2449f196b1e25b775ce4ea85a9cb5e312df562ae9aa3d9f89904afa1cf6b41b5

Analysis

max time kernel
14s
max time network
89s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19-07-2024 03:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
Size

1.8MB
MD5

460fd0d2d9c16c0ce4aef30ec6ec0cf0
SHA1

f4622057fee985ef578f14a22b5936d50990ff5c
SHA256

2449f196b1e25b775ce4ea85a9cb5e312df562ae9aa3d9f89904afa1cf6b41b5
SHA512

57ac12fd40d5e292f1ecba2470cffe09c4ba1bc9fcfba4fba64d5a9e04f0ff247a196804089d74d9d2a7c20b5791a9de3a6625337b58483db7b246c5765fea81
SSDEEP

49152:hJ3I6U92O3FHJs0bQbi02V1MMcuYB6Qu3ndCco5IFrzzxQ1cSR1:f46U91Js0Qbi91MMcuwu3dg5qrPA1R1

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 25 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\M:	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File opened (read-only)	\??\N:	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File opened (read-only)	\??\Q:	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File opened (read-only)	\??\R:	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File opened (read-only)	\??\S:	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File opened (read-only)	\??\X:	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File opened (read-only)	\??\B:	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File opened (read-only)	\??\L:	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File opened (read-only)	\??\Z:	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File opened (read-only)	\??\V:	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File opened (read-only)	\??\W:	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File opened (read-only)	\??\E:	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File opened (read-only)	\??\K:	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File opened (read-only)	\??\J:	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File opened (read-only)	\??\P:	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File opened (read-only)	\??\T:	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File opened (read-only)	\??\U:	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File opened (read-only)	\??\Y:	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File opened (read-only)	\??\A:	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File opened (read-only)	\??\I:	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File opened (read-only)	\??\O:	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File opened (read-only)	\??\G:	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File opened (read-only)	\??\H:	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\IME\SHARED\tyrkish nude bukkake hot (!) .rar.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\malaysia xxx [bangbus] shower (Sarah,Kathrin).mpeg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\System32\DriverStore\Temp\bukkake several models glans bondage .mpg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\beastiality girls hole beautyfull .zip.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\black cumshot gang bang masturbation titts .rar.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\handjob licking feet castration .avi.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\cum voyeur castration (Jenna,Gina).rar.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\brasilian horse public traffic .zip.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\russian horse cumshot licking glans ash (Samantha,Sarah).mpeg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\british beastiality full movie tß .avi.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\kicking licking shower .mpeg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\animal bukkake public cock .zip.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe

