6fdd26e9c7025d6952b7ab2f36828cb724b54127f061f5ebee3030f953950f96

Analysis

max time kernel
15s
max time network
85s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 22:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0982943ec76e3bad6c9c2715f1f1ac60N.exe
Size

2.0MB
MD5

0982943ec76e3bad6c9c2715f1f1ac60
SHA1

9716c3fd154636a65e62748f9e2babf2f438bc17
SHA256

6fdd26e9c7025d6952b7ab2f36828cb724b54127f061f5ebee3030f953950f96
SHA512

88d7da9532ae426bed4a2b5d42cb1dea9ce7f04df5a649a23530ceb2e41828d6b5b4232894343ebe167e920ea5cd01ab6d566ba3d2a2f96a2be8e047f5c4e64a
SSDEEP

49152:huoX8BWflZTtaicdqNn2AYliZfcCsBkJp/sMhNVUwY2MCidqTepYg:Asfz8iwqJkZCsWkMyZ2MCidpYg

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	0982943ec76e3bad6c9c2715f1f1ac60N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	0982943ec76e3bad6c9c2715f1f1ac60N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	0982943ec76e3bad6c9c2715f1f1ac60N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	0982943ec76e3bad6c9c2715f1f1ac60N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	0982943ec76e3bad6c9c2715f1f1ac60N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	0982943ec76e3bad6c9c2715f1f1ac60N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	0982943ec76e3bad6c9c2715f1f1ac60N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	0982943ec76e3bad6c9c2715f1f1ac60N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	0982943ec76e3bad6c9c2715f1f1ac60N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	0982943ec76e3bad6c9c2715f1f1ac60N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	0982943ec76e3bad6c9c2715f1f1ac60N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	0982943ec76e3bad6c9c2715f1f1ac60N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	0982943ec76e3bad6c9c2715f1f1ac60N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	0982943ec76e3bad6c9c2715f1f1ac60N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	0982943ec76e3bad6c9c2715f1f1ac60N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	0982943ec76e3bad6c9c2715f1f1ac60N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	0982943ec76e3bad6c9c2715f1f1ac60N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\V:	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File opened (read-only)	\??\E:	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File opened (read-only)	\??\G:	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File opened (read-only)	\??\I:	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File opened (read-only)	\??\M:	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File opened (read-only)	\??\R:	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File opened (read-only)	\??\T:	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File opened (read-only)	\??\A:	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File opened (read-only)	\??\J:	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File opened (read-only)	\??\L:	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File opened (read-only)	\??\S:	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File opened (read-only)	\??\U:	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File opened (read-only)	\??\H:	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File opened (read-only)	\??\K:	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File opened (read-only)	\??\N:	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File opened (read-only)	\??\O:	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File opened (read-only)	\??\Y:	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File opened (read-only)	\??\B:	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File opened (read-only)	\??\P:	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File opened (read-only)	\??\Q:	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File opened (read-only)	\??\W:	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File opened (read-only)	\??\X:	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File opened (read-only)	\??\Z:	0982943ec76e3bad6c9c2715f1f1ac60N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\IME\SHARED\black beastiality beast [bangbus] .zip.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\american horse beast masturbation boots .zip.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\SysWOW64\FxsTmp\italian action gay lesbian (Karin).zip.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\japanese animal xxx lesbian feet .mpeg.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\indian handjob blowjob [free] feet (Sandy,Sylvia).zip.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\SysWOW64\FxsTmp\cumshot lingerie uncut .avi.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\System32\DriverStore\Temp\blowjob big .rar.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\trambling voyeur sweet .avi.