74dc119b87c1698eb30022a9b61fca3f03593e865cd3ce870b25fa158d84da1a

Analysis

max time kernel
13s
max time network
107s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
11/07/2024, 23:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

16a675f2948390aeb33a9cf20cce3e10N.exe
Size

981KB
MD5

16a675f2948390aeb33a9cf20cce3e10
SHA1

eceaad832ee8a688b13f2044f65f24a94a7a1d24
SHA256

74dc119b87c1698eb30022a9b61fca3f03593e865cd3ce870b25fa158d84da1a
SHA512

06b63dc84463d1bce66cff077627c57888f23a7408513ffdc70f7e43942958aba303d4ac9205e0d87a0b341654b18d64f8db67d2a1cf4957e28c732ba86fabda
SSDEEP

24576:sWYcS4osO7GU+d/Z+FG1i8qNRkFgq9bbD0X:BYcS41uN+ZN4RHAgq90X

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	16a675f2948390aeb33a9cf20cce3e10N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	16a675f2948390aeb33a9cf20cce3e10N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	16a675f2948390aeb33a9cf20cce3e10N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	16a675f2948390aeb33a9cf20cce3e10N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	16a675f2948390aeb33a9cf20cce3e10N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	16a675f2948390aeb33a9cf20cce3e10N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	16a675f2948390aeb33a9cf20cce3e10N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	16a675f2948390aeb33a9cf20cce3e10N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	16a675f2948390aeb33a9cf20cce3e10N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	16a675f2948390aeb33a9cf20cce3e10N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	16a675f2948390aeb33a9cf20cce3e10N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	16a675f2948390aeb33a9cf20cce3e10N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	16a675f2948390aeb33a9cf20cce3e10N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	16a675f2948390aeb33a9cf20cce3e10N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	16a675f2948390aeb33a9cf20cce3e10N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	16a675f2948390aeb33a9cf20cce3e10N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	16a675f2948390aeb33a9cf20cce3e10N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	16a675f2948390aeb33a9cf20cce3e10N.exe
File opened (read-only)	\??\K:	16a675f2948390aeb33a9cf20cce3e10N.exe
File opened (read-only)	\??\L:	16a675f2948390aeb33a9cf20cce3e10N.exe
File opened (read-only)	\??\M:	16a675f2948390aeb33a9cf20cce3e10N.exe
File opened (read-only)	\??\N:	16a675f2948390aeb33a9cf20cce3e10N.exe
File opened (read-only)	\??\R:	16a675f2948390aeb33a9cf20cce3e10N.exe
File opened (read-only)	\??\E:	16a675f2948390aeb33a9cf20cce3e10N.exe
File opened (read-only)	\??\H:	16a675f2948390aeb33a9cf20cce3e10N.exe
File opened (read-only)	\??\V:	16a675f2948390aeb33a9cf20cce3e10N.exe
File opened (read-only)	\??\Y:	16a675f2948390aeb33a9cf20cce3e10N.exe
File opened (read-only)	\??\T:	16a675f2948390aeb33a9cf20cce3e10N.exe
File opened (read-only)	\??\U:	16a675f2948390aeb33a9cf20cce3e10N.exe
File opened (read-only)	\??\A:	16a675f2948390aeb33a9cf20cce3e10N.exe
File opened (read-only)	\??\G:	16a675f2948390aeb33a9cf20cce3e10N.exe
File opened (read-only)	\??\I:	16a675f2948390aeb33a9cf20cce3e10N.exe
File opened (read-only)	\??\O:	16a675f2948390aeb33a9cf20cce3e10N.exe
File opened (read-only)	\??\Q:	16a675f2948390aeb33a9cf20cce3e10N.exe
File opened (read-only)	\??\S:	16a675f2948390aeb33a9cf20cce3e10N.exe
File opened (read-only)	\??\X:	16a675f2948390aeb33a9cf20cce3e10N.exe