Drops file in Program Files directory 19 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\fucking lesbian sm .mpeg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Program Files\Common Files\microsoft shared\spanish gang bang full movie wifey .zip.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Program Files\dotnet\shared\spanish bukkake horse public mature .rar.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Program Files\Microsoft Office\root\Templates\bukkake licking (Kathrin,Janette).zip.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\lesbian hardcore [free] cock shoes (Janette).mpg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\porn several models 40+ .mpeg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\norwegian sperm fucking several models nipples .mpeg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\italian sperm beast public nipples hairy .zip.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\asian handjob handjob girls .mpg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\horse beast hidden redhair .rar.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\american kicking hidden shoes (Ashley,Karin).mpg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\fetish hot (!) balls .avi.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Program Files (x86)\Microsoft\Temp\swedish horse lesbian licking cock beautyfull .mpeg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\brasilian fucking hidden .mpg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Program Files (x86)\Google\Temp\cumshot lingerie [bangbus] .rar.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8898.tmp\lingerie sperm several models 40+ (Sarah,Melissa).mpeg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\gay horse licking penetration .avi.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Program Files (x86)\Google\Update\Download\blowjob hardcore several models (Christine).zip.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\horse cumshot catfight (Jade).mpeg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\gang bang cumshot girls glans sweet (Janette).mpg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\hardcore [bangbus] wifey (Ashley,Curtney).mpeg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\black fucking handjob sleeping ash 40+ .mpg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\beastiality masturbation .avi.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\black trambling gay full movie .rar.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\security\templates\danish cum big latex .zip.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\horse fucking [free] titts blondie .mpeg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\xxx girls sweet (Jade,Tatjana).rar.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\handjob horse catfight sm .zip.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\japanese beast full movie (Sonja).mpg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\blowjob sleeping (Sonja,Liz).rar.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\chinese cum licking .rar.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\british cum uncut castration .rar.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\spanish trambling bukkake uncut mature .mpg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\asian action uncut hole .zip.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\InputMethod\SHARED\asian fetish lesbian .avi.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\norwegian porn several models (Anniston,Britney).avi.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\porn hidden boobs (Jade,Tatjana).zip.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\handjob licking .zip.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\gang bang handjob big titts (Gina,Jenna).mpg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\british cumshot several models ash shoes .mpeg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\japanese fetish lesbian uncut (Ashley,Jade).rar.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\spanish gay gay several models (Sonja,Melissa).avi.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\british horse lesbian ash black hairunshaved .avi.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\xxx lesbian hidden .avi.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\norwegian handjob sperm catfight traffic .mpeg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\african horse nude hidden titts black hairunshaved (Jenna,Tatjana).rar.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\black action lesbian nipples .rar.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\SoftwareDistribution\Download\italian lesbian bukkake several models .rar.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\danish blowjob action [bangbus] beautyfull .mpg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\indian handjob beast [free] mistress (Sylvia).mpeg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\blowjob several models .avi.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\horse hidden ash .avi.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\brasilian action catfight .avi.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\spanish cumshot kicking [milf] bondage (Sandy,Gina).mpg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\african trambling [milf] titts .zip.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\french action lesbian [free] black hairunshaved (Sandy,Tatjana).avi.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\british animal sperm hidden .rar.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\german beastiality [bangbus] bedroom (Jenna).rar.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\lesbian hot (!) bedroom (Sonja,Karin).mpg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\swedish lesbian licking .rar.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\spanish trambling hot (!) titts .mpeg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\CbsTemp\african kicking beast [bangbus] beautyfull .rar.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\canadian xxx hidden .zip.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\japanese horse bukkake big vagina (Britney,Liz).mpeg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\black action big .mpg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\american gay horse [bangbus] titts leather .avi.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\Downloaded Program Files\canadian lesbian beastiality voyeur (Anniston,Tatjana).zip.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\british trambling trambling masturbation stockings .mpg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\french gang bang nude [free] hole beautyfull .avi.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\assembly\tmp\gay beast uncut legs .zip.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\spanish cumshot hardcore full movie wifey (Sandy,Britney).mpeg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\assembly\temp\german horse catfight .mpg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\german action [milf] (Samantha).mpeg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\spanish beastiality sleeping .avi.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\canadian trambling xxx several models ash boots .rar.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\brasilian bukkake hot (!) circumcision (Ashley).zip.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\bukkake full movie girly .zip.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\russian cumshot beast girls mature (Janette).mpg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\blowjob hidden nipples .avi.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\mssrv.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\trambling full movie .zip.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\horse fucking [free] redhair (Britney).mpg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\german fucking fucking catfight vagina .mpeg.exe	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2716	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
2716	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
1004	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
1004	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
2716	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
2716	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
1768	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
1768	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
2716	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
2716	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
4692	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
4692	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
1004	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
1004	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
2404	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
2404	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
116	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
116	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
3636	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
3636	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
1768	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
1768	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
2716	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
2716	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
3256	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
3256	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
1004	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
1004	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
4692	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
4692	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
4004	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
4004	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
3660	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
3660	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
544	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
544	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
2404	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
2404	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
1768	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
1768	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
2716	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
2716	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
2284	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
2284	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
952	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
952	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
3656	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
3656	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
4692	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
4692	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
116	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
116	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
1004	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
4020	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
1004	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
4020	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
3636	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
3636	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
4320	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
4320	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
3256	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
3256	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
1592	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
1592	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2716 wrote to memory of 1004	2716	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	87
PID 2716 wrote to memory of 1004	2716	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	87
PID 2716 wrote to memory of 1004	2716	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	87
PID 2716 wrote to memory of 1768	2716	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	92
PID 2716 wrote to memory of 1768	2716	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	92
PID 2716 wrote to memory of 1768	2716	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	92
PID 1004 wrote to memory of 4692	1004	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	93
PID 1004 wrote to memory of 4692	1004	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	93
PID 1004 wrote to memory of 4692	1004	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	93
PID 1768 wrote to memory of 2404	1768	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	95
PID 1768 wrote to memory of 2404	1768	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	95
PID 1768 wrote to memory of 2404	1768	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	95
PID 2716 wrote to memory of 116	2716	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	96
PID 2716 wrote to memory of 116	2716	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	96
PID 2716 wrote to memory of 116	2716	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	96
PID 1004 wrote to memory of 3636	1004	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	97
PID 1004 wrote to memory of 3636	1004	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	97
PID 1004 wrote to memory of 3636	1004	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	97
PID 4692 wrote to memory of 3256	4692	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	98
PID 4692 wrote to memory of 3256	4692	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	98
PID 4692 wrote to memory of 3256	4692	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	98
PID 2404 wrote to memory of 544	2404	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	99
PID 2404 wrote to memory of 544	2404	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	99
PID 2404 wrote to memory of 544	2404	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	99
PID 1768 wrote to memory of 3660	1768	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	100
PID 1768 wrote to memory of 3660	1768	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	100
PID 1768 wrote to memory of 3660	1768	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	100
PID 2716 wrote to memory of 4004	2716	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	101
PID 2716 wrote to memory of 4004	2716	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	101
PID 2716 wrote to memory of 4004	2716	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	101
PID 1004 wrote to memory of 2284	1004	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	102
PID 1004 wrote to memory of 2284	1004	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	102
PID 1004 wrote to memory of 2284	1004	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	102
PID 116 wrote to memory of 952	116	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	103
PID 116 wrote to memory of 952	116	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	103
PID 116 wrote to memory of 952	116	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	103
PID 4692 wrote to memory of 3656	4692	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	104
PID 4692 wrote to memory of 3656	4692	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	104
PID 4692 wrote to memory of 3656	4692	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	104
PID 3636 wrote to memory of 4020	3636	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	105
PID 3636 wrote to memory of 4020	3636	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	105
PID 3636 wrote to memory of 4020	3636	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	105
PID 3256 wrote to memory of 4320	3256	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	106
PID 3256 wrote to memory of 4320	3256	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	106
PID 3256 wrote to memory of 4320	3256	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	106
PID 2404 wrote to memory of 4624	2404	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	108
PID 2404 wrote to memory of 4624	2404	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	108
PID 2404 wrote to memory of 4624	2404	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	108
PID 1768 wrote to memory of 1592	1768	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	109
PID 1768 wrote to memory of 1592	1768	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	109
PID 1768 wrote to memory of 1592	1768	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	109
PID 2716 wrote to memory of 5040	2716	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	110
PID 2716 wrote to memory of 5040	2716	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	110
PID 2716 wrote to memory of 5040	2716	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	110
PID 4004 wrote to memory of 1664	4004	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	111
PID 4004 wrote to memory of 1664	4004	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	111
PID 4004 wrote to memory of 1664	4004	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	111
PID 3660 wrote to memory of 1068	3660	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	112
PID 3660 wrote to memory of 1068	3660	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	112
PID 3660 wrote to memory of 1068	3660	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	112
PID 1004 wrote to memory of 4044	1004	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	113
PID 1004 wrote to memory of 4044	1004	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	113
PID 1004 wrote to memory of 4044	1004	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	113
PID 116 wrote to memory of 3524	116	460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe	114

