3e11f9e29d612f220eb9a6c8ae02ee51df3c89d4fc3647741ac7b8bd757889d0

Analysis

max time kernel
14s
max time network
111s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 09:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

939a70007d4c4ae6f2b45f5fcc49cf70N.exe
Size

272KB
MD5

939a70007d4c4ae6f2b45f5fcc49cf70
SHA1

2935eca91003295689f19c1ce4e9f7bd5a6b7dd9
SHA256

3e11f9e29d612f220eb9a6c8ae02ee51df3c89d4fc3647741ac7b8bd757889d0
SHA512

3d942ada6fa5299a2f580522417a371ce172da57cc0b289ad0cbdb0bd1d6fb2be6240e603fb9f544cdc9410ba45f8767d553b6eb928721dc3e34147a9e28f1e8
SSDEEP

6144:dXC4vgmhbIxs3NBRJpCvw5Bd4tGzkODHbTdL4QECG+98ri:dXCNi9BpCQYUzk2a1t++i

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 18 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	939a70007d4c4ae6f2b45f5fcc49cf70N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	939a70007d4c4ae6f2b45f5fcc49cf70N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\L:	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File opened (read-only)	\??\P:	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File opened (read-only)	\??\H:	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File opened (read-only)	\??\J:	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File opened (read-only)	\??\K:	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File opened (read-only)	\??\W:	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File opened (read-only)	\??\X:	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File opened (read-only)	\??\Z:	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File opened (read-only)	\??\G:	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File opened (read-only)	\??\S:	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File opened (read-only)	\??\V:	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File opened (read-only)	\??\Q:	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File opened (read-only)	\??\R:	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File opened (read-only)	\??\U:	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File opened (read-only)	\??\A:	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File opened (read-only)	\??\I:	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File opened (read-only)	\??\O:	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File opened (read-only)	\??\N:	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File opened (read-only)	\??\T:	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File opened (read-only)	\??\Y:	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File opened (read-only)	\??\B:	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File opened (read-only)	\??\E:	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File opened (read-only)	\??\M:	939a70007d4c4ae6f2b45f5fcc49cf70N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\lingerie uncut feet traffic .rar.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\System32\DriverStore\Temp\japanese fetish fucking full movie YEâPSè& .avi.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\SysWOW64\FxsTmp\russian porn hardcore lesbian (Sylvia).mpeg.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\japanese kicking sperm sleeping feet leather (Samantha).avi.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\tyrkish handjob bukkake sleeping mature .mpeg.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\japanese cumshot horse lesbian fishy .mpg.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\lingerie girls cock ¼ë (Jade).mpg.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\malaysia trambling masturbation hole bondage (Liz).zip.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\horse sleeping (Karin).zip.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\SysWOW64\FxsTmp\american porn xxx uncut glans hairy .mpeg.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\japanese cumshot trambling full movie titts sm .zip.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\xxx big .zip.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe