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\brasilian gang bang trambling [milf] girly .mpeg.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\gay big beautyfull .avi.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\brasilian nude hardcore masturbation feet bedroom .avi.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\horse [free] feet lady (Liz).rar.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\russian gang bang beast uncut titts .mpg.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\indian porn horse voyeur granny .rar.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\african hardcore girls cock (Anniston,Sylvia).mpg.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\brasilian gang bang trambling several models .avi.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\beast sleeping glans leather .zip.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Program Files (x86)\Google\Update\Download\sperm [free] feet shoes .rar.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\trambling big (Samantha).rar.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\swedish handjob xxx [bangbus] hole sweet .mpeg.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Program Files\Common Files\microsoft shared\american gang bang fucking voyeur feet .mpeg.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Program Files\Microsoft Office\root\Templates\russian beastiality bukkake lesbian gorgeoushorny .rar.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\fucking [free] (Melissa).mpeg.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\black kicking blowjob full movie titts high heels .avi.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\brasilian cumshot bukkake [milf] YEâPSè& .mpeg.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\japanese porn lingerie hidden redhair .zip.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\gay uncut titts upskirt (Jade).avi.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Program Files (x86)\Google\Temp\black kicking blowjob big hole .mpg.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\bukkake [bangbus] titts sm .mpg.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Program Files (x86)\Microsoft\Temp\swedish porn horse hot (!) .zip.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\french beast licking .zip.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\gay licking titts .mpeg.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\lingerie uncut shoes (Kathrin,Curtney).avi.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\swedish cum beast several models bedroom .avi.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\cumshot lesbian masturbation Ôï .mpeg.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\indian cum hardcore girls pregnant (Ashley,Samantha).rar.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\kicking blowjob [milf] cock sweet (Melissa).rar.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\british beast catfight traffic (Christine,Liz).avi.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\chinese horse [free] Ôï (Sonja,Samantha).mpeg.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\norwegian blowjob hidden fishy .rar.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\blowjob public redhair .mpeg.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\asian sperm hot (!) circumcision .mpeg.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\russian gang bang beast sleeping upskirt (Christine,Janette).mpeg.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\porn gay full movie glans blondie .zip.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\mssrv.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\PLA\Templates\gay [bangbus] mistress .rar.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\indian nude lesbian several models (Janette).zip.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\malaysia beast catfight hole traffic .avi.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\spanish trambling licking cock shoes .avi.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\french fucking sleeping glans shoes (Melissa).mpeg.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\bukkake voyeur mature .zip.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\cumshot fucking [milf] titts .avi.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\asian bukkake sleeping glans redhair (Samantha).avi.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\cum lingerie hidden titts .mpeg.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\british sperm sleeping glans shower .avi.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\british beast uncut blondie .rar.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\american cum lingerie full movie cock boots .mpg.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\nude xxx girls (Sarah).mpg.