpg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\norwegian beastiality kicking masturbation hole .zip.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Program Files\Microsoft Office\root\Templates\indian gay licking cock hotel .mpeg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\blowjob fucking sleeping vagina high heels .mpeg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\italian kicking sperm masturbation feet stockings (Britney,Sonja).mpeg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\horse animal [free] cock .rar.exe	4d1a51a7115a786c983aa8bb83071960N.exe

Drops file in Windows directory 49 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\trambling fetish sleeping ash .mpg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\kicking hot (!) ¼ë (Sandy,Sarah).mpeg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\russian bukkake cumshot several models nipples stockings .rar.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\british gay handjob several models .rar.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\handjob beast hot (!) ejaculation .mpeg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\beast animal big circumcision (Christine).avi.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\lingerie big titts blondie .mpeg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\indian beastiality [bangbus] hole .mpg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\french lingerie trambling big .mpeg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\trambling hidden mistress .mpg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\kicking sperm sleeping mistress (Britney,Karin).mpg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\assembly\temp\african cumshot animal masturbation nipples .avi.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\danish porn big .avi.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\assembly\tmp\norwegian xxx fetish [bangbus] wifey .zip.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\italian bukkake sperm catfight (Sandy,Sandy).avi.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\indian gang bang horse full movie shower (Kathrin,Jenna).zip.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\swedish bukkake sleeping girly (Curtney).avi.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\hardcore porn sleeping granny (Gina).mpg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\british cum big pregnant (Sylvia).mpg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\black action masturbation boobs young (Christine,Gina).zip.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\mssrv.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\indian fucking big .mpeg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\hardcore gang bang [milf] hole penetration .mpeg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\horse sleeping ejaculation .mpeg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\InputMethod\SHARED\horse hardcore several models pregnant .avi.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\SoftwareDistribution\Download\swedish hardcore masturbation ash .avi.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\handjob [milf] .mpeg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\indian sperm licking titts .rar.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\lingerie nude several models balls .rar.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\PLA\Templates\beastiality girls bedroom .avi.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\security\templates\fucking horse [free] ejaculation (Sarah).zip.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\animal hidden blondie (Janette,Sylvia).zip.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\french gay hardcore [bangbus] bedroom .rar.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\african cumshot hardcore licking ash .avi.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\german fucking several models vagina pregnant (Jade).rar.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\tyrkish porn handjob catfight leather .mpeg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\kicking beast masturbation granny .rar.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\action licking nipples .rar.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\norwegian beastiality horse catfight vagina (Christine,Karin).avi.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\african trambling gang bang girls shoes .avi.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\brasilian trambling sperm hot (!) .avi.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\CbsTemp\japanese action full movie .mpg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\handjob hidden hole .zip.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\norwegian beastiality [free] hole .mpg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\indian lesbian [free] .mpg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\asian kicking voyeur pregnant .mpg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\malaysia cumshot hidden fishy (Tatjana,Tatjana).mpeg.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\Downloaded Program Files\asian nude horse full movie boots .zip.exe	4d1a51a7115a786c983aa8bb83071960N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\spanish animal action licking cock .mpeg.exe	4d1a51a7115a786c983aa8bb83071960N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 34 IoCs

pid	Process
368	4d1a51a7115a786c983aa8bb83071960N.exe
368	4d1a51a7115a786c983aa8bb83071960N.exe
2308	4d1a51a7115a786c983aa8bb83071960N.exe
2308	4d1a51a7115a786c983aa8bb83071960N.exe
368	4d1a51a7115a786c983aa8bb83071960N.exe
368	4d1a51a7115a786c983aa8bb83071960N.exe
4500	4d1a51a7115a786c983aa8bb83071960N.exe
4500	4d1a51a7115a786c983aa8bb83071960N.exe
4080	4d1a51a7115a786c983aa8bb83071960N.exe
4080	4d1a51a7115a786c983aa8bb83071960N.exe
2308	4d1a51a7115a786c983aa8bb83071960N.exe
2308	4d1a51a7115a786c983aa8bb83071960N.exe
368	4d1a51a7115a786c983aa8bb83071960N.exe
368	4d1a51a7115a786c983aa8bb83071960N.exe
1920	4d1a51a7115a786c983aa8bb83071960N.exe
1920	4d1a51a7115a786c983aa8bb83071960N.exe
2308	4d1a51a7115a786c983aa8bb83071960N.exe
2308	4d1a51a7115a786c983aa8bb83071960N.exe
4064	4d1a51a7115a786c983aa8bb83071960N.exe
4064	4d1a51a7115a786c983aa8bb83071960N.exe
2372	4d1a51a7115a786c983aa8bb83071960N.exe
2372	4d1a51a7115a786c983aa8bb83071960N.exe
4500	4d1a51a7115a786c983aa8bb83071960N.exe
4500	4d1a51a7115a786c983aa8bb83071960N.exe
368	4d1a51a7115a786c983aa8bb83071960N.exe
368	4d1a51a7115a786c983aa8bb83071960N.exe
3956	4d1a51a7115a786c983aa8bb83071960N.exe
3956	4d1a51a7115a786c983aa8bb83071960N.exe
4080	4d1a51a7115a786c983aa8bb83071960N.exe
4080	4d1a51a7115a786c983aa8bb83071960N.exe
448	4d1a51a7115a786c983aa8bb83071960N.exe
448	4d1a51a7115a786c983aa8bb83071960N.exe
2308	4d1a51a7115a786c983aa8bb83071960N.exe
2308	4d1a51a7115a786c983aa8bb83071960N.exe

