fda2e11a71dedf7ecc3ab7fa2eb181ea0dc3ba856842de99d95f08f4252611e5

Analysis

max time kernel
15s
max time network
117s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 04:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4e420d4b113dc1794099f3abcaad68c0N.exe
Size

1.1MB
MD5

4e420d4b113dc1794099f3abcaad68c0
SHA1

1dec72c2e4dd083b0217810807613a186b38409a
SHA256

fda2e11a71dedf7ecc3ab7fa2eb181ea0dc3ba856842de99d95f08f4252611e5
SHA512

e4c31219d043a3d702cbcf29c9df5ae553c8998ec48c98a802cda963ef301c292d53104e66efb0ab8e41d7123651740c4952b3212b041d79e930e6c542afaf9f
SSDEEP

24576:SM26fscPi66t0geCzgLFuxF7kwkqx3EXcELsRgeUCFtk5coiRHMbZ5i:O6fscPV6bzgLFENkDqxU4UCfk8RHMS

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	4e420d4b113dc1794099f3abcaad68c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	4e420d4b113dc1794099f3abcaad68c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	4e420d4b113dc1794099f3abcaad68c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	4e420d4b113dc1794099f3abcaad68c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	4e420d4b113dc1794099f3abcaad68c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	4e420d4b113dc1794099f3abcaad68c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	4e420d4b113dc1794099f3abcaad68c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	4e420d4b113dc1794099f3abcaad68c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	4e420d4b113dc1794099f3abcaad68c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	4e420d4b113dc1794099f3abcaad68c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	4e420d4b113dc1794099f3abcaad68c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	4e420d4b113dc1794099f3abcaad68c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	4e420d4b113dc1794099f3abcaad68c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	4e420d4b113dc1794099f3abcaad68c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	4e420d4b113dc1794099f3abcaad68c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	4e420d4b113dc1794099f3abcaad68c0N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/916-0-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/files/0x000700000002344d-5.dat	upx
behavioral2/memory/668-72-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2616-166-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2912-165-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3592-184-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1564-186-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4012-185-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5008-187-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5072-188-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4448-189-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3800-191-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3132-190-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2312-192-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1856-194-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/448-195-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/916-193-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4872-197-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/668-196-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4200-202-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2612-201-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2912-199-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2616-200-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/396-207-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1564-206-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4012-205-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3592-203-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4108-204-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1364-211-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3264-210-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3392-216-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4448-215-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4588-214-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3012-213-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5072-212-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5008-208-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1732-209-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3132-217-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1140-219-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3800-218-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2312-220-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3404-221-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/448-223-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/1856-222-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5028-224-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2620-226-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4872-225-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3464-229-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4200-228-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2612-227-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4108-233-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5136-250-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5160-253-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3404-257-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5152-252-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/5144-251-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3392-249-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3752-248-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4588-247-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3012-246-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2428-245-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/3444-244-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/2640-243-0x0000000000400000-0x000000000041F000-memory.dmp	upx
behavioral2/memory/4068-242-0x0000000000400000-0x000000000041F000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	4e420d4b113dc1794099f3abcaad68c0N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\K:	4e420d4b113dc1794099f3abcaad68c0N.exe
File opened (read-only)	\??\N:	4e420d4b113dc1794099f3abcaad68c0N.exe
File opened (read-only)	\??\T:	4e420d4b113dc1794099f3abcaad68c0N.exe
File opened (read-only)	\??\E:	4e420d4b113dc1794099f3abcaad68c0N.exe
File opened (read-only)	\??\G:	4e420d4b113dc1794099f3abcaad68c0N.exe
File opened (read-only)	\??\U:	4e420d4b113dc1794099f3abcaad68c0N.exe
File opened (read-only)	\??\Q:	4e420d4b113dc1794099f3abcaad68c0N.exe
File opened (read-only)	\??\S:	4e420d4b113dc1794099f3abcaad68c0N.exe
File opened (read-only)	\??\I:	4e420d4b113dc1794099f3abcaad68c0N.exe
File opened (read-only)	\??\L:	4e420d4b113dc1794099f3abcaad68c0N.exe
File opened (read-only)	\??\V:	4e420d4b113dc1794099f3abcaad68c0N.exe
File opened (read-only)	\??\Y:	4e420d4b113dc1794099f3abcaad68c0N.exe
File opened (read-only)	\??\A:	4e420d4b113dc1794099f3abcaad68c0N.exe
File opened (read-only)	\??\H:	4e420d4b113dc1794099f3abcaad68c0N.exe
File opened (read-only)	\??\M:	4e420d4b113dc1794099f3abcaad68c0N.exe
File opened (read-only)	\??\O:	4e420d4b113dc1794099f3abcaad68c0N.exe
File opened (read-only)	\??\P:	4e420d4b113dc1794099f3abcaad68c0N.exe
File opened (read-only)	\??\R:	4e420d4b113dc1794099f3abcaad68c0N.exe
File opened (read-only)	\??\W:	4e420d4b113dc1794099f3abcaad68c0N.exe
File opened (read-only)	\??\X:	4e420d4b113dc1794099f3abcaad68c0N.exe
File opened (read-only)	\??\B:	4e420d4b113dc1794099f3abcaad68c0N.exe
File opened (read-only)	\??\J:	4e420d4b113dc1794099f3abcaad68c0N.exe
File opened (read-only)	\??\Z:	4e420d4b113dc1794099f3abcaad68c0N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\FxsTmp\russian cum gay hot (!) swallow .avi.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\russian action trambling [free] hole .mpeg.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\japanese kicking lingerie catfight titts bedroom (Janette).mpg.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\lingerie public hole (Sonja,Samantha).mpeg.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\american animal blowjob lesbian feet .mpg.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\italian gang bang horse hot (!) titts .rar.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\gay [milf] cock hotel .mpeg.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\indian nude lingerie hot (!) mistress (Kathrin,Janette).avi.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\italian kicking beast [free] titts redhair (Melissa).rar.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\indian fetish blowjob lesbian hole hairy .mpg.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\italian animal lingerie masturbation (Tatjana).avi.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\System32\DriverStore\Temp\russian cum lingerie catfight ¼ë .zip.exe	4e420d4b113dc1794099f3abcaad68c0N.exe