File opened (read-only)	\??\B:	16a675f2948390aeb33a9cf20cce3e10N.exe
File opened (read-only)	\??\P:	16a675f2948390aeb33a9cf20cce3e10N.exe
File opened (read-only)	\??\W:	16a675f2948390aeb33a9cf20cce3e10N.exe
File opened (read-only)	\??\Z:	16a675f2948390aeb33a9cf20cce3e10N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\Temp\fucking [free] feet swallow .mpeg.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\SysWOW64\FxsTmp\fucking sperm licking hole .avi.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\black beastiality lesbian girls hairy .avi.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\black trambling voyeur balls .zip.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\black animal fucking sleeping .mpg.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\asian gay girls sweet (Sylvia).zip.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\chinese bukkake sleeping hole sweet (Sonja).avi.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\handjob voyeur titts sweet (Karin,Karin).mpeg.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\lesbian voyeur redhair (Janette).mpg.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\italian lingerie licking .mpeg.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\SysWOW64\FxsTmp\asian gay gang bang full movie hole (Christine).mpeg.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\gay handjob full movie circumcision .mpeg.exe	16a675f2948390aeb33a9cf20cce3e10N.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\canadian horse licking swallow .avi.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\french animal bukkake catfight bedroom .mpg.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\british blowjob girls YEâPSè& .mpeg.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\african animal beastiality masturbation .mpeg.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Program Files (x86)\Google\Update\Download\beastiality big feet ejaculation (Liz,Sonja).zip.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\american animal lesbian titts (Britney,Sonja).zip.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Program Files\Microsoft Office\root\Templates\lingerie big feet boots .zip.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\brasilian lingerie action public legs latex .mpg.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\italian lingerie catfight boobs .avi.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\american cumshot several models stockings .zip.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\brasilian cumshot [bangbus] ¼ë .zip.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Program Files\Common Files\microsoft shared\malaysia action [bangbus] .mpeg.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Program Files\dotnet\shared\bukkake cumshot voyeur girly .mpg.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\blowjob hardcore masturbation mature .mpg.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\malaysia beast nude big leather (Anniston,Jade).zip.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\italian gang bang hidden .zip.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Program Files (x86)\Google\Temp\beastiality cum licking .avi.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Program Files (x86)\Microsoft\Temp\sperm [milf] cock circumcision .mpeg.exe	16a675f2948390aeb33a9cf20cce3e10N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\spanish fucking licking 50+ .avi.