Suspicious use of WriteProcessMemory 48 IoCs

description	pid	Process	procid_target
PID 368 wrote to memory of 2308	368	4d1a51a7115a786c983aa8bb83071960N.exe	86
PID 368 wrote to memory of 2308	368	4d1a51a7115a786c983aa8bb83071960N.exe	86
PID 368 wrote to memory of 2308	368	4d1a51a7115a786c983aa8bb83071960N.exe	86
PID 2308 wrote to memory of 4500	2308	4d1a51a7115a786c983aa8bb83071960N.exe	87
PID 2308 wrote to memory of 4500	2308	4d1a51a7115a786c983aa8bb83071960N.exe	87
PID 2308 wrote to memory of 4500	2308	4d1a51a7115a786c983aa8bb83071960N.exe	87
PID 368 wrote to memory of 4080	368	4d1a51a7115a786c983aa8bb83071960N.exe	88
PID 368 wrote to memory of 4080	368	4d1a51a7115a786c983aa8bb83071960N.exe	88
PID 368 wrote to memory of 4080	368	4d1a51a7115a786c983aa8bb83071960N.exe	88
PID 2308 wrote to memory of 1920	2308	4d1a51a7115a786c983aa8bb83071960N.exe	89
PID 2308 wrote to memory of 1920	2308	4d1a51a7115a786c983aa8bb83071960N.exe	89
PID 2308 wrote to memory of 1920	2308	4d1a51a7115a786c983aa8bb83071960N.exe	89
PID 4500 wrote to memory of 4064	4500	4d1a51a7115a786c983aa8bb83071960N.exe	90
PID 4500 wrote to memory of 4064	4500	4d1a51a7115a786c983aa8bb83071960N.exe	90
PID 4500 wrote to memory of 4064	4500	4d1a51a7115a786c983aa8bb83071960N.exe	90
PID 368 wrote to memory of 2372	368	4d1a51a7115a786c983aa8bb83071960N.exe	91
PID 368 wrote to memory of 2372	368	4d1a51a7115a786c983aa8bb83071960N.exe	91
PID 368 wrote to memory of 2372	368	4d1a51a7115a786c983aa8bb83071960N.exe	91
PID 4080 wrote to memory of 3956	4080	4d1a51a7115a786c983aa8bb83071960N.exe	92
PID 4080 wrote to memory of 3956	4080	4d1a51a7115a786c983aa8bb83071960N.exe	92
PID 4080 wrote to memory of 3956	4080	4d1a51a7115a786c983aa8bb83071960N.exe	92
PID 2308 wrote to memory of 448	2308	4d1a51a7115a786c983aa8bb83071960N.exe	93
PID 2308 wrote to memory of 448	2308	4d1a51a7115a786c983aa8bb83071960N.exe	93
PID 2308 wrote to memory of 448	2308	4d1a51a7115a786c983aa8bb83071960N.exe	93
PID 1920 wrote to memory of 2600	1920	4d1a51a7115a786c983aa8bb83071960N.exe	94
PID 1920 wrote to memory of 2600	1920	4d1a51a7115a786c983aa8bb83071960N.exe	94
PID 1920 wrote to memory of 2600	1920	4d1a51a7115a786c983aa8bb83071960N.exe	94
PID 4500 wrote to memory of 1364	4500	4d1a51a7115a786c983aa8bb83071960N.exe	95
PID 4500 wrote to memory of 1364	4500	4d1a51a7115a786c983aa8bb83071960N.exe	95
PID 4500 wrote to memory of 1364	4500	4d1a51a7115a786c983aa8bb83071960N.exe	95
PID 368 wrote to memory of 1112	368	4d1a51a7115a786c983aa8bb83071960N.exe	96
PID 368 wrote to memory of 1112	368	4d1a51a7115a786c983aa8bb83071960N.exe	96
PID 368 wrote to memory of 1112	368	4d1a51a7115a786c983aa8bb83071960N.exe	96
PID 4064 wrote to memory of 1420	4064	4d1a51a7115a786c983aa8bb83071960N.exe	97
PID 4064 wrote to memory of 1420	4064	4d1a51a7115a786c983aa8bb83071960N.exe	97
PID 4064 wrote to memory of 1420	4064	4d1a51a7115a786c983aa8bb83071960N.exe	97
PID 4080 wrote to memory of 4536	4080	4d1a51a7115a786c983aa8bb83071960N.exe	98
PID 4080 wrote to memory of 4536	4080	4d1a51a7115a786c983aa8bb83071960N.exe	98
PID 4080 wrote to memory of 4536	4080	4d1a51a7115a786c983aa8bb83071960N.exe	98
PID 2372 wrote to memory of 3588	2372	4d1a51a7115a786c983aa8bb83071960N.exe	99
PID 2372 wrote to memory of 3588	2372	4d1a51a7115a786c983aa8bb83071960N.exe	99
PID 2372 wrote to memory of 3588	2372	4d1a51a7115a786c983aa8bb83071960N.exe	99
PID 3956 wrote to memory of 3760	3956	4d1a51a7115a786c983aa8bb83071960N.exe	100
PID 3956 wrote to memory of 3760	3956	4d1a51a7115a786c983aa8bb83071960N.exe	100
PID 3956 wrote to memory of 3760	3956	4d1a51a7115a786c983aa8bb83071960N.exe	100
PID 2308 wrote to memory of 2340	2308	4d1a51a7115a786c983aa8bb83071960N.exe	101
PID 2308 wrote to memory of 2340	2308	4d1a51a7115a786c983aa8bb83071960N.exe	101
PID 2308 wrote to memory of 2340	2308	4d1a51a7115a786c983aa8bb83071960N.exe	101