Drops file in Program Files directory 17 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\tyrkish handjob trambling public hole ash .mpeg.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\italian handjob sperm [milf] beautyfull .rar.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Program Files\Common Files\microsoft shared\beast uncut .mpg.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Program Files\dotnet\shared\tyrkish nude gay licking hotel .rar.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\american cumshot hardcore big bedroom .rar.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\xxx hot (!) blondie .avi.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\tyrkish cum lesbian public stockings .mpeg.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Program Files (x86)\Google\Update\Download\beast public latex .zip.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\russian horse blowjob catfight bondage .mpg.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Program Files\Microsoft Office\root\Templates\italian porn fucking masturbation feet lady .avi.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\swedish animal hardcore several models .zip.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\german xxx voyeur .mpg.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\tyrkish fetish trambling girls titts latex .mpeg.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Program Files (x86)\Google\Temp\xxx [free] cock penetration (Jade).rar.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\brasilian action bukkake hot (!) fishy .zip.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\lingerie [milf] cock sm (Melissa).mpg.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\lesbian full movie mature .zip.exe	4e420d4b113dc1794099f3abcaad68c0N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\assembly\temp\swedish cum hardcore masturbation bedroom .mpg.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\chinese gay hot (!) glans shower .zip.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\canadian trambling licking hole ejaculation .rar.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\blowjob hot (!) titts sm (Sarah).rar.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\swedish handjob hardcore several models .mpeg.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\spanish beast [bangbus] feet traffic .zip.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\porn horse [free] (Tatjana).zip.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\african trambling [milf] .rar.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\horse [bangbus] young .mpg.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\asian horse sleeping glans .zip.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\cum lesbian [milf] cock ejaculation (Janette).zip.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\norwegian beast public .mpeg.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\african beast [free] high heels .rar.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\canadian xxx hot (!) .avi.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\chinese fucking masturbation boots (Jenna,Samantha).avi.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\handjob fucking uncut titts .rar.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\assembly\tmp\fucking catfight cock (Anniston,Samantha).avi.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\tyrkish handjob gay several models (Tatjana).mpg.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\indian nude horse [bangbus] .mpg.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\animal xxx sleeping 40+ .rar.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\brasilian horse lingerie full movie cock 40+ .mpeg.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\xxx public .rar.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\chinese horse [free] .avi.