Drops file in Program Files directory 17 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\microsoft shared\russian cum fucking full movie titts sm .avi.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Program Files\dotnet\shared\sperm big .rar.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Program Files\Microsoft Office\root\Templates\lesbian masturbation hole beautyfull .mpg.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\swedish horse gay voyeur titts YEâPSè& (Liz).mpeg.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Program Files (x86)\Google\Temp\brasilian horse sperm big cock Ôï .mpg.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\brasilian horse gay hot (!) hole ash (Tatjana).mpeg.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\black cum lesbian lesbian balls (Britney,Samantha).mpeg.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\black kicking lingerie big .mpg.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\russian fetish bukkake uncut .avi.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\action sperm hidden (Melissa).zip.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\blowjob big feet .rar.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\black kicking bukkake lesbian cock .rar.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\italian nude lingerie hot (!) redhair .avi.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\danish cum trambling [milf] .mpg.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\swedish horse bukkake full movie shoes .zip.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\indian cum bukkake lesbian .rar.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Program Files (x86)\Google\Update\Download\british sperm masturbation traffic .zip.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\asian trambling [free] titts fishy .zip.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\spanish gay several models cock .rar.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\handjob trambling big feet blondie .mpg.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\porn beast hot (!) glans 50+ (Curtney).mpg.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\action beast voyeur titts blondie (Karin).zip.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\fetish gay several models leather .mpeg.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\mssrv.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\action lingerie girls (Janette).mpeg.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\italian cum lesbian masturbation hole .avi.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\danish cum bukkake voyeur bedroom .zip.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\handjob bukkake masturbation boots .rar.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\malaysia gay licking titts shower (Sylvia).avi.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\italian porn beast sleeping .avi.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\french gay lesbian .avi.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\assembly\tmp\trambling [bangbus] (Sarah).rar.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\danish horse gay [free] pregnant .zip.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\japanese gang bang horse licking .rar.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\lesbian [milf] hole lady (Samantha).rar.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\black fetish blowjob full movie lady .rar.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\swedish beastiality trambling catfight castration .mpeg.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\animal blowjob [milf] .zip.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\italian cumshot lesbian full movie cock pregnant (Liz).mpg.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\horse [bangbus] granny .mpeg.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\danish handjob hardcore [bangbus] feet shower .mpg.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\handjob trambling big latex .mpeg.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\swedish beastiality gay voyeur glans gorgeoushorny (Samantha).rar.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\russian kicking xxx hidden 50+ .zip.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\italian cumshot gay [milf] .zip.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\asian lingerie full movie traffic .zip.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\italian fetish lingerie hot (!) latex .mpeg.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\danish animal gay [free] feet balls .zip.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\asian gay girls cock sm .zip.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\black nude bukkake girls lady .mpeg.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\african horse hot (!) cock (Ashley,Jade).rar.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\tyrkish animal gay lesbian 50+ .rar.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\lesbian licking ash .mpeg.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\american gang bang xxx voyeur titts (Kathrin,Curtney).zip.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\african horse public cock (Anniston,Curtney).rar.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\handjob xxx uncut cock 50+ (Sarah).zip.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\animal sperm full movie (Curtney).mpeg.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\american handjob sperm lesbian girly .rar.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\african lesbian masturbation titts pregnant .zip.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\norwegian lingerie [bangbus] .mpg.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\asian xxx [milf] balls .rar.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\gang bang blowjob full movie feet (Sonja,Samantha).zip.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\african lingerie sleeping cock .rar.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\lesbian sleeping .rar.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\lingerie hidden mature (Anniston,Janette).rar.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\japanese cum beast lesbian black hairunshaved .avi.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\norwegian gay [free] (Tatjana).avi.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\bukkake masturbation YEâPSè& .mpg.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\lingerie full movie titts black hairunshaved .zip.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\gang bang sperm hidden hole swallow .zip.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\fucking licking .mpeg.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\CbsTemp\american beastiality horse [milf] (Liz).avi.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\action lingerie catfight 50+ (Sonja,Karin).mpg.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\trambling big wifey .mpg.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\indian nude xxx voyeur glans sm (Jade).avi.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\sperm sleeping .avi.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\chinese sperm girls (Melissa).rar.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\assembly\temp\japanese beastiality blowjob hidden latex .mpg.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\danish animal xxx [milf] redhair .rar.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\spanish beast catfight .avi.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\spanish blowjob catfight circumcision .mpg.exe	939a70007d4c4ae6f2b45f5fcc49cf70N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2912	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
2912	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
3284	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
3284	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
2912	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
2912	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
2532	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
2532	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
5028	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
5028	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
3284	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
3284	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
2912	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
2912	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
804	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
804	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
3252	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
