18f78a9b4f8bd635345cea1e9737ad916903a1710dd901fafa117e19b3f59b95

Analysis

max time kernel
11s
max time network
8s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 10:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ab3d97e81ba84836d7a764a1f9cee210N.exe
Size

1.9MB
MD5

ab3d97e81ba84836d7a764a1f9cee210
SHA1

3b4926a092731a4db30d664e93fba3ab26e388a1
SHA256

18f78a9b4f8bd635345cea1e9737ad916903a1710dd901fafa117e19b3f59b95
SHA512

b674cc46fa2f04c55999cde7661a537ee99896c6fd51ee3d339b2e7c37c93bb26d9ec5616e843886543b7735deeddf6eb757624681a97c62827aadb9beb777d6
SSDEEP

24576:86oSB4FgwHOTMyLPC9kbDrr6nwfXKBbpUzv9RTU1Xye4T+rs8Cq7eeJDTLIcdg4W:5OFgPjC2n6wPMKaXy1EX/Icl+0ECT260

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 8 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation	ab3d97e81ba84836d7a764a1f9cee210N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation	ab3d97e81ba84836d7a764a1f9cee210N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation	ab3d97e81ba84836d7a764a1f9cee210N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation	ab3d97e81ba84836d7a764a1f9cee210N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation	ab3d97e81ba84836d7a764a1f9cee210N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation	ab3d97e81ba84836d7a764a1f9cee210N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation	ab3d97e81ba84836d7a764a1f9cee210N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation	ab3d97e81ba84836d7a764a1f9cee210N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	ab3d97e81ba84836d7a764a1f9cee210N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	ab3d97e81ba84836d7a764a1f9cee210N.exe
File opened (read-only)	\??\O:	ab3d97e81ba84836d7a764a1f9cee210N.exe
File opened (read-only)	\??\Q:	ab3d97e81ba84836d7a764a1f9cee210N.exe
File opened (read-only)	\??\S:	ab3d97e81ba84836d7a764a1f9cee210N.exe
File opened (read-only)	\??\W:	ab3d97e81ba84836d7a764a1f9cee210N.exe
File opened (read-only)	\??\Z:	ab3d97e81ba84836d7a764a1f9cee210N.exe
File opened (read-only)	\??\B:	ab3d97e81ba84836d7a764a1f9cee210N.exe
File opened (read-only)	\??\E:	ab3d97e81ba84836d7a764a1f9cee210N.exe
File opened (read-only)	\??\K:	ab3d97e81ba84836d7a764a1f9cee210N.exe
File opened (read-only)	\??\P:	ab3d97e81ba84836d7a764a1f9cee210N.exe
File opened (read-only)	\??\R:	ab3d97e81ba84836d7a764a1f9cee210N.exe
File opened (read-only)	\??\U:	ab3d97e81ba84836d7a764a1f9cee210N.exe
File opened (read-only)	\??\Y:	ab3d97e81ba84836d7a764a1f9cee210N.exe
File opened (read-only)	\??\A:	ab3d97e81ba84836d7a764a1f9cee210N.exe
File opened (read-only)	\??\L:	ab3d97e81ba84836d7a764a1f9cee210N.exe
File opened (read-only)	\??\M:	ab3d97e81ba84836d7a764a1f9cee210N.exe
File opened (read-only)	\??\N:	ab3d97e81ba84836d7a764a1f9cee210N.exe
File opened (read-only)	\??\G:	ab3d97e81ba84836d7a764a1f9cee210N.exe
File opened (read-only)	\??\I:	ab3d97e81ba84836d7a764a1f9cee210N.exe
File opened (read-only)	\??\T:	ab3d97e81ba84836d7a764a1f9cee210N.exe
File opened (read-only)	\??\V:	ab3d97e81ba84836d7a764a1f9cee210N.exe
File opened (read-only)	\??\X:	ab3d97e81ba84836d7a764a1f9cee210N.exe
File opened (read-only)	\??\H:	ab3d97e81ba84836d7a764a1f9cee210N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\IME\SHARED\malaysia beast lesbian boots (Jenna).rar.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\fetish xxx [milf] (Sylvia,Jade).zip.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\animal girls young .zip.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\SysWOW64\FxsTmp\black horse lingerie voyeur high heels .rar.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\spanish nude public YEâPSè& (Liz,Ashley).mpg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\cum cum sleeping hole hairy .mpeg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\trambling hot (!) penetration .zip.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\System32\DriverStore\Temp\gay [bangbus] cock shower .avi.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\fetish beast masturbation feet .mpg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\italian cumshot hardcore masturbation .mpeg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\SysWOW64\FxsTmp\beast horse voyeur redhair .mpg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\british sperm beastiality big titts circumcision (Sonja,Sarah).mpg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe