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\russian handjob trambling voyeur .mpg.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\trambling [milf] hole pregnant .mpg.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\malaysia horse public shoes .rar.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\cum xxx sleeping Ôï .zip.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\malaysia xxx voyeur .zip.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\swedish kicking horse [bangbus] .zip.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\french trambling [milf] blondie .mpeg.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\tyrkish handjob beast public .mpg.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\british beast catfight shoes (Gina,Karin).mpg.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\lingerie hidden pregnant .avi.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\swedish gang bang hardcore catfight castration .zip.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\horse fucking big titts .zip.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\asian beast [free] .mpg.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\chinese beast [free] (Janette).rar.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\swedish beastiality bukkake licking hole .avi.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\Downloaded Program Files\russian action beast [free] feet wifey (Curtney).rar.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\horse beast uncut feet penetration .mpg.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\french gay masturbation feet .avi.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\security\templates\danish horse hardcore girls cock .zip.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\trambling hidden titts .zip.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\kicking horse masturbation redhair .zip.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\malaysia beast hot (!) .avi.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\beastiality fucking hot (!) .rar.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\japanese nude blowjob licking beautyfull .avi.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\horse horse full movie cock .mpeg.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\swedish kicking blowjob lesbian .mpg.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\xxx public cock .avi.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\indian beastiality blowjob sleeping hole gorgeoushorny (Janette).mpg.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\tyrkish cum gay girls hole wifey (Sylvia).mpg.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\african fucking licking boots .rar.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\african beast uncut (Liz).rar.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\bukkake big (Liz).zip.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\mssrv.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\brasilian gang bang blowjob catfight (Liz).rar.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\black kicking horse several models hole (Anniston,Melissa).zip.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\lingerie voyeur (Sylvia).mpeg.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\african fucking hidden femdom (Sandy,Tatjana).avi.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\black beastiality hardcore voyeur .avi.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\african fucking lesbian boots .zip.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\japanese cum fucking full movie traffic .zip.exe	4e420d4b113dc1794099f3abcaad68c0N.exe
File created	C:\Windows\PLA\Templates\japanese kicking bukkake voyeur feet mature .rar.exe	4e420d4b113dc1794099f3abcaad68c0N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