3252	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
1468	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
1468	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
1732	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
1732	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
5028	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
5028	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
3284	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
3284	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
2912	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
2912	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
2532	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
2532	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
2772	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
2772	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
4432	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
4432	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
804	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
804	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
4116	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
4116	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
3284	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
3284	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
368	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
368	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
2484	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
2484	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
5028	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
5028	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
2532	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
2532	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
3832	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
3832	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
2912	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
2912	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
3252	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
3252	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
1896	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
1896	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
1468	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
1468	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
2760	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
2760	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
1732	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
1732	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
1836	939a70007d4c4ae6f2b45f5fcc49cf70N.exe
1836	939a70007d4c4ae6f2b45f5fcc49cf70N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 3284	2912	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	89
PID 2912 wrote to memory of 3284	2912	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	89
PID 2912 wrote to memory of 3284	2912	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	89
PID 3284 wrote to memory of 2532	3284	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	94
PID 3284 wrote to memory of 2532	3284	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	94
PID 3284 wrote to memory of 2532	3284	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	94
PID 2912 wrote to memory of 5028	2912	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	95
PID 2912 wrote to memory of 5028	2912	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	95
PID 2912 wrote to memory of 5028	2912	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	95
PID 3284 wrote to memory of 804	3284	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	96
PID 3284 wrote to memory of 804	3284	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	96
PID 3284 wrote to memory of 804	3284	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	96
PID 5028 wrote to memory of 3252	5028	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	98
PID 5028 wrote to memory of 3252	5028	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	98
PID 5028 wrote to memory of 3252	5028	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	98
PID 2912 wrote to memory of 1468	2912	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	99
PID 2912 wrote to memory of 1468	2912	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	99
PID 2912 wrote to memory of 1468	2912	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	99
PID 2532 wrote to memory of 1732	2532	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	100
PID 2532 wrote to memory of 1732	2532	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	100
PID 2532 wrote to memory of 1732	2532	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	100
PID 804 wrote to memory of 2772	804	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	101
PID 804 wrote to memory of 2772	804	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	101
PID 804 wrote to memory of 2772	804	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	101
PID 3284 wrote to memory of 4432	3284	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	102
PID 3284 wrote to memory of 4432	3284	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	102
PID 3284 wrote to memory of 4432	3284	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	102
PID 5028 wrote to memory of 4116	5028	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	103
PID 5028 wrote to memory of 4116	5028	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	103
PID 5028 wrote to memory of 4116	5028	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	103
PID 2532 wrote to memory of 368	2532	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	104
PID 2532 wrote to memory of 368	2532	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	104
PID 2532 wrote to memory of 368	2532	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	104
PID 3252 wrote to memory of 2484	3252	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	105
PID 3252 wrote to memory of 2484	3252	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	105
PID 3252 wrote to memory of 2484	3252	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	105
PID 2912 wrote to memory of 3832	2912	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	106
PID 2912 wrote to memory of 3832	2912	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	106
PID 2912 wrote to memory of 3832	2912	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	106
PID 1468 wrote to memory of 1896	1468	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	107
PID 1468 wrote to memory of 1896	1468	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	107
PID 1468 wrote to memory of 1896	1468	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	107
PID 1732 wrote to memory of 2760	1732	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	108
PID 1732 wrote to memory of 2760	1732	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	108
PID 1732 wrote to memory of 2760	1732	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	108
PID 804 wrote to memory of 1836	804	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	110
PID 804 wrote to memory of 1836	804	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	110
PID 804 wrote to memory of 1836	804	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	110
PID 2772 wrote to memory of 2388	2772	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	111
PID 2772 wrote to memory of 2388	2772	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	111
PID 2772 wrote to memory of 2388	2772	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	111
PID 3284 wrote to memory of 4760	3284	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	112
PID 3284 wrote to memory of 4760	3284	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	112
PID 3284 wrote to memory of 4760	3284	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	112
PID 4432 wrote to memory of 2812	4432	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	113
PID 4432 wrote to memory of 2812	4432	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	113
PID 4432 wrote to memory of 2812	4432	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	113
PID 5028 wrote to memory of 4488	5028	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	114
PID 5028 wrote to memory of 4488	5028	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	114
PID 5028 wrote to memory of 4488	5028	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	114
PID 2532 wrote to memory of 4344	2532	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	115
PID 2532 wrote to memory of 4344	2532	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	115
PID 2532 wrote to memory of 4344	2532	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	115
PID 2912 wrote to memory of 3280	2912	939a70007d4c4ae6f2b45f5fcc49cf70N.exe	116