C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
"C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:368
- C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
  "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2308
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4500
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:4064
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:1420
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:3808
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:6064
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:11288
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:16040
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:8064
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:3740
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:11372
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:16196
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:5668
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:8940
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:19912
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:11772
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:16888
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:7208
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:15028
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:9628
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:13980
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:18644
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:4872
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        8⤵
        
        PID:18876
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:11740
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:16772
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:6800
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:15072
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:9676
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:14124
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:19552
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:5248
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:7476
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:15308
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:10156
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:15228
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:6612
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:13056
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:18944
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:8884
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:11748
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:16784
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:1364
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:3148
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:12844
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:18096
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:19860
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:11236
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:15656
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:5348
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:20164
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:11788
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:16896
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:6992
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:14308
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:19836
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:9584
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:13580
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:19044
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:1096
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:5328
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:8024
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:18064
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:11204
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:15876
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:6888
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:14720
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:19536
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:9056
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:20040
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:12232
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:17460
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:1412
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:6536
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:13268
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:18400
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:9000
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:20148
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:11732
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:16764
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:5828
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:12832
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:18224
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:8332
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:19888
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:11400
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:16208
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1920
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:2600
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:4464
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:5984
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:11032
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:15488
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:15024
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:10664
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:15400
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:5360
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:8132
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:18072
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:11380
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:16232
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:6928
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:14740
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:5388
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:9232
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:11620
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:17496
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:2796
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:5164
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:8072
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:18112
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:11364
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:16280
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:6500
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:12368
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:18684
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:8844
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:12192
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:17452
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:1028
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:6840
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:14624
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:20304
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:7708
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:11856
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:16992
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:5488
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:11980
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:17744
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:8304
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:19228
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:10028
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:15848
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:448
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:1404
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:1348
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:7152
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:14748
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:19576
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:9048
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:12224
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:16916
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:6220
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:11972
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:17504
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:8360
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:19096
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:11464
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:2908
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:2860
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:6808
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:3608
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:18676
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:6012
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:10308
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:17524
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:6072
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:11312
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:16244
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:7992
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:18320
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:11192
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:15632
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:2340
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:3372
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:6428
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:12824
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:17908
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:8764
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:19904
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:11708
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:16708
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:5952
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:11768
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:17532
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:7516
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:15196
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:10776
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:15496
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:4948
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:6440
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:13284
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:18440
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:8792
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:19896
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:11716
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:16724
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:5932
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:11020
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:15480
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:7816
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:15088
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:10456
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:14888
- C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
  "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4080
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3956
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:3760
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:2572
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:6056
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:12872
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:18412
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:8352
        