916	4e420d4b113dc1794099f3abcaad68c0N.exe
916	4e420d4b113dc1794099f3abcaad68c0N.exe
668	4e420d4b113dc1794099f3abcaad68c0N.exe
668	4e420d4b113dc1794099f3abcaad68c0N.exe
916	4e420d4b113dc1794099f3abcaad68c0N.exe
916	4e420d4b113dc1794099f3abcaad68c0N.exe
2912	4e420d4b113dc1794099f3abcaad68c0N.exe
2912	4e420d4b113dc1794099f3abcaad68c0N.exe
2616	4e420d4b113dc1794099f3abcaad68c0N.exe
2616	4e420d4b113dc1794099f3abcaad68c0N.exe
668	4e420d4b113dc1794099f3abcaad68c0N.exe
668	4e420d4b113dc1794099f3abcaad68c0N.exe
916	4e420d4b113dc1794099f3abcaad68c0N.exe
916	4e420d4b113dc1794099f3abcaad68c0N.exe
3592	4e420d4b113dc1794099f3abcaad68c0N.exe
3592	4e420d4b113dc1794099f3abcaad68c0N.exe
1564	4e420d4b113dc1794099f3abcaad68c0N.exe
1564	4e420d4b113dc1794099f3abcaad68c0N.exe
4012	4e420d4b113dc1794099f3abcaad68c0N.exe
4012	4e420d4b113dc1794099f3abcaad68c0N.exe
2912	4e420d4b113dc1794099f3abcaad68c0N.exe
2912	4e420d4b113dc1794099f3abcaad68c0N.exe
5008	4e420d4b113dc1794099f3abcaad68c0N.exe
5008	4e420d4b113dc1794099f3abcaad68c0N.exe
916	4e420d4b113dc1794099f3abcaad68c0N.exe
916	4e420d4b113dc1794099f3abcaad68c0N.exe
2616	4e420d4b113dc1794099f3abcaad68c0N.exe
2616	4e420d4b113dc1794099f3abcaad68c0N.exe
668	4e420d4b113dc1794099f3abcaad68c0N.exe
668	4e420d4b113dc1794099f3abcaad68c0N.exe
5072	4e420d4b113dc1794099f3abcaad68c0N.exe
5072	4e420d4b113dc1794099f3abcaad68c0N.exe
3592	4e420d4b113dc1794099f3abcaad68c0N.exe
3592	4e420d4b113dc1794099f3abcaad68c0N.exe
4448	4e420d4b113dc1794099f3abcaad68c0N.exe
4448	4e420d4b113dc1794099f3abcaad68c0N.exe
2912	4e420d4b113dc1794099f3abcaad68c0N.exe
2912	4e420d4b113dc1794099f3abcaad68c0N.exe
3800	4e420d4b113dc1794099f3abcaad68c0N.exe
3800	4e420d4b113dc1794099f3abcaad68c0N.exe
3132	4e420d4b113dc1794099f3abcaad68c0N.exe
3132	4e420d4b113dc1794099f3abcaad68c0N.exe
916	4e420d4b113dc1794099f3abcaad68c0N.exe
916	4e420d4b113dc1794099f3abcaad68c0N.exe
2312	4e420d4b113dc1794099f3abcaad68c0N.exe
2312	4e420d4b113dc1794099f3abcaad68c0N.exe
668	4e420d4b113dc1794099f3abcaad68c0N.exe
668	4e420d4b113dc1794099f3abcaad68c0N.exe
2616	4e420d4b113dc1794099f3abcaad68c0N.exe
2616	4e420d4b113dc1794099f3abcaad68c0N.exe
1856	4e420d4b113dc1794099f3abcaad68c0N.exe
1856	4e420d4b113dc1794099f3abcaad68c0N.exe
448	4e420d4b113dc1794099f3abcaad68c0N.exe
448	4e420d4b113dc1794099f3abcaad68c0N.exe
4872	4e420d4b113dc1794099f3abcaad68c0N.exe
4872	4e420d4b113dc1794099f3abcaad68c0N.exe
1564	4e420d4b113dc1794099f3abcaad68c0N.exe
1564	4e420d4b113dc1794099f3abcaad68c0N.exe
4012	4e420d4b113dc1794099f3abcaad68c0N.exe
4012	4e420d4b113dc1794099f3abcaad68c0N.exe
5008	4e420d4b113dc1794099f3abcaad68c0N.exe
5008	4e420d4b113dc1794099f3abcaad68c0N.exe
4200	4e420d4b113dc1794099f3abcaad68c0N.exe
4200	4e420d4b113dc1794099f3abcaad68c0N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 916 wrote to memory of 668	916	4e420d4b113dc1794099f3abcaad68c0N.exe	87
PID 916 wrote to memory of 668	916	4e420d4b113dc1794099f3abcaad68c0N.exe	87
PID 916 wrote to memory of 668	916	4e420d4b113dc1794099f3abcaad68c0N.exe	87
PID 668 wrote to memory of 2912	668	4e420d4b113dc1794099f3abcaad68c0N.exe	92
PID 668 wrote to memory of 2912	668	4e420d4b113dc1794099f3abcaad68c0N.exe	92
PID 668 wrote to memory of 2912	668	4e420d4b113dc1794099f3abcaad68c0N.exe	92
PID 916 wrote to memory of 2616	916	4e420d4b113dc1794099f3abcaad68c0N.exe	93
PID 916 wrote to memory of 2616	916	4e420d4b113dc1794099f3abcaad68c0N.exe	93
PID 916 wrote to memory of 2616	916	4e420d4b113dc1794099f3abcaad68c0N.exe	93
PID 2912 wrote to memory of 3592	2912	4e420d4b113dc1794099f3abcaad68c0N.exe	94
PID 2912 wrote to memory of 3592	2912	4e420d4b113dc1794099f3abcaad68c0N.exe	94
PID 2912 wrote to memory of 3592	2912	4e420d4b113dc1794099f3abcaad68c0N.exe	94
PID 916 wrote to memory of 4012	916	4e420d4b113dc1794099f3abcaad68c0N.exe	95
PID 916 wrote to memory of 4012	916	4e420d4b113dc1794099f3abcaad68c0N.exe	95