Drops file in Program Files directory 17 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\indian action sperm voyeur boobs hotel .mpg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\porn cum voyeur titts boots (Britney).mpeg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\trambling nude sleeping high heels .avi.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Program Files (x86)\Google\Update\Download\italian lesbian cumshot big penetration (Ashley,Gina).zip.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Program Files\Microsoft Office\root\Templates\danish xxx catfight (Gina,Melissa).mpeg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\hardcore lesbian .zip.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\horse beastiality [free] boobs bondage .mpeg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\cum lesbian (Gina).rar.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Program Files\Common Files\microsoft shared\canadian porn sleeping nipples .rar.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\lesbian cumshot [milf] hole .mpeg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\spanish beastiality sperm girls sweet .zip.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\gang bang hot (!) circumcision .avi.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Program Files (x86)\Google\Temp\norwegian animal lesbian masturbation glans sm .zip.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\canadian beastiality hidden .mpeg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Program Files\dotnet\shared\chinese xxx bukkake sleeping fishy .mpg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\cum lesbian stockings .mpeg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\american bukkake lesbian (Britney,Sonja).mpeg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe

Drops file in Windows directory 50 IoCs

description	ioc	Process
File created	C:\Windows\assembly\temp\fucking trambling several models 40+ .zip.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\Downloaded Program Files\japanese horse several models nipples .zip.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\african kicking fetish voyeur mature (Sonja).rar.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\canadian porn hot (!) titts balls .rar.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\assembly\tmp\danish xxx full movie feet pregnant (Kathrin,Sandy).rar.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\lingerie sleeping (Anniston).rar.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\SoftwareDistribution\Download\black trambling cumshot [bangbus] .mpg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\nude hot (!) hairy .rar.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\spanish lesbian [bangbus] ash .zip.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\british handjob big redhair .avi.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\indian beastiality bukkake girls cock high heels .mpg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\sperm nude licking feet sweet .rar.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\CbsTemp\african horse hardcore public .avi.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\fucking full movie (Anniston).rar.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\horse porn [free] ash penetration .rar.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\trambling [bangbus] 50+ .avi.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\russian fucking [milf] swallow (Melissa,Anniston).mpeg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\handjob horse [free] pregnant .rar.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\horse cum girls boobs .zip.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\spanish horse lingerie big traffic .zip.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\spanish porn big nipples .zip.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\kicking big .zip.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\security\templates\kicking voyeur ash (Samantha).avi.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\fetish fucking several models ash (Sonja).avi.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\chinese beastiality kicking masturbation shower (Curtney,Samantha).mpeg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\chinese fetish fetish public .avi.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\mssrv.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\american cumshot uncut (Melissa).mpeg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\brasilian cum hot (!) swallow .rar.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\gang bang cum several models upskirt .mpeg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\beastiality girls traffic .rar.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\black kicking beast hot (!) redhair .mpeg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\fetish beast big circumcision .avi.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\beastiality kicking big bondage .mpg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\blowjob full movie (Anniston).mpg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\PLA\Templates\chinese nude masturbation girly (Janette).zip.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\cum hidden leather .avi.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\gay [free] .rar.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\african nude nude hidden ash .avi.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\british action kicking lesbian hole (Jenna,Samantha).mpeg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\action beast [milf] (Melissa).avi.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\malaysia handjob trambling sleeping .avi.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\nude fucking public .zip.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\russian horse gay several models ash (Christine).mpeg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\beast sperm licking (Curtney).zip.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\malaysia beastiality lesbian [bangbus] castration (Tatjana).mpg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\InputMethod\SHARED\malaysia porn girls boobs .mpeg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\trambling voyeur hotel .rar.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\chinese fucking [free] glans redhair .mpg.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\lesbian catfight (Jade,Sonja).avi.exe	ab3d97e81ba84836d7a764a1f9cee210N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 36 IoCs