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\indian cumshot beast [bangbus] .rar.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\hardcore public traffic .avi.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\japanese cum horse big .avi.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\nude hardcore masturbation cock wifey (Janette).mpeg.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\InputMethod\SHARED\russian nude bukkake hidden feet gorgeoushorny .mpeg.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\italian horse beast licking hole black hairunshaved (Tatjana).zip.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\black nude bukkake hidden feet redhair (Samantha).mpeg.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\russian action xxx several models shower (Britney,Curtney).rar.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\african sperm [free] .zip.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\asian bukkake licking hole high heels .rar.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\animal beast uncut cock .rar.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\assembly\temp\brasilian kicking gay lesbian penetration .mpeg.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\gay catfight young (Britney,Curtney).mpg.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\african lesbian uncut feet wifey (Tatjana).mpg.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\fetish xxx full movie (Jade).mpeg.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\black horse horse several models (Janette).zip.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\canadian trambling [free] feet girly .rar.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\trambling [milf] (Curtney).rar.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\black animal beast public penetration .mpg.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\SoftwareDistribution\Download\horse [bangbus] young .rar.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\american handjob gay several models hole pregnant .zip.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\asian blowjob uncut cock blondie (Melissa).mpg.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\security\templates\bukkake licking .mpeg.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\beastiality trambling sleeping glans swallow .mpeg.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\russian beastiality beast catfight (Samantha).avi.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\fetish fucking sleeping glans traffic .mpeg.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\fucking big circumcision .rar.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\asian fucking big glans fishy .rar.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\action xxx full movie cock blondie .avi.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\canadian gay big .mpeg.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\danish nude bukkake catfight balls .mpeg.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\american cum fucking catfight (Sarah).mpeg.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\nude horse sleeping hairy .mpeg.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\brasilian handjob bukkake hot (!) .avi.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\japanese kicking sperm full movie (Janette).mpeg.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\german sperm full movie .mpg.exe	0982943ec76e3bad6c9c2715f1f1ac60N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3088	0982943ec76e3bad6c9c2715f1f1ac60N.exe
3088	0982943ec76e3bad6c9c2715f1f1ac60N.exe
4104	0982943ec76e3bad6c9c2715f1f1ac60N.exe
4104	0982943ec76e3bad6c9c2715f1f1ac60N.exe
3088	0982943ec76e3bad6c9c2715f1f1ac60N.exe
3088	0982943ec76e3bad6c9c2715f1f1ac60N.exe
4432	0982943ec76e3bad6c9c2715f1f1ac60N.exe
4432	0982943ec76e3bad6c9c2715f1f1ac60N.exe
3092	0982943ec76e3bad6c9c2715f1f1ac60N.exe
3092	0982943ec76e3bad6c9c2715f1f1ac60N.exe
4104	0982943ec76e3bad6c9c2715f1f1ac60N.exe
4104	0982943ec76e3bad6c9c2715f1f1ac60N.exe
3088	0982943ec76e3bad6c9c2715f1f1ac60N.exe
3088	0982943ec76e3bad6c9c2715f1f1ac60N.exe
2004	0982943ec76e3bad6c9c2715f1f1ac60N.exe
2004	0982943ec76e3bad6c9c2715f1f1ac60N.exe
1496	0982943ec76e3bad6c9c2715f1f1ac60N.exe
1496	0982943ec76e3bad6c9c2715f1f1ac60N.exe
392	0982943ec76e3bad6c9c2715f1f1ac60N.exe
392	0982943ec76e3bad6c9c2715f1f1ac60N.exe
4104	0982943ec76e3bad6c9c2715f1f1ac60N.exe
4104	0982943ec76e3bad6c9c2715f1f1ac60N.exe
3088	0982943ec76e3bad6c9c2715f1f1ac60N.exe
3088	0982943ec76e3bad6c9c2715f1f1ac60N.exe
4372	0982943ec76e3bad6c9c2715f1f1ac60N.exe
4372	0982943ec76e3bad6c9c2715f1f1ac60N.exe
4432	0982943ec76e3bad6c9c2715f1f1ac60N.exe
4432	0982943ec76e3bad6c9c2715f1f1ac60N.exe
3092	0982943ec76e3bad6c9c2715f1f1ac60N.exe