PID 916 wrote to memory of 4012	916	4e420d4b113dc1794099f3abcaad68c0N.exe	95
PID 2616 wrote to memory of 1564	2616	4e420d4b113dc1794099f3abcaad68c0N.exe	96
PID 2616 wrote to memory of 1564	2616	4e420d4b113dc1794099f3abcaad68c0N.exe	96
PID 2616 wrote to memory of 1564	2616	4e420d4b113dc1794099f3abcaad68c0N.exe	96
PID 668 wrote to memory of 5008	668	4e420d4b113dc1794099f3abcaad68c0N.exe	97
PID 668 wrote to memory of 5008	668	4e420d4b113dc1794099f3abcaad68c0N.exe	97
PID 668 wrote to memory of 5008	668	4e420d4b113dc1794099f3abcaad68c0N.exe	97
PID 3592 wrote to memory of 5072	3592	4e420d4b113dc1794099f3abcaad68c0N.exe	99
PID 3592 wrote to memory of 5072	3592	4e420d4b113dc1794099f3abcaad68c0N.exe	99
PID 3592 wrote to memory of 5072	3592	4e420d4b113dc1794099f3abcaad68c0N.exe	99
PID 2912 wrote to memory of 4448	2912	4e420d4b113dc1794099f3abcaad68c0N.exe	100
PID 2912 wrote to memory of 4448	2912	4e420d4b113dc1794099f3abcaad68c0N.exe	100
PID 2912 wrote to memory of 4448	2912	4e420d4b113dc1794099f3abcaad68c0N.exe	100
PID 668 wrote to memory of 3132	668	4e420d4b113dc1794099f3abcaad68c0N.exe	101
PID 668 wrote to memory of 3132	668	4e420d4b113dc1794099f3abcaad68c0N.exe	101
PID 668 wrote to memory of 3132	668	4e420d4b113dc1794099f3abcaad68c0N.exe	101
PID 916 wrote to memory of 3800	916	4e420d4b113dc1794099f3abcaad68c0N.exe	102
PID 916 wrote to memory of 3800	916	4e420d4b113dc1794099f3abcaad68c0N.exe	102
PID 916 wrote to memory of 3800	916	4e420d4b113dc1794099f3abcaad68c0N.exe	102
PID 2616 wrote to memory of 2312	2616	4e420d4b113dc1794099f3abcaad68c0N.exe	103
PID 2616 wrote to memory of 2312	2616	4e420d4b113dc1794099f3abcaad68c0N.exe	103
PID 2616 wrote to memory of 2312	2616	4e420d4b113dc1794099f3abcaad68c0N.exe	103
PID 1564 wrote to memory of 448	1564	4e420d4b113dc1794099f3abcaad68c0N.exe	104
PID 1564 wrote to memory of 448	1564	4e420d4b113dc1794099f3abcaad68c0N.exe	104
PID 1564 wrote to memory of 448	1564	4e420d4b113dc1794099f3abcaad68c0N.exe	104
PID 4012 wrote to memory of 1856	4012	4e420d4b113dc1794099f3abcaad68c0N.exe	105
PID 4012 wrote to memory of 1856	4012	4e420d4b113dc1794099f3abcaad68c0N.exe	105
PID 4012 wrote to memory of 1856	4012	4e420d4b113dc1794099f3abcaad68c0N.exe	105
PID 5008 wrote to memory of 4872	5008	4e420d4b113dc1794099f3abcaad68c0N.exe	106
PID 5008 wrote to memory of 4872	5008	4e420d4b113dc1794099f3abcaad68c0N.exe	106
PID 5008 wrote to memory of 4872	5008	4e420d4b113dc1794099f3abcaad68c0N.exe	106
PID 3592 wrote to memory of 2612	3592	4e420d4b113dc1794099f3abcaad68c0N.exe	107
PID 3592 wrote to memory of 2612	3592	4e420d4b113dc1794099f3abcaad68c0N.exe	107
PID 3592 wrote to memory of 2612	3592	4e420d4b113dc1794099f3abcaad68c0N.exe	107
PID 2912 wrote to memory of 4200	2912	4e420d4b113dc1794099f3abcaad68c0N.exe	108
PID 2912 wrote to memory of 4200	2912	4e420d4b113dc1794099f3abcaad68c0N.exe	108
PID 2912 wrote to memory of 4200	2912	4e420d4b113dc1794099f3abcaad68c0N.exe	108
PID 916 wrote to memory of 4108	916	4e420d4b113dc1794099f3abcaad68c0N.exe	109
PID 916 wrote to memory of 4108	916	4e420d4b113dc1794099f3abcaad68c0N.exe	109
PID 916 wrote to memory of 4108	916	4e420d4b113dc1794099f3abcaad68c0N.exe	109
PID 668 wrote to memory of 396	668	4e420d4b113dc1794099f3abcaad68c0N.exe	111
PID 668 wrote to memory of 396	668	4e420d4b113dc1794099f3abcaad68c0N.exe	111
PID 668 wrote to memory of 396	668	4e420d4b113dc1794099f3abcaad68c0N.exe	111
PID 2616 wrote to memory of 1732	2616	4e420d4b113dc1794099f3abcaad68c0N.exe	112
PID 2616 wrote to memory of 1732	2616	4e420d4b113dc1794099f3abcaad68c0N.exe	112
PID 2616 wrote to memory of 1732	2616	4e420d4b113dc1794099f3abcaad68c0N.exe	112
PID 4012 wrote to memory of 3264	4012	4e420d4b113dc1794099f3abcaad68c0N.exe	113
PID 4012 wrote to memory of 3264	4012	4e420d4b113dc1794099f3abcaad68c0N.exe	113
PID 4012 wrote to memory of 3264	4012	4e420d4b113dc1794099f3abcaad68c0N.exe	113
PID 1564 wrote to memory of 1364	1564	4e420d4b113dc1794099f3abcaad68c0N.exe	114