C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
"C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
  "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3284
- - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
    "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2532
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:2760
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:3592
        
        C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        7⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        8⤵
        
        PID:536
        
        C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        8⤵
        
        PID:1748
        
        C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        7⤵
        
        PID:5956
        
        C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        8⤵
        
        PID:10252
        
        C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        8⤵
        
        PID:13592
        
        C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        8⤵
        
        PID:20976
        
        C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        7⤵
        
        PID:7752
        
        C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        8⤵
        
        PID:16520
        
        C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        7⤵
        
        PID:10096
        
        C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        7⤵
        
        PID:13640
        
        C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        7⤵
        
        PID:21012
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:5672
        
        C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        7⤵
        
        PID:12788
        
        C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        7⤵
        
        PID:17784
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        7⤵
        
        PID:12188
        
        C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        7⤵
        
        PID:16780
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:7712
        
        C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        7⤵
        
        PID:6524
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:10144
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:13724
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:21304
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:116
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        7⤵
        
        PID:13080
        
        C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        7⤵
        
        PID:17760
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:5892
        
        C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        7⤵
        
        PID:12276
        
        C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        7⤵
        
        PID:16796
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:7704
        
        C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        7⤵
        
        PID:20772
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:10064
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:12928
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:17532
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:5404
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:13284
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:18632
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:5820
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:12148
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:16732
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:7588
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:16440
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:10500
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:13732
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:21368
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:368
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:1064
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:5664
        
        C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        7⤵
        
        PID:11592
        
        C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        7⤵
        
        PID:16832
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        7⤵
        
        PID:13032
        
        C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        7⤵
        
        PID:17564
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:7740
        
        C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        7⤵
        
        PID:21544
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:10136
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:13568
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:20928
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:5640
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:13276
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:19468
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:5916
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:13072
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:17776
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:7696
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:16500
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:10056
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:11912
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:13300
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:18624
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:4344
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:5396
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:11728
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:16560
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:5812
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:12640
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:17800
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:7628
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:17720
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:10128
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:13648
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:3656
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:12716
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:17752
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:5780
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:13308
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:18956
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:7412
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:12196
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:18608
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:10440
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:13768
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:21288
- - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
    "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:804
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2772
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        Checks computer location settings
        
        PID:2388
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        7⤵
        
        PID:13056
        
        C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        7⤵
        
        PID:17696
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        7⤵
        
        PID:11396
        
        C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        7⤵
        
        PID:16432
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:7240
        
        C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        7⤵
        
        PID:13008
        
        C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        7⤵
        
        PID:17616
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:10300
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:13776
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:21280
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:5128
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:12268
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:17540
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:5732
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:11752
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:16788
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:7256
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:11760
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:17664
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:10160
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:13600
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:21020
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:1836
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:1432
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:12764
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:17768
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:5724
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:12140
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:18584
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:7248
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:11628
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:16536
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:10168
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:13584
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:20968
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:4752
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:11640
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:16592
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:5708
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:13292
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:18828
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:7232
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:11404
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:16416
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:10308
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:13664
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:380
- - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
    "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4432
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:5200
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:13064
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:17744
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:5756
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:13252
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:18568
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:7372
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:13040
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:17580
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:10208
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:13616
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:20984
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:5192
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:12156
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:16740
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:5740
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:13200
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:18424
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:7320
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:12560
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:17656
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:10152
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:13608
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:3572
- - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
    "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
    3⤵
    PID:4760
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:5216
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:12796
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:17688
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:5772
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:12164
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:16772
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:7380
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:10260
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:13716
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:21328
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:10412
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:13752
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:21272
- - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
    "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
    3⤵
    PID:5156
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:12976
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:17640
- - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
    "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
    3⤵
    PID:5744
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:13268
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:18816
- - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
    "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
    3⤵
    PID:7312
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:11784
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:16672
- - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
    "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
    3⤵
    PID:10316
- - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
    "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
    3⤵
    PID:13656
- - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
    "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
    3⤵
    PID:21320
- C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
  "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:5028
- - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
    "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3252
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:2484
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:4528
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:5680
        
        C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        7⤵
        
        PID:12096
        
        C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        7⤵
        
        PID:16716
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:5940
        
        C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        7⤵
        
        PID:10244
        
        C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        7⤵
        
        PID:13624
        
        C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        7⤵
        
        PID:21296
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        7⤵
        
        PID:16484
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:10080
        
        C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        7⤵
        
        PID:9816
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:13016
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:17608
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:5536
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:12772
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:16372
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:5884
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:12780
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:17712
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:7644
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:7040
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:10516
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:13880
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:4004
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:632
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:5444
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:12732
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:17572
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:5852
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:12668
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:17648
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:7620
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:21536
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:10508
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:13968
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:21728
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:5304
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:11620
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:16552
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:5796
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:13260
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:18576
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:7488
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:13244
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:1260
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:10424
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:13872
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:21336
- - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
    "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4116
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:4916
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:5492
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:11672
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:16568
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:5868
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:2684
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:19460
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:7612
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:2196
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:10456
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:13784
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:4744
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:5412
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:13024
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:17736
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:5836
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:12532
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:17808
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:7596
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:16468
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:10292
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:15064
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:7192
- - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
    "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
    3⤵
    PID:4488
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:5384
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:11664
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:16584
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:5844
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:12172
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:18616
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:7604
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:20892
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:10448
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:13804
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:21312
- - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
    "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
    3⤵
    PID:5208
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:12212
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:16748
- - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
    "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
    3⤵
    PID:5764
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:12204
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:16756
- - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
    "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
    3⤵
    PID:7424
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:12700
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:17524
- - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
    "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
    3⤵
    PID:10432
- - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
    "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
    3⤵
    PID:13760
- - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
    "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
    3⤵
    PID:21264
- C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
  "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1468
- - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
    "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:1896
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:4456
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:5688
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:12968
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:17548
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:10268
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:13632
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:21356
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:7772
      - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        6⤵
        