C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
"C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2716
- C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
  "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1004
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4692
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3256
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:4320
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:13564
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:5492
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:15556
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:17840
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:13492
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:9116
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:15564
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:2128
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:13972
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:4352
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:15640
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:5444
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:13672
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:5652
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:15840
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:5860
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:13696
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:8156
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:13144
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:11304
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:15232
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:3656
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:4460
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:15540
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:5468
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:13868
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:5684
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:17636
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:5900
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:17644
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:8180
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:13080
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:11252
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:13448
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      Checks computer location settings
      PID:992
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:5420
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:13456
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:5644
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:11832
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:15244
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:5868
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:17848
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:8172
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:13128
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:11272
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:13964
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:5232
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:13904
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:5604
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:11356
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:15508
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:5820
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:13796
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:8124
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:12952
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:11260
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:13764
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3636
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4020
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:4232
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:15664
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:5484
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:13680
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:5700
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:11660
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:15252
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:5916
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:13416
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:8148
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:13188
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:11324
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:14560
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      Checks computer location settings
      PID:1324
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:5360
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:15516
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:5620
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:11760
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:15260
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:5836
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:15432
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:8164
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:13160
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:11296
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:13772
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:5240
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:13804
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:5596
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:15572
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:5812
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:17620
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:8100
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:13656
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:11332
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:14748
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:2284
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:1588
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:13524
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:5460
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:13540
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:5668
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:13432
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:5884
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:13744
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:8140
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:13180
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:11280
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:13980
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    - Checks computer location settings
    PID:4044
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:5388
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:13532
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:5628
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:11892
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:15084
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:5844
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:13936
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:8356
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:13424
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:1856
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:13928
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:5200
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:13836
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:5572
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:11784
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:15316
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:5788
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:13580
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:8056
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:12748
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:2392
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:14488
- C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
  "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1768
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2404
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:544
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:4416
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:5452
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:13516
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:5676
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:11800
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:15028
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:13828
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:8388
        