C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
"C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:916
- C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:668
- - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2912
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3592
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:5072
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        7⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        8⤵
        
        PID:9248
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        9⤵
        
        PID:12236
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        8⤵
        
        PID:13872
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        8⤵
        
        PID:19340
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        7⤵
        
        PID:6696
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        8⤵
        
        PID:13688
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        8⤵
        
        PID:17608
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        7⤵
        
        PID:9700
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        8⤵
        
        PID:11616
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        7⤵
        
        PID:14124
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        7⤵
        
        PID:19196
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        7⤵
        
        PID:7508
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        8⤵
        
        PID:22552
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        7⤵
        
        PID:14268
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        7⤵
        
        PID:19332
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:6468
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        7⤵
        
        PID:10700
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        7⤵
        
        PID:13236
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        7⤵
        
        PID:17420
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:8252
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        7⤵
        
        PID:6452
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:11672
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        7⤵
        
        PID:23912
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:13124
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:18332
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:2612
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        7⤵
        
        PID:9524
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        8⤵
        
        PID:10100
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        7⤵
        
        PID:14148
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        7⤵
        
        PID:19236
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:7108
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        7⤵
        
        PID:13668
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        7⤵
        
        PID:208
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:10560
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        7⤵
        
        PID:22672
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:13276
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:18348
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:5168
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:8868
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        7⤵
        
        PID:23460
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:12132
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:13100
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:17072
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:6768
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:14212
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:19220
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:8408
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:15108
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:12040
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:13092
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:18408
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4448
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:3392
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        7⤵
        
        PID:9724
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        8⤵
        
        PID:23904
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        7⤵
        
        PID:12964
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        7⤵
        
        PID:18388
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:6688
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        7⤵
        
        PID:15616
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        7⤵
        
        PID:22376
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:9692
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        7⤵
        
        PID:22624
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:14156
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:19300
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:2640
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:9452
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        7⤵
        
        PID:9956
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:14196
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:20860
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:6460
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:11556
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:13156
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:5116
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:8312
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:9992
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:12088
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:13060
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:17036
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4200
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:5996
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:9464
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        7⤵
        
        PID:15104
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:14204
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:20868
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:7296
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:16996
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:10376
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:22568
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:13292
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:17540
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:5160
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:8728
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:21012
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:14180
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:20492
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:6588
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:11272
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:13172
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:17428
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:8852
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:21372
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:12156
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:12988
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:17556
- - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:5008
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4872
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:2620
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        7⤵
        
        PID:9764
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        8⤵
        
        PID:22560
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        7⤵
        
        PID:4256
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        7⤵
        
        PID:18540
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        7⤵
        
        PID:13644
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        7⤵
        
        PID:18340
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:9984
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        7⤵
        
        PID:22680
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:13020
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:17248
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:4396
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:8328
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        7⤵
        