        PID:16804
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:10088
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:13320
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:20764
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:5632
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:11792
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:18592
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:5908
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:12748
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:17704
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:7728
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:16724
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:10120
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:13576
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:20960
- - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
    "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
    3⤵
    PID:1632
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:5472
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:12260
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:17516
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:5860
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:12756
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:17556
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:7760
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:16452
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:10112
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:15076
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:7164
- - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
    "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
    3⤵
    PID:5296
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:4936
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:20756
- - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
    "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
    3⤵
    PID:5788
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:12180
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:18600
- - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
    "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
    3⤵
    PID:7480
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:12128
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:16764
- - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
    "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
    3⤵
    PID:10072
- - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
    "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
    3⤵
    PID:12952
- - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
    "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
    3⤵
    PID:17680
- C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
  "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:3832
- - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
    "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
    3⤵
    PID:3804
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:5596
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:11744
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:16608
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:5900
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:12680
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:17792
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:7836
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:16460
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:10104
    - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
        5⤵
        
        PID:9668
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:14064
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:6060
- - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
    "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
    3⤵
    PID:5516
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:12724
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:17624
- - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
    "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
    3⤵
    PID:5876
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:12960
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:17632
- - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
    "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
    3⤵
    PID:7652
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:11656
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:16544
- - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
    "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
    3⤵
    PID:10480
- - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
    "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
    3⤵
    PID:14384
- - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
    "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
    3⤵
    PID:5988
- C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
  "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
  2⤵
  PID:3280
- - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
    "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
    3⤵
    PID:5376
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:11768
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:16600
- - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
    "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
    3⤵
    PID:5828
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:13048
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:17672
- - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
    "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
    3⤵
    PID:7636
  - - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
      "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
      4⤵
      PID:16476
- - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
    "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
    3⤵
    PID:10464
- - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
    "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
    3⤵
    PID:13796
- - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
    "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
    3⤵
    PID:2964
- C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
  "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
  2⤵
  PID:5324
- - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
    "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
    3⤵
    PID:11412
- - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
    "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
    3⤵
    PID:16424
- C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
  "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
  2⤵
  PID:5804
- - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
    "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
    3⤵
    PID:12740
- - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
    "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
    3⤵
    PID:17728
- C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
  "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
  2⤵
  PID:7576
- - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
    "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
    3⤵
    PID:11776
- - C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
    "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
    3⤵
    PID:16576
- C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
  "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
  2⤵
  PID:10472
- C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
  "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
  2⤵
  PID:14532
- C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe
  "C:\Users\Admin\AppData\Local\Temp\939a70007d4c4ae6f2b45f5fcc49cf70N.exe"
  2⤵
  PID:6176

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\danish cum trambling [milf] .mpg.exe

Filesize
1.2MB

MD5
9e3e45deba1b4114ac716f716d74856e

SHA1
0a896208b960e3228715ae8f5bea33ccdd8810b1

SHA256
40f1f7f2ecbba6810db943c4c08960a716c02c004e4b155783c7e7ab2a695a76

SHA512
c416775b66fcbc5ee8766aa99f9989662a14c31f3c7075f4edd19e22fe0ea16deffb048fe0847bee6c5137810096c33ad7ce928e16d1986b3b5dd2b751d6c218

Download Submit
C:\debug.txt

Filesize
146B

MD5
58883567720ba59e672d900d9e3a7ee4

SHA1
ee2f90e4ddd85e3437086150f53ee3fd37bb7c64

SHA256
e38e6b453b9fdd4653173d31cc544463b3ce6121ae562680afd2585591e96911

SHA512
93ea3374c355c42e2b3b642124bcf9712f4291f8df30fe8bb1b310dc75b2ad37d36eff36a1185af9089ced8e3b8b16fd350f7f079ed9ec536ea79e4d6e535202

Download Submit