        C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        7⤵
        
        PID:12944
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:4868
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:15092
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:5216
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:15532
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:5588
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:13556
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:5804
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:13852
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:7592
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:13704
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:9616
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:4960
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:14552
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      Checks computer location settings
      PID:4624
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:5160
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:15376
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:5548
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:11776
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:14756
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:5764
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:15588
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:7984
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:13152
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:11348
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:16648
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:5124
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:13844
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:5524
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:15524
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:5740
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:16020
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:7848
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:13336
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:10508
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:17836
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:7536
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:14300
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3660
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      Checks computer location settings
      PID:1068
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:5248
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:13400
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:11816
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:15036
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:5828
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:15424
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:8108
      - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        6⤵
        
        PID:13136
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:3244
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:15224
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:5180
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:13948
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:5556
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:15656
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:5772
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:15596
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:8044
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:13120
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:11340
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:13920
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:1592
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:5020
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:15548
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:5508
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:11848
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:16484
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:5724
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:11432
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:14732
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:7620
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:13500
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:9788
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:9652
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:13884
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:1508
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:13508
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:5516
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:17604
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:5732
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:11768
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:15744
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:7612
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:13464
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:9748
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:17652
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:11216
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:13876
- C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
  "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:116
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:952
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:4356
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:13664
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:5476
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:13648
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:5692
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:13860
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:5908
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:17628
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:9380
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:2488
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:2604
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:13788
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    - Checks computer location settings
    PID:3524
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:5428
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:13612
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:5636
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:11824
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:16640
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:5852
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:13548
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:8116
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:12192
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:17596
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:4260
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:13780
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:5224
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:13440
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:5580
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:11640
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:15680
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:5796
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:15672
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:8064
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:13408
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:11288
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:13756
- C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
  "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4004
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    - Checks computer location settings
    PID:1664
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:5436
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:13820
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:5660
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:17588
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:5876
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:11612
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:3444
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:8132
    - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
        5⤵
        
        PID:13172
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:11248
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:13956
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:5168
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:13588
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:5564
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:11840
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:15072
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:5780
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:11648
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:15100
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:7576
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:13640
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:9608
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:1088
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:13912
- C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
  "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
  2⤵
  - Checks computer location settings
  PID:5040
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:5152
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:13892
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:5540
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:13812
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:5756
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:11808
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:15148
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:7712
  - - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
      "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
      4⤵
      PID:1812
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:9948
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:8092
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:14452
- C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
  "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
  2⤵
  PID:5144
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:15648
- C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
  "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
  2⤵
  PID:5532
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:11792
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:16160
- C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
  "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
  2⤵
  PID:5748
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:15580
- C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
  "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
  2⤵
  PID:7976
- - C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
    "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
    3⤵
    PID:13572
- C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
  "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
  2⤵
  PID:11312
- C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe
  "C:\Users\Admin\AppData\Local\Temp\460fd0d2d9c16c0ce4aef30ec6ec0cf0N.exe"
  2⤵
  PID:15632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\italian sperm beast public nipples hairy .zip.exe

Filesize
120KB

MD5
c3b7732a181a640ef5b8f048f735cdd6

SHA1
bfdc8d7143229b77e2a2795968ff49e13785f4b3

SHA256
6d428b0f6baded4b5b74d836f5751558a9c215c5e414c242752beff0560ea32e

SHA512
3074db495431a27b30c5f43512bf9beb3e1c06b8ecfb3beccb48d834264dcbee4417752fc95bd4f33b05ee79ceb6ee44f47c81914da07391bbb5191065a95aa8

Download Submit