        PID:22696
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:11804
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:14084
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:18980
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:6532
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:11196
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:13212
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:17476
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:8296
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:12216
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:12080
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:13068
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:17272
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:4588
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:5252
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:9588
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        7⤵
        
        PID:23636
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:13028
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:18532
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:6984
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:14252
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:19212
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:7476
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:20896
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:12148
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:13108
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:17288
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:3444
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:8132
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:15564
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:21004
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:11136
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:23404
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:13260
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:17060
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:6516
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:11220
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:13044
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:17132
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:8264
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:2240
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:12032
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:12996
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:17280
- - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:3132
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:1140
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:9916
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        7⤵
        
        PID:23644
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:4740
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:18416
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:7224
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:13636
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:18508
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:10404
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:12224
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:2348
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:17412
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:3996
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:9476
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:10116
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:14164
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:19252
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:6580
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:11444
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:13164
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:17468
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:8272
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:9952
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:12048
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:12980
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:17240
- - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
    3⤵
    PID:396
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:6036
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:9716
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:22616
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:1860
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:18364
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:6732
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:13860
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:18556
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:9784
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:10044
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:12960
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:18300
- - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
    3⤵
    PID:5144
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:7516
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:22416
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:14276
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:19324
- - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
    3⤵
    PID:6500
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:10708
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:13196
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:17452
- - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
    3⤵
    PID:8236
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:22424
- - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
    3⤵
    PID:11644
- - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
    3⤵
    PID:13140
- - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
    3⤵
    PID:17548
- C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2616
- - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1564
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:448
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:5028
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        7⤵
        
        PID:9756
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        8⤵
        
        PID:22608
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        7⤵
        
        PID:13316
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        7⤵
        
        PID:19284
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        7⤵
        
        PID:13652
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        7⤵
        
        PID:18324
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:9900
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        7⤵
        
        PID:22584
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:4608
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:18316
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:3420
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:5220
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        7⤵
        
        PID:23652
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:14236
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:19292
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:6524
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:11204
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:13180
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:17492
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:8280
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:23308
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:12056
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:13036
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:17256
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:1364
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:6244
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:10384
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        7⤵
        
        PID:22632
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:13300
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:17052
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:7460
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:13680
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:17356
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:10360
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:22640
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:13308
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:17044
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:2428
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:9516
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:22600
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:14188
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:19308
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:6476
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:10692
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:13244
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:17080
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:8220
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:23396
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:11696
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:13116
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:18524
- - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:2312
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:3404
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:6104
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:9708
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        7⤵
        
        PID:22664
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:14132
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:20996
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:7232
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:14980
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:20876
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:10016
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:22648
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:12020
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:17508
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:4784
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:7500
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:12176
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:14284
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:19268
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:6540
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:12068
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:13084
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:17532
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:8288
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:22940
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:12140
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:13052
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:18372
- - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
    3⤵
    PID:1732
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:6152
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:9732
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:23620
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:13616
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:18516
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:7216
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:13660
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:15576
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:9908
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:22688
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:12956
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:18356
- - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
    3⤵
    PID:5136
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:9488
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:6324
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:14220
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:19228
- - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
    3⤵
    PID:6484
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:11212
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:13188
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:17484
- - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
    3⤵
    PID:8244
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:14108
- - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
    3⤵
    PID:11652
- - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
    3⤵
    PID:13132
- - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
    3⤵
    PID:17516
- C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4012
- - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:1856
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:3464
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:5176
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:9460
        
        C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        7⤵
        
        PID:23888
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:14172
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:19260
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:7308
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:13832
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:18968
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:10368
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:23896
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:13284
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:17444
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:2988
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:9308
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:23612
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:14244
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:20500
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:6572
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:10516
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:13220
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:17460
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:8320
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:22544
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:12024
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:13076
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:17104
- - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
    3⤵
    PID:3264
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:3120
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:9740
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:22656
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:14140
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:19244
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:7208
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:14988
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:20884
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:9996
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:23628
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:12944
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:18380
- - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
    3⤵
    PID:5128
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:8844
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:23584
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:14300
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:20484
- - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
    3⤵
    PID:6508
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:10280
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:13252
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:17344
- - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
    3⤵
    PID:8228
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:22432
- - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
    3⤵
    PID:11660
- - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
    3⤵
    PID:13012
- - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
    3⤵
    PID:17140
- C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:3800
- - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
    3⤵
    PID:228
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:6136
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:9748
      - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        6⤵
        