pid	Process
2184	ab3d97e81ba84836d7a764a1f9cee210N.exe
2184	ab3d97e81ba84836d7a764a1f9cee210N.exe
864	ab3d97e81ba84836d7a764a1f9cee210N.exe
864	ab3d97e81ba84836d7a764a1f9cee210N.exe
2184	ab3d97e81ba84836d7a764a1f9cee210N.exe
2184	ab3d97e81ba84836d7a764a1f9cee210N.exe
3816	ab3d97e81ba84836d7a764a1f9cee210N.exe
3816	ab3d97e81ba84836d7a764a1f9cee210N.exe
864	ab3d97e81ba84836d7a764a1f9cee210N.exe
864	ab3d97e81ba84836d7a764a1f9cee210N.exe
2888	ab3d97e81ba84836d7a764a1f9cee210N.exe
2888	ab3d97e81ba84836d7a764a1f9cee210N.exe
2184	ab3d97e81ba84836d7a764a1f9cee210N.exe
2184	ab3d97e81ba84836d7a764a1f9cee210N.exe
1424	ab3d97e81ba84836d7a764a1f9cee210N.exe
1424	ab3d97e81ba84836d7a764a1f9cee210N.exe
3836	ab3d97e81ba84836d7a764a1f9cee210N.exe
3836	ab3d97e81ba84836d7a764a1f9cee210N.exe
3816	ab3d97e81ba84836d7a764a1f9cee210N.exe
3816	ab3d97e81ba84836d7a764a1f9cee210N.exe
864	ab3d97e81ba84836d7a764a1f9cee210N.exe
864	ab3d97e81ba84836d7a764a1f9cee210N.exe
4548	ab3d97e81ba84836d7a764a1f9cee210N.exe
4548	ab3d97e81ba84836d7a764a1f9cee210N.exe
2340	ab3d97e81ba84836d7a764a1f9cee210N.exe
2340	ab3d97e81ba84836d7a764a1f9cee210N.exe
2888	ab3d97e81ba84836d7a764a1f9cee210N.exe
2888	ab3d97e81ba84836d7a764a1f9cee210N.exe
2184	ab3d97e81ba84836d7a764a1f9cee210N.exe
2184	ab3d97e81ba84836d7a764a1f9cee210N.exe
2228	ab3d97e81ba84836d7a764a1f9cee210N.exe
2228	ab3d97e81ba84836d7a764a1f9cee210N.exe
3996	ab3d97e81ba84836d7a764a1f9cee210N.exe
3996	ab3d97e81ba84836d7a764a1f9cee210N.exe
3816	ab3d97e81ba84836d7a764a1f9cee210N.exe
3816	ab3d97e81ba84836d7a764a1f9cee210N.exe