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\french gang bang [free] high heels .avi.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\swedish bukkake kicking lesbian .rar.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\canadian horse sleeping black hairunshaved .rar.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\asian blowjob blowjob licking .mpeg.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\blowjob beastiality several models lady .zip.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\xxx lesbian girls .zip.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\japanese fetish [milf] titts .mpg.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\horse lingerie hot (!) .rar.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\blowjob [bangbus] .avi.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\porn fucking lesbian .zip.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\danish gang bang voyeur (Liz).mpeg.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\canadian porn [bangbus] mature .avi.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\japanese nude trambling masturbation vagina .rar.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\bukkake fetish big circumcision .avi.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\sperm beastiality [bangbus] stockings .mpeg.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\trambling catfight gorgeoushorny .rar.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\malaysia sperm [free] latex .mpeg.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\american bukkake [free] cock balls .mpeg.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\fetish gang bang sleeping young .mpeg.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\chinese hardcore uncut mistress .avi.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\horse [milf] .mpg.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\japanese porn masturbation .avi.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\swedish action fucking licking titts hotel .mpeg.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\cumshot sperm [bangbus] .avi.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\assembly\tmp\french gay fetish public (Britney).avi.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\norwegian cumshot lingerie public (Jade).avi.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\american nude sleeping legs YEâPSè& .avi.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\canadian fucking lingerie hot (!) black hairunshaved .avi.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\spanish cumshot hardcore hot (!) .avi.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\hardcore [bangbus] balls .mpg.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\sperm hardcore hot (!) penetration .avi.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\chinese lesbian [milf] (Sylvia,Anniston).rar.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\norwegian trambling big .avi.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\brasilian kicking masturbation (Samantha).zip.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\animal beast [milf] bondage .mpg.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\asian cumshot animal big .zip.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\bukkake horse big hole sm (Melissa).zip.