        C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        7⤵
        
        PID:20196
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:11472
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:1436
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:5696
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:9248
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:12248
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:16924
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:7176
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:14712
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:19544
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:9600
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:12816
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:18172
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:5660
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:8916
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:11844
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:17256
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:7184
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:15724
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:9608
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:13888
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:19416
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:3132
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:8040
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:18392
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:11212
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:15828
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:6480
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:14292
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:19844
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:8672
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:1212
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:11692
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:16700
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:4536
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:1584
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:6108
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:11872
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:17736
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:8344
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:4416
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:11408
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:16288
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:5440
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:8016
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:19880
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:11244
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:15664
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:7008
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:14960
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:9592
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:12128
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:17512
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:5608
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:8080
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:18328
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:11440
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:1576
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:7192
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:14300
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:19828
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:9616
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:12392
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:18692
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:808
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:7084
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:14316
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:19676
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:9576
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:13596
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:18924
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:6464
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:13292
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:3964
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:8992
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:20316
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:11724
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:16880
- C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
  "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2372
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:3588
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:2436
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:5944
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:12736
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:18340
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:7500
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:16064
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:9668
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:14088
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:19508
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:5380
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:8104
      - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        6⤵
        
        PID:2296
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:11416
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:16272
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:6960
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:14348
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:19920
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:9240
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:12184
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:17400
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:1808
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:5904
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:9552
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:12712
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:18104
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:7340
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:16056
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:9636
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:13896
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:19428
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:5156
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:7200
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:15036
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:9648
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:13904
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:19332
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:6512
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:13276
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:18448
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:8924
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:20156
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:12464
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:17484
- C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
  "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
  2⤵
  PID:1112
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:2820
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:6016
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:11096
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:15640
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:7932
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:1960
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:11144
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:15648
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:5392
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:8756
    - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
        5⤵
        
        PID:5048
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:11700
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:16716
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:6968
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:14728
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:5292
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:9508
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:12240
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:17468
- C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
  "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
  2⤵
  PID:1532
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:5796
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:10148
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:14912
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:7324
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:15080
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:9660
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:14080
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:19700
- C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
  "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
  2⤵
  PID:4000
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:7076
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:14756
  - - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
      "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
      4⤵
      PID:5416
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:7704
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:11256
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:17476
- C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
  "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
  2⤵
  PID:6472
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:13588
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:18932
- C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
  "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
  2⤵
  PID:8660
- - C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
    "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
    3⤵
    PID:2440
- C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
  "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
  2⤵
  PID:11680
- C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe
  "C:\Users\Admin\AppData\Local\Temp\4d1a51a7115a786c983aa8bb83071960N.exe"
  2⤵
  PID:16492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\italian kicking sperm masturbation feet stockings (Britney,Sonja).mpeg.exe

Filesize
1.3MB

MD5
bd3689848052d2e907ddeb1db3079ac8

SHA1
efde77f1cb34fdead750f6440611c31e14efaddc

SHA256
5714de939adc7893913ccb461ee42b95a6bf2a511d5f1d9ef0020d83128f3c83

SHA512
a86f2433f9357e8cf202a88e892f2160c057d53f793d6e5705f53072fd2076d0a0d4c475f52929c735e49d2dc5b5fe9101f03c28ad1a9290d299efb6247ce7b0

Download Submit
memory/368-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/448-233-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/808-257-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1028-255-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1096-242-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1112-236-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1348-254-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1364-235-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1404-240-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1412-256-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1584-248-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1920-215-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2308-27-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2340-239-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2436-247-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2572-250-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2600-234-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2692-243-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2796-241-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2860-253-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3024-244-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3372-252-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3588-238-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3808-249-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3956-219-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4000-258-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4464-246-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4500-199-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4536-237-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4872-245-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4948-251-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5156-259-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5164-260-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5248-261-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5328-262-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5360-263-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5380-264-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5392-265-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5440-266-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5488-276-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5608-267-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5624-268-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5660-269-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5668-270-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5828-277-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6016-275-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6032-271-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6056-272-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6064-273-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6072-274-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6220-278-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6472-279-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6536-280-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6612-281-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6808-282-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6840-283-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6888-284-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6960-285-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6968-286-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6992-287-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7008-288-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7076-290-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7152-289-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7192-291-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7200-292-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7208-293-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7324-294-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7476-295-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7508-297-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7516-296-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7816-298-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7992-300-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8008-302-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8016-299-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8024-303-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8040-305-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8064-301-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8072-307-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8104-304-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8132-306-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8332-308-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8344-309-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8352-310-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8360-311-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8756-314-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8764-315-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8792-312-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8844-313-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8884-323-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8916-316-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8932-317-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8940-318-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8948-319-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8992-320-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9000-321-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9056-322-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download