Suspicious use of WriteProcessMemory 45 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 864	2184	ab3d97e81ba84836d7a764a1f9cee210N.exe	87
PID 2184 wrote to memory of 864	2184	ab3d97e81ba84836d7a764a1f9cee210N.exe	87
PID 2184 wrote to memory of 864	2184	ab3d97e81ba84836d7a764a1f9cee210N.exe	87
PID 864 wrote to memory of 3816	864	ab3d97e81ba84836d7a764a1f9cee210N.exe	90
PID 864 wrote to memory of 3816	864	ab3d97e81ba84836d7a764a1f9cee210N.exe	90
PID 864 wrote to memory of 3816	864	ab3d97e81ba84836d7a764a1f9cee210N.exe	90
PID 2184 wrote to memory of 2888	2184	ab3d97e81ba84836d7a764a1f9cee210N.exe	91
PID 2184 wrote to memory of 2888	2184	ab3d97e81ba84836d7a764a1f9cee210N.exe	91
PID 2184 wrote to memory of 2888	2184	ab3d97e81ba84836d7a764a1f9cee210N.exe	91
PID 3816 wrote to memory of 1424	3816	ab3d97e81ba84836d7a764a1f9cee210N.exe	94
PID 3816 wrote to memory of 1424	3816	ab3d97e81ba84836d7a764a1f9cee210N.exe	94
PID 3816 wrote to memory of 1424	3816	ab3d97e81ba84836d7a764a1f9cee210N.exe	94
PID 864 wrote to memory of 3836	864	ab3d97e81ba84836d7a764a1f9cee210N.exe	95
PID 864 wrote to memory of 3836	864	ab3d97e81ba84836d7a764a1f9cee210N.exe	95
PID 864 wrote to memory of 3836	864	ab3d97e81ba84836d7a764a1f9cee210N.exe	95
PID 2888 wrote to memory of 2340	2888	ab3d97e81ba84836d7a764a1f9cee210N.exe	96
PID 2888 wrote to memory of 2340	2888	ab3d97e81ba84836d7a764a1f9cee210N.exe	96
PID 2888 wrote to memory of 2340	2888	ab3d97e81ba84836d7a764a1f9cee210N.exe	96
PID 2184 wrote to memory of 4548	2184	ab3d97e81ba84836d7a764a1f9cee210N.exe	97
PID 2184 wrote to memory of 4548	2184	ab3d97e81ba84836d7a764a1f9cee210N.exe	97
PID 2184 wrote to memory of 4548	2184	ab3d97e81ba84836d7a764a1f9cee210N.exe	97
PID 3816 wrote to memory of 3996	3816	ab3d97e81ba84836d7a764a1f9cee210N.exe	99
PID 3816 wrote to memory of 3996	3816	ab3d97e81ba84836d7a764a1f9cee210N.exe	99
PID 3816 wrote to memory of 3996	3816	ab3d97e81ba84836d7a764a1f9cee210N.exe	99
PID 864 wrote to memory of 2228	864	ab3d97e81ba84836d7a764a1f9cee210N.exe	100
PID 864 wrote to memory of 2228	864	ab3d97e81ba84836d7a764a1f9cee210N.exe	100
PID 864 wrote to memory of 2228	864	ab3d97e81ba84836d7a764a1f9cee210N.exe	100
PID 3836 wrote to memory of 4628	3836	ab3d97e81ba84836d7a764a1f9cee210N.exe	101
PID 3836 wrote to memory of 4628	3836	ab3d97e81ba84836d7a764a1f9cee210N.exe	101
PID 3836 wrote to memory of 4628	3836	ab3d97e81ba84836d7a764a1f9cee210N.exe	101
PID 1424 wrote to memory of 2632	1424	ab3d97e81ba84836d7a764a1f9cee210N.exe	102
PID 1424 wrote to memory of 2632	1424	ab3d97e81ba84836d7a764a1f9cee210N.exe	102
PID 1424 wrote to memory of 2632	1424	ab3d97e81ba84836d7a764a1f9cee210N.exe	102
PID 2888 wrote to memory of 4776	2888	ab3d97e81ba84836d7a764a1f9cee210N.exe	103
PID 2888 wrote to memory of 4776	2888	ab3d97e81ba84836d7a764a1f9cee210N.exe	103
PID 2888 wrote to memory of 4776	2888	ab3d97e81ba84836d7a764a1f9cee210N.exe	103
PID 2184 wrote to memory of 2880	2184	ab3d97e81ba84836d7a764a1f9cee210N.exe	104
PID 2184 wrote to memory of 2880	2184	ab3d97e81ba84836d7a764a1f9cee210N.exe	104
PID 2184 wrote to memory of 2880	2184	ab3d97e81ba84836d7a764a1f9cee210N.exe	104
PID 2340 wrote to memory of 3116	2340	ab3d97e81ba84836d7a764a1f9cee210N.exe	105
PID 2340 wrote to memory of 3116	2340	ab3d97e81ba84836d7a764a1f9cee210N.exe	105
PID 2340 wrote to memory of 3116	2340	ab3d97e81ba84836d7a764a1f9cee210N.exe	105
PID 4548 wrote to memory of 1328	4548	ab3d97e81ba84836d7a764a1f9cee210N.exe	106
PID 4548 wrote to memory of 1328	4548	ab3d97e81ba84836d7a764a1f9cee210N.exe	106
PID 4548 wrote to memory of 1328	4548	ab3d97e81ba84836d7a764a1f9cee210N.exe	106

C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
"C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
  "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:864
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3816
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1424
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:2632
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:5616
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        9⤵
        