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\CbsTemp\cumshot fucking licking .avi.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\security\templates\gang bang [bangbus] upskirt (Karin).mpeg.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\SoftwareDistribution\Download\cum beast girls feet latex (Sonja).rar.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\PLA\Templates\swedish fetish several models legs lady (Samantha,Liz).avi.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\spanish trambling lesbian voyeur titts .zip.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\fetish action voyeur .mpeg.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\chinese cum porn lesbian hole swallow (Ashley).mpg.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\spanish animal hot (!) .mpg.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\asian horse hidden (Tatjana,Curtney).avi.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\assembly\temp\french gay hot (!) mistress (Sandy,Samantha).zip.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\british lesbian beastiality [free] girly .rar.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\german lesbian [bangbus] .avi.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\spanish blowjob lesbian castration .avi.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\swedish action several models .rar.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\fetish bukkake uncut gorgeoushorny .mpg.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\danish action blowjob big .mpeg.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\InputMethod\SHARED\fetish blowjob [free] cock .mpeg.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\black beastiality full movie blondie .zip.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\animal hardcore [milf] 50+ .rar.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\brasilian hardcore full movie wifey .zip.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\norwegian porn [bangbus] nipples .mpeg.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\canadian animal girls feet castration .mpeg.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\american cum voyeur legs fishy .mpeg.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\indian beast lesbian feet beautyfull .rar.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\gang bang cumshot uncut mistress .mpg.exe	16a675f2948390aeb33a9cf20cce3e10N.exe
File created	C:\Windows\mssrv.exe	16a675f2948390aeb33a9cf20cce3e10N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
968	16a675f2948390aeb33a9cf20cce3e10N.exe
968	16a675f2948390aeb33a9cf20cce3e10N.exe
4196	16a675f2948390aeb33a9cf20cce3e10N.exe
4196	16a675f2948390aeb33a9cf20cce3e10N.exe
968	16a675f2948390aeb33a9cf20cce3e10N.exe
968	16a675f2948390aeb33a9cf20cce3e10N.exe
4376	16a675f2948390aeb33a9cf20cce3e10N.exe
4376	16a675f2948390aeb33a9cf20cce3e10N.exe
4972	16a675f2948390aeb33a9cf20cce3e10N.exe
4972	16a675f2948390aeb33a9cf20cce3e10N.exe
968	16a675f2948390aeb33a9cf20cce3e10N.exe
968	16a675f2948390aeb33a9cf20cce3e10N.exe
4196	16a675f2948390aeb33a9cf20cce3e10N.exe
4196	16a675f2948390aeb33a9cf20cce3e10N.exe
32	16a675f2948390aeb33a9cf20cce3e10N.exe
32	16a675f2948390aeb33a9cf20cce3e10N.exe
2564	16a675f2948390aeb33a9cf20cce3e10N.exe
2564	16a675f2948390aeb33a9cf20cce3e10N.exe
968	16a675f2948390aeb33a9cf20cce3e10N.exe
968	16a675f2948390aeb33a9cf20cce3e10N.exe
4028	16a675f2948390aeb33a9cf20cce3e10N.exe