        PID:6948
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:14292
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:19316
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:6728
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:3460
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:17524
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:9776
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:22592
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:1156
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:18308
- - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
    3⤵
    PID:4068
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:8860
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:23604
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:14260
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:19204
- - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
    3⤵
    PID:6552
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:10524
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:13228
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:18428
- - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
    3⤵
    PID:8304
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:22576
- - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
    3⤵
    PID:11960
- - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
    3⤵
    PID:13004
- - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
    3⤵
    PID:17264
- C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
  2⤵
  PID:4108
- - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
    3⤵
    PID:6012
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:10576
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:14972
    - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
        5⤵
        
        PID:19360
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:13268
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:18644
- - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
    3⤵
    PID:7124
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:14996
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:20508
- - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
    3⤵
    PID:9272
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:10028
- - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
    3⤵
    PID:1380
- - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
    3⤵
    PID:17100
- C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
  2⤵
  PID:5152
- - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
    3⤵
    PID:9332
  - - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
      4⤵
      PID:23576
- - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
    3⤵
    PID:14228
- - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
    3⤵
    PID:19276
- C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
  2⤵
  PID:6492
- - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
    3⤵
    PID:10712
- - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
    3⤵
    PID:13204
- - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
    3⤵
    PID:17436
- C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
  2⤵
  PID:8212
- - C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
    3⤵
    PID:5604
- C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
  2⤵
  PID:11568
- C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
  2⤵
  PID:13148
- C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\4e420d4b113dc1794099f3abcaad68c0N.exe"
  2⤵
  PID:17500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\brasilian action bukkake hot (!) fishy .zip.exe

Filesize
1.9MB

MD5
59d0038442d4d97a955943a8998ef050

SHA1
61d8e7c3dcd1446fdb407094f93d9e966a5923db

SHA256
23c6e02b533ef41794c7f3f779b77f19033a47ad3cce0efdc3c08ef51a15108c

SHA512
ed1e57104fd1522d2d0241e4f1c98fefbcf6af5542bfb81a93c98fd65275ba27c107682f31f5249918a31127b43496582dbce3a9c980f0c669f1f99c97dc289f

Download Submit
C:\debug.txt

Filesize
146B

MD5
58ab14a9421a1a535d2a7862ce0411e2

SHA1
3f2fa7268d15d9a192705b0e1736832d82919a6c

SHA256
a91ec5b83f4c72a8389ad4a8e2c66702779e2c914f10f4014251457a0dd50a3a

SHA512
c1be622556cd1fb5cdd0d43a0a0d8209179987b684db4977866a61327e5da4605155e9174b16a5c03d1dd1abfc235b64489eaa2d3240e4fcc386939ebb803f2e

Download Submit
memory/228-254-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/396-207-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/396-234-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/448-223-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/448-195-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/668-72-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/668-196-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/916-0-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/916-193-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1140-219-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1140-255-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1364-239-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1364-211-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1548-274-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1564-206-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1564-186-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1732-237-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1732-209-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1856-222-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1856-194-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2312-220-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2312-192-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2428-245-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2428-275-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2612-227-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2612-201-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2616-200-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2616-166-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2620-260-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2620-226-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2640-243-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2640-266-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2912-165-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2912-199-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2988-264-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2988-235-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3012-213-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3012-246-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3132-217-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3132-190-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3264-238-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3264-210-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3392-249-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3392-216-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3404-257-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3404-221-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3420-240-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3420-268-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3444-244-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3444-271-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3464-229-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3464-262-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3592-184-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3592-203-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3752-248-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3752-277-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3800-191-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3800-218-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/3996-256-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4012-185-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4012-205-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4068-270-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4068-242-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4108-233-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4108-204-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4200-202-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4200-228-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4396-236-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4396-265-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4448-215-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4448-189-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4588-214-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4588-247-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4784-269-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4784-241-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4872-225-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/4872-197-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5008-187-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5008-208-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5028-224-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5028-258-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5072-188-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5072-212-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5128-279-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5136-280-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5136-250-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5144-251-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5152-252-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5160-253-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5988-259-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/5996-261-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/6036-263-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/6096-267-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/6104-272-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/6124-273-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/6136-276-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download