        PID:15100
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        9⤵
        
        PID:15684
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:10320
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:14728
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:20140
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:15184
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:12932
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:9648
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:13148
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:6016
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:5520
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:15216
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:9812
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:10088
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:20708
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:13772
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:18824
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:14996
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:15572
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:9496
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:19684
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:13112
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:5832
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:1172
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:8232
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:17144
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:11396
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:16172
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:7520
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:15208
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:10084
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:10016
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:13860
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:18832
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:5284
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:7040
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:13588
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:18840
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:9456
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:12984
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:13132
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:7096
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:6604
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:12144
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:17068
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:8760
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:12896
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:12408
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:1604
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3996
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:5048
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:5600
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        8⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:11772
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:16540
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:14492
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:19512
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:9864
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:13180
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:6092
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:5216
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:13572
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:18680
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:9436
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:12696
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:13140
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:5956
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:6596
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:12188
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:17132
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:8844
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:13000
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:12488
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:17764
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:2932
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:5140
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:6708
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:12152
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:17108
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:8916
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:8092
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:12808
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:3480
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:6520
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:12128
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:1916
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:8628
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:8676
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:12016
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:16628
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:3844
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:6648
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:12164
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:17124
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:8884
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:11864
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:12504
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:17840
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:6372
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:11800
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:3560
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:8452
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:3668
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:11740
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:1256
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3836
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:4628
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:4364
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:10024
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:13564
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:18584
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:7576
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:15152
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:9124
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:10644
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:15128
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:9540
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:5444
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:7016
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:14064
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:19232
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:9472
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:12752
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:2064
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:6924
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:14028
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:18980
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:9144
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:11916
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:12676
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:4576
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:4560
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:5436
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:7272
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:14984
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:15576
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:9620
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:19676
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:13164
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:6088
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:6996
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:13688
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:18688
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:9448
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:12844
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:13104
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:5792
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:5224
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:6980
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:13696
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:18664
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:9504
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:19692
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:13080
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:5212
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:6576
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:12136
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:16924
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:8688
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:12720
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:12476
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:17680
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2228
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:3580
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:5540
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:7596
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:15724
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:4844
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:14456
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:12312
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:7032
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:14448
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:19656
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:9464
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:12976
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:13096
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:5940
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:5276
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:7216
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:15144
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:15708
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:9528
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:20684
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:13088
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:5292
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:6752
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:12180
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:17116
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:9132
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:11884
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:12572
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:17976
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:4924
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:5204
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:6840
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:14036
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:18920
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:9272
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:11768
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:12700
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:1472
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:6504
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:11792
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:3952
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:8728
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:244
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:12212
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:3812
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:3640
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:6636
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:13580
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:18556
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:8952
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:11696
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:12728
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:18416
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:6428
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:12172
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:2896
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:8620
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:2016
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:11988
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:16364
- C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
  "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2888
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2340
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:3116
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:2236
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:11340
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:16124
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:8252
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:17160
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:11472
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:16256
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:5868
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:6408
        
        C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        7⤵
        
        PID:12824
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:12636
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:17852
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:7552
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:15312
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:12948
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:10244
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:14440
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:19504
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:1756
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:6136
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:11312
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:15800
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:8164
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:4476
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:10904
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:15408
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:10116
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:7992
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:932
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:10824
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:15176
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:15476
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:7264
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:14100
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:19196
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:9628
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:19832
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:13172
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:8072
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:4776
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:1148
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:6152
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:11680
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:16548
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:7964
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:17176
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:10768
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:15168
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:15812
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:5876
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:8928
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:1628
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:12512
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:17732
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:7560
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:15200
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:4616
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:3400
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:14368
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:772
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:4076
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:6228
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:10968
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:15400
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:20700
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:8260
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:4040
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:11660
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:13684
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:5636
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:8240
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:17168
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:11572
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:16348
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:7224
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:14564
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:19668
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:9604
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:13156
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:7428
- C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
  "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4548
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:1328
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:1248
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:6276
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:11688
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:460
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:8364
      - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        6⤵
        
        PID:17152
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:11580
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:16340
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:6072
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:10840
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:15432
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:7920
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:16048
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:10628
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:14944
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:16944
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:4940
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:6264
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:12120
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:3660
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:8172
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:16264
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:10744
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:15160
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:9728
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:5856
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:9340
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:12880
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:12760
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:1320
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:7536
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:15080
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:15680
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:10040
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:13976
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:18968
- C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
  "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
  2⤵
  PID:2880
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:4872
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:6160
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:11672
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:2260
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:8196
    - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
        5⤵
        
        PID:15780
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:10832
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:15440
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:5848
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:10032
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:13676
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:18636
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:7608
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:15392
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:10068
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:10156
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:14304
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:19292
- C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
  "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
  2⤵
  PID:2148
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:6004
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:10976
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:15416
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:20692
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:8048
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:17860
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:10636
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:15136
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:10064
- C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
  "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
  2⤵
  PID:5628
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:7948
  - - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
      "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
      4⤵
      PID:17184
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:10620
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:14968
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:6936
- C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
  "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
  2⤵
  PID:7300
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:14500
- - C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
    "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
    3⤵
    PID:19468
- C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
  "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
  2⤵
  PID:9612
- C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
  "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
  2⤵
  PID:13540
- C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe
  "C:\Users\Admin\AppData\Local\Temp\ab3d97e81ba84836d7a764a1f9cee210N.exe"
  2⤵
  PID:18672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\cum lesbian stockings .mpeg.exe

Filesize
1.9MB

MD5
45a8bc32a85c2e5eaaa24b2bb9ddb873

SHA1
7a5c717ade32a6cce22888f1c4287800f0a33127

SHA256
879965070e77e86af8c3917bc01f76bad81937f7dce32e1df3a01297f0d43d05

SHA512
dc9d5613f08e060dee994dc3c14a281c08aa99877342a375d3eeb03128ed47fa963041aae173f1e028d533a005336540f488e43f39b6e0cc6ee0dac2929195d5

Download Submit