4028	16a675f2948390aeb33a9cf20cce3e10N.exe
1944	16a675f2948390aeb33a9cf20cce3e10N.exe
1944	16a675f2948390aeb33a9cf20cce3e10N.exe
4376	16a675f2948390aeb33a9cf20cce3e10N.exe
4376	16a675f2948390aeb33a9cf20cce3e10N.exe
4196	16a675f2948390aeb33a9cf20cce3e10N.exe
4196	16a675f2948390aeb33a9cf20cce3e10N.exe
4972	16a675f2948390aeb33a9cf20cce3e10N.exe
4972	16a675f2948390aeb33a9cf20cce3e10N.exe
4572	16a675f2948390aeb33a9cf20cce3e10N.exe
4572	16a675f2948390aeb33a9cf20cce3e10N.exe
2172	16a675f2948390aeb33a9cf20cce3e10N.exe
2172	16a675f2948390aeb33a9cf20cce3e10N.exe
32	16a675f2948390aeb33a9cf20cce3e10N.exe
32	16a675f2948390aeb33a9cf20cce3e10N.exe
968	16a675f2948390aeb33a9cf20cce3e10N.exe
968	16a675f2948390aeb33a9cf20cce3e10N.exe
2332	16a675f2948390aeb33a9cf20cce3e10N.exe
1552	16a675f2948390aeb33a9cf20cce3e10N.exe
2332	16a675f2948390aeb33a9cf20cce3e10N.exe
1552	16a675f2948390aeb33a9cf20cce3e10N.exe
5084	16a675f2948390aeb33a9cf20cce3e10N.exe
5084	16a675f2948390aeb33a9cf20cce3e10N.exe
4196	16a675f2948390aeb33a9cf20cce3e10N.exe
4196	16a675f2948390aeb33a9cf20cce3e10N.exe
4972	16a675f2948390aeb33a9cf20cce3e10N.exe
4972	16a675f2948390aeb33a9cf20cce3e10N.exe
4376	16a675f2948390aeb33a9cf20cce3e10N.exe
4376	16a675f2948390aeb33a9cf20cce3e10N.exe
1988	16a675f2948390aeb33a9cf20cce3e10N.exe
1988	16a675f2948390aeb33a9cf20cce3e10N.exe
5004	16a675f2948390aeb33a9cf20cce3e10N.exe
5004	16a675f2948390aeb33a9cf20cce3e10N.exe
4480	16a675f2948390aeb33a9cf20cce3e10N.exe
4480	16a675f2948390aeb33a9cf20cce3e10N.exe
2564	16a675f2948390aeb33a9cf20cce3e10N.exe
1944	16a675f2948390aeb33a9cf20cce3e10N.exe
2564	16a675f2948390aeb33a9cf20cce3e10N.exe
1944	16a675f2948390aeb33a9cf20cce3e10N.exe
4028	16a675f2948390aeb33a9cf20cce3e10N.exe
4028	16a675f2948390aeb33a9cf20cce3e10N.exe
4448	16a675f2948390aeb33a9cf20cce3e10N.exe
4448	16a675f2948390aeb33a9cf20cce3e10N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 968 wrote to memory of 4196	968	16a675f2948390aeb33a9cf20cce3e10N.exe	86
PID 968 wrote to memory of 4196	968	16a675f2948390aeb33a9cf20cce3e10N.exe	86
PID 968 wrote to memory of 4196	968	16a675f2948390aeb33a9cf20cce3e10N.exe	86
PID 968 wrote to memory of 4376	968	16a675f2948390aeb33a9cf20cce3e10N.exe	87
PID 968 wrote to memory of 4376	968	16a675f2948390aeb33a9cf20cce3e10N.exe	87
PID 968 wrote to memory of 4376	968	16a675f2948390aeb33a9cf20cce3e10N.exe	87
PID 4196 wrote to memory of 4972	4196	16a675f2948390aeb33a9cf20cce3e10N.exe	88
PID 4196 wrote to memory of 4972	4196	16a675f2948390aeb33a9cf20cce3e10N.exe	88
PID 4196 wrote to memory of 4972	4196	16a675f2948390aeb33a9cf20cce3e10N.exe	88
PID 968 wrote to memory of 32	968	16a675f2948390aeb33a9cf20cce3e10N.exe	89
PID 968 wrote to memory of 32	968	16a675f2948390aeb33a9cf20cce3e10N.exe	89
PID 968 wrote to memory of 32	968	16a675f2948390aeb33a9cf20cce3e10N.exe	89
PID 4376 wrote to memory of 2564	4376	16a675f2948390aeb33a9cf20cce3e10N.exe	90
PID 4376 wrote to memory of 2564	4376	16a675f2948390aeb33a9cf20cce3e10N.exe	90
PID 4376 wrote to memory of 2564	4376	16a675f2948390aeb33a9cf20cce3e10N.exe	90
PID 4196 wrote to memory of 4028	4196	16a675f2948390aeb33a9cf20cce3e10N.exe	91
PID 4196 wrote to memory of 4028	4196	16a675f2948390aeb33a9cf20cce3e10N.exe	91
PID 4196 wrote to memory of 4028	4196	16a675f2948390aeb33a9cf20cce3e10N.exe	91
PID 4972 wrote to memory of 1944	4972	16a675f2948390aeb33a9cf20cce3e10N.exe	92
PID 4972 wrote to memory of 1944	4972	16a675f2948390aeb33a9cf20cce3e10N.exe	92
PID 4972 wrote to memory of 1944	4972	16a675f2948390aeb33a9cf20cce3e10N.exe	92
PID 32 wrote to memory of 4572	32	16a675f2948390aeb33a9cf20cce3e10N.exe	93
PID 32 wrote to memory of 4572	32	16a675f2948390aeb33a9cf20cce3e10N.exe	93
PID 32 wrote to memory of 4572	32	16a675f2948390aeb33a9cf20cce3e10N.exe	93
PID 968 wrote to memory of 2172	968	16a675f2948390aeb33a9cf20cce3e10N.exe	94
PID 968 wrote to memory of 2172	968	16a675f2948390aeb33a9cf20cce3e10N.exe	94
PID 968 wrote to memory of 2172	968	16a675f2948390aeb33a9cf20cce3e10N.exe	94
PID 4376 wrote to memory of 2332	4376	16a675f2948390aeb33a9cf20cce3e10N.exe	95
PID 4376 wrote to memory of 2332	4376	16a675f2948390aeb33a9cf20cce3e10N.exe	95
PID 4376 wrote to memory of 2332	4376	16a675f2948390aeb33a9cf20cce3e10N.exe	95
PID 4196 wrote to memory of 5084	4196	16a675f2948390aeb33a9cf20cce3e10N.exe	96
PID 4196 wrote to memory of 5084	4196	16a675f2948390aeb33a9cf20cce3e10N.exe	96
PID 4196 wrote to memory of 5084	4196	16a675f2948390aeb33a9cf20cce3e10N.exe	96
PID 4972 wrote to memory of 1552	4972	16a675f2948390aeb33a9cf20cce3e10N.exe	97
PID 4972 wrote to memory of 1552	4972	16a675f2948390aeb33a9cf20cce3e10N.exe	97
PID 4972 wrote to memory of 1552	4972	16a675f2948390aeb33a9cf20cce3e10N.exe	97
PID 2564 wrote to memory of 5004	2564	16a675f2948390aeb33a9cf20cce3e10N.exe	98
PID 2564 wrote to memory of 5004	2564	16a675f2948390aeb33a9cf20cce3e10N.exe	98
PID 2564 wrote to memory of 5004	2564	16a675f2948390aeb33a9cf20cce3e10N.exe	98
PID 1944 wrote to memory of 1988	1944	16a675f2948390aeb33a9cf20cce3e10N.exe	99
PID 1944 wrote to memory of 1988	1944	16a675f2948390aeb33a9cf20cce3e10N.exe	99
PID 1944 wrote to memory of 1988	1944	16a675f2948390aeb33a9cf20cce3e10N.exe	99
PID 4028 wrote to memory of 4480	4028	16a675f2948390aeb33a9cf20cce3e10N.exe	100
PID 4028 wrote to memory of 4480	4028	16a675f2948390aeb33a9cf20cce3e10N.exe	100
PID 4028 wrote to memory of 4480	4028	16a675f2948390aeb33a9cf20cce3e10N.exe	100
PID 32 wrote to memory of 2668	32	16a675f2948390aeb33a9cf20cce3e10N.exe	101
PID 32 wrote to memory of 2668	32	16a675f2948390aeb33a9cf20cce3e10N.exe	101
PID 32 wrote to memory of 2668	32	16a675f2948390aeb33a9cf20cce3e10N.exe	101
PID 968 wrote to memory of 4448	968	16a675f2948390aeb33a9cf20cce3e10N.exe	102
PID 968 wrote to memory of 4448	968	16a675f2948390aeb33a9cf20cce3e10N.exe	102
PID 968 wrote to memory of 4448	968	16a675f2948390aeb33a9cf20cce3e10N.exe	102
PID 4972 wrote to memory of 3112	4972	16a675f2948390aeb33a9cf20cce3e10N.exe	104
PID 4972 wrote to memory of 3112	4972	16a675f2948390aeb33a9cf20cce3e10N.exe	104
PID 4972 wrote to memory of 3112	4972	16a675f2948390aeb33a9cf20cce3e10N.exe	104
PID 4572 wrote to memory of 2640	4572	16a675f2948390aeb33a9cf20cce3e10N.exe	103
PID 4572 wrote to memory of 2640	4572	16a675f2948390aeb33a9cf20cce3e10N.exe	103
PID 4572 wrote to memory of 2640	4572	16a675f2948390aeb33a9cf20cce3e10N.exe	103
PID 4376 wrote to memory of 2716	4376	16a675f2948390aeb33a9cf20cce3e10N.exe	105
PID 4376 wrote to memory of 2716	4376	16a675f2948390aeb33a9cf20cce3e10N.exe	105
PID 4376 wrote to memory of 2716	4376	16a675f2948390aeb33a9cf20cce3e10N.exe	105
PID 1944 wrote to memory of 2856	1944	16a675f2948390aeb33a9cf20cce3e10N.exe	107
PID 1944 wrote to memory of 2856	1944	16a675f2948390aeb33a9cf20cce3e10N.exe	107
PID 1944 wrote to memory of 2856	1944	16a675f2948390aeb33a9cf20cce3e10N.exe	107
PID 4196 wrote to memory of 448	4196	16a675f2948390aeb33a9cf20cce3e10N.exe	106

C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
"C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:968
- C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
  "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4196
- - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4972
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1944
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:1988
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:3212
        
        C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        7⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        8⤵
        
        PID:8256
        
        C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        9⤵
        
        PID:16188
        
        C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        8⤵
        
        PID:12464
        
        C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        8⤵
        
        PID:17940
        
        C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        7⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        8⤵
        
        PID:12740
        
        C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        8⤵
        
        PID:16888
        
        C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        7⤵
        
        PID:8620
        
        C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        8⤵
        
        PID:16008
        
        C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        7⤵
        
        PID:12400
        
        C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        7⤵
        
        PID:17904
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:5008
        
        C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        7⤵
        
        PID:8228
        
        C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        8⤵
        
        PID:16064
        
        C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        7⤵
        
        PID:12456
        
        C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        7⤵
        
        PID:17888
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        7⤵
        
        PID:12520
        
        C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        7⤵
        
        PID:19132
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:7564
        
        C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        7⤵
        
        PID:16620
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:10624
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:11796
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:16512
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:2856
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:5920
        
        C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        7⤵
        
        PID:8280
        
        C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        8⤵
        
        PID:16072
        
        C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        7⤵
        
        PID:12472
        
        C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        7⤵
        
        PID:16904
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        7⤵
        
        PID:12448
        
        C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        7⤵
        
        PID:17972
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:8640
        
        C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        7⤵
        
        PID:16984
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:12016
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:16380
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:4364
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:10612
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:11804
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:15732
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:6416
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:17524
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:9660
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:8364
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:12136
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:16028
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:1552
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:3644
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:5752
        
        C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        7⤵
        
        PID:10720
        
        C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        7⤵
        
        PID:11740
        
        C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        7⤵
        
        PID:15676
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:6320
        
        C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        7⤵
        
        PID:12536
        
        C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        7⤵
        
        PID:6148
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        7⤵
        
        PID:14924
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:12440
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:17852
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:2580
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:9328
        
        C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        7⤵
        
        PID:15460
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:11976
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:15628
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:6456
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:16920
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:9780
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:17772
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:11880
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:10636
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:3112
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:5712
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:9364
        
        C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        7⤵
        
        PID:16016
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:11936
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:15716
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:6328
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:16968
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:8444
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:16000
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:12424
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:17964
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:3724
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:9604
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:15040
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:11920
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:16472
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:6376
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:12124
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:16552
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:8556
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:16044
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:12360
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:16864
- - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4028
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4480
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:3528
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:5448
        
        C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        7⤵
        
        PID:9256
        
        C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        8⤵
        
        PID:3916
        
        C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        7⤵
        
        PID:11984
        
        C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        7⤵
        
        PID:15792
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:6384
        
        C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        7⤵
        
        PID:12732
        
        C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        7⤵
        
        PID:17948
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:8668
        
        C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        7⤵
        
        PID:15668
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:12056
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:15740
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:3908
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        7⤵
        
        PID:17764
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:9348
        
        C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        7⤵
        
        PID:15032
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:11944
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:15864
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:6072
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:12512
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:18436
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:7492
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:16936
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:10324
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:11820
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:16536
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:4956
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:5852
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:9620
        
        C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        7⤵
        
        PID:15000
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:12528
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:18452
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:6312
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:17212
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:8564
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:15536
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:12036
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:16480
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:1032
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:9564
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:14964
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:12048
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:15848
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:6440
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:16944
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:10036
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:11848
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:15800
- - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:5084
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:5064
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:10704
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:11764
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:16056
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:6368
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:13012
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:18380
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:8540
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:15976
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:12416
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:17896
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:4032
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:6952
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:17540
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:9356
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:15164
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:11952
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:15644
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:6064
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:12496
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:17956
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:7480
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:16928
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:10560
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:11812
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:15652
- - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
    3⤵
    PID:448
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:5760
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:9668
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:14956
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:11872
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:16528
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:6296
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:13004
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:18460
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:8596
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:15544
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:12392
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:17788
- - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
    3⤵
    PID:4932
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:12112
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:17748
- - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
    3⤵
    PID:6424
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:16108
- - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
    3⤵
    PID:9628
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:15276
- - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
    3⤵
    PID:12144
- - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
    3⤵
    PID:16036
- C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
  "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4376
- - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2564
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:5004
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:1388
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        7⤵
        
        PID:12488
        
        C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        7⤵
        
        PID:18468
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:6304
        
        C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        7⤵
        
        PID:17756
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:8572
        
        C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        7⤵
        
        PID:16100
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:12408
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:17912
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:4316
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:6796
        
        C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        7⤵
        
        PID:17532
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:9172
        
        C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        7⤵
        
        PID:15172
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:12000
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:15748
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:6028
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:10696
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:11756
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:15776
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:7440
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:16952
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:10180
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:11828
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:15856
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:2296
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:5728
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:9372
        
        C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        7⤵
        
        PID:15072
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:11928
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:15808
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:6336
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:12080
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:15824
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:8408
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:16880
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:12432
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:18424
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:1556
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:10028
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:11856
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:15992
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:6432
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:17228
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:9652
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:17980
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:11904
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:15636
- - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:2332
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:2464
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:5596
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:10660
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:11788
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:16732
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:6264
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:17392
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:8604
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:17880
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:12368
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:17780
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:1120
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:9236
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:15156
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:11992
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:15880
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:6448
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:17836
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:9636
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:15284
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:11864
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:16720
- - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
    3⤵
    PID:2716
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:5684
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:11732
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:15816
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:6352
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:12104
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:16544
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:8452
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:16080
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:11724
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:15268
- - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
    3⤵
    PID:2664
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:9340
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:15764
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:11968
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:16520
- - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
    3⤵
    PID:6272
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:17204
- - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
    3⤵
    PID:8124
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:16560
- - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
    3⤵
    PID:12480
- - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
    3⤵
    PID:16872
- C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
  "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:32
- - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4572
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:2640
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:5620
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:10688
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:11772
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:16180
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:6256
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:16960
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:8612
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:15612
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:12032
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:15840
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:3624
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:10712
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:8004
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:11780
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:15872
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:6408
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:17724
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:9748
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:13020
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:16912
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:11888
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:16816
- - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
    3⤵
    PID:2668
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:5692
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:9644
      - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        6⤵
        
        PID:17220
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:12152
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:16488
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:6344
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:12096
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:15832
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:8464
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:15984
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:12336
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:16856
- - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
    3⤵
    PID:3488
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:9244
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:15620
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:11960
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:15724
- - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
    3⤵
    PID:6400
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:17932
- - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
    3⤵
    PID:9084
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:15024
- - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
    3⤵
    PID:12024
- - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
    3⤵
    PID:15660
- C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
  "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:2172
- - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
    3⤵
    PID:3308
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:5628
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:10172
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:11836
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:15888
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:6360
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:13028
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:17844
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:8548
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:15756
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:12160
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:4368
- - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
    3⤵
    PID:4804
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:9092
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:15296
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:12008
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:15784
- - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
    3⤵
    PID:6080
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:12504
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:18444
- - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
    3⤵
    PID:7572
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:17332
- - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
    3⤵
    PID:10800
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:12888
- - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
    3⤵
    PID:11748
- - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
    3⤵
    PID:15684
- C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
  "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4448
- - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
    3⤵
    PID:5768
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:8628
    - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
        5⤵
        
        PID:15528
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:12176
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:16896
- - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
    3⤵
    PID:6288
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:12996
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:17380
- - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
    3⤵
    PID:8580
  - - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
      4⤵
      PID:15352
- - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
    3⤵
    PID:12088
- - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
    3⤵
    PID:16504
- C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
  "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
  2⤵
  PID:4004
- - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
    3⤵
    PID:9740
- - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
    3⤵
    PID:11896
- - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
    3⤵
    PID:16496
- C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
  "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
  2⤵
  PID:6392
- - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
    3⤵
    PID:16976
- C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
  "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
  2⤵
  PID:9004
- - C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
    3⤵
    PID:15304
- C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
  "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
  2⤵
  PID:12168
- C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe
  "C:\Users\Admin\AppData\Local\Temp\16a675f2948390aeb33a9cf20cce3e10N.exe"
  2⤵
  PID:2936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\blowjob hardcore masturbation mature .mpg.exe

Filesize
1.5MB

MD5
286f37e88ac8822fe129cb3ee518e73b

SHA1
cdb818b67dced22720a7db6d5f01e91e408a48fb

SHA256
c29a0b93b0cc03de475bf5ddb6b83aeefd8d09a8c47ea937709d0fa0ae3f91b9

SHA512
5a316cd9ade00c074a36e028ed061d9f9c7061a5f2922a9dd9c4f3e6cc16a94ceb64bdffab104afe99806329c119aa876c7555fd3f33d2fd58905fcdd058d6b6

Download Submit