3092	0982943ec76e3bad6c9c2715f1f1ac60N.exe
5020	0982943ec76e3bad6c9c2715f1f1ac60N.exe
5020	0982943ec76e3bad6c9c2715f1f1ac60N.exe
1244	0982943ec76e3bad6c9c2715f1f1ac60N.exe
1244	0982943ec76e3bad6c9c2715f1f1ac60N.exe
4648	0982943ec76e3bad6c9c2715f1f1ac60N.exe
4648	0982943ec76e3bad6c9c2715f1f1ac60N.exe
3088	0982943ec76e3bad6c9c2715f1f1ac60N.exe
3088	0982943ec76e3bad6c9c2715f1f1ac60N.exe
4104	0982943ec76e3bad6c9c2715f1f1ac60N.exe
4104	0982943ec76e3bad6c9c2715f1f1ac60N.exe
2004	0982943ec76e3bad6c9c2715f1f1ac60N.exe
2004	0982943ec76e3bad6c9c2715f1f1ac60N.exe
2448	0982943ec76e3bad6c9c2715f1f1ac60N.exe
2448	0982943ec76e3bad6c9c2715f1f1ac60N.exe
1496	0982943ec76e3bad6c9c2715f1f1ac60N.exe
5060	0982943ec76e3bad6c9c2715f1f1ac60N.exe
5060	0982943ec76e3bad6c9c2715f1f1ac60N.exe
1496	0982943ec76e3bad6c9c2715f1f1ac60N.exe
3092	0982943ec76e3bad6c9c2715f1f1ac60N.exe
3092	0982943ec76e3bad6c9c2715f1f1ac60N.exe
4624	0982943ec76e3bad6c9c2715f1f1ac60N.exe
4624	0982943ec76e3bad6c9c2715f1f1ac60N.exe
4992	0982943ec76e3bad6c9c2715f1f1ac60N.exe
4992	0982943ec76e3bad6c9c2715f1f1ac60N.exe
4432	0982943ec76e3bad6c9c2715f1f1ac60N.exe
4432	0982943ec76e3bad6c9c2715f1f1ac60N.exe
392	0982943ec76e3bad6c9c2715f1f1ac60N.exe
392	0982943ec76e3bad6c9c2715f1f1ac60N.exe
2320	0982943ec76e3bad6c9c2715f1f1ac60N.exe
2320	0982943ec76e3bad6c9c2715f1f1ac60N.exe
4372	0982943ec76e3bad6c9c2715f1f1ac60N.exe
4372	0982943ec76e3bad6c9c2715f1f1ac60N.exe
1972	0982943ec76e3bad6c9c2715f1f1ac60N.exe
1972	0982943ec76e3bad6c9c2715f1f1ac60N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3088 wrote to memory of 4104	3088	0982943ec76e3bad6c9c2715f1f1ac60N.exe	89
PID 3088 wrote to memory of 4104	3088	0982943ec76e3bad6c9c2715f1f1ac60N.exe	89
PID 3088 wrote to memory of 4104	3088	0982943ec76e3bad6c9c2715f1f1ac60N.exe	89
PID 4104 wrote to memory of 4432	4104	0982943ec76e3bad6c9c2715f1f1ac60N.exe	91
PID 4104 wrote to memory of 4432	4104	0982943ec76e3bad6c9c2715f1f1ac60N.exe	91
PID 4104 wrote to memory of 4432	4104	0982943ec76e3bad6c9c2715f1f1ac60N.exe	91
PID 3088 wrote to memory of 3092	3088	0982943ec76e3bad6c9c2715f1f1ac60N.exe	92
PID 3088 wrote to memory of 3092	3088	0982943ec76e3bad6c9c2715f1f1ac60N.exe	92
PID 3088 wrote to memory of 3092	3088	0982943ec76e3bad6c9c2715f1f1ac60N.exe	92
PID 4104 wrote to memory of 1496	4104	0982943ec76e3bad6c9c2715f1f1ac60N.exe	93
PID 4104 wrote to memory of 1496	4104	0982943ec76e3bad6c9c2715f1f1ac60N.exe	93
PID 4104 wrote to memory of 1496	4104	0982943ec76e3bad6c9c2715f1f1ac60N.exe	93
PID 3088 wrote to memory of 2004	3088	0982943ec76e3bad6c9c2715f1f1ac60N.exe	94
PID 3088 wrote to memory of 2004	3088	0982943ec76e3bad6c9c2715f1f1ac60N.exe	94
PID 3088 wrote to memory of 2004	3088	0982943ec76e3bad6c9c2715f1f1ac60N.exe	94
PID 4432 wrote to memory of 392	4432	0982943ec76e3bad6c9c2715f1f1ac60N.exe	95
PID 4432 wrote to memory of 392	4432	0982943ec76e3bad6c9c2715f1f1ac60N.exe	95
PID 4432 wrote to memory of 392	4432	0982943ec76e3bad6c9c2715f1f1ac60N.exe	95
PID 3092 wrote to memory of 4372	3092	0982943ec76e3bad6c9c2715f1f1ac60N.exe	96
PID 3092 wrote to memory of 4372	3092	0982943ec76e3bad6c9c2715f1f1ac60N.exe	96
PID 3092 wrote to memory of 4372	3092	0982943ec76e3bad6c9c2715f1f1ac60N.exe	96
PID 3088 wrote to memory of 5020	3088	0982943ec76e3bad6c9c2715f1f1ac60N.exe	97
PID 3088 wrote to memory of 5020	3088	0982943ec76e3bad6c9c2715f1f1ac60N.exe	97
PID 3088 wrote to memory of 5020	3088	0982943ec76e3bad6c9c2715f1f1ac60N.exe	97
PID 4104 wrote to memory of 1244	4104	0982943ec76e3bad6c9c2715f1f1ac60N.exe	98
PID 4104 wrote to memory of 1244	4104	0982943ec76e3bad6c9c2715f1f1ac60N.exe	98
PID 4104 wrote to memory of 1244	4104	0982943ec76e3bad6c9c2715f1f1ac60N.exe	98
PID 2004 wrote to memory of 4648	2004	0982943ec76e3bad6c9c2715f1f1ac60N.exe	99
PID 2004 wrote to memory of 4648	2004	0982943ec76e3bad6c9c2715f1f1ac60N.exe	99
PID 2004 wrote to memory of 4648	2004	0982943ec76e3bad6c9c2715f1f1ac60N.exe	99
PID 1496 wrote to memory of 2448	1496	0982943ec76e3bad6c9c2715f1f1ac60N.exe	102
PID 1496 wrote to memory of 2448	1496	0982943ec76e3bad6c9c2715f1f1ac60N.exe	102
PID 1496 wrote to memory of 2448	1496	0982943ec76e3bad6c9c2715f1f1ac60N.exe	102
PID 3092 wrote to memory of 5060	3092	0982943ec76e3bad6c9c2715f1f1ac60N.exe	101
PID 3092 wrote to memory of 5060	3092	0982943ec76e3bad6c9c2715f1f1ac60N.exe	101
PID 3092 wrote to memory of 5060	3092	0982943ec76e3bad6c9c2715f1f1ac60N.exe	101
PID 4432 wrote to memory of 4624	4432	0982943ec76e3bad6c9c2715f1f1ac60N.exe	100
PID 4432 wrote to memory of 4624	4432	0982943ec76e3bad6c9c2715f1f1ac60N.exe	100
PID 4432 wrote to memory of 4624	4432	0982943ec76e3bad6c9c2715f1f1ac60N.exe	100
PID 392 wrote to memory of 4992	392	0982943ec76e3bad6c9c2715f1f1ac60N.exe	103
PID 392 wrote to memory of 4992	392	0982943ec76e3bad6c9c2715f1f1ac60N.exe	103
PID 392 wrote to memory of 4992	392	0982943ec76e3bad6c9c2715f1f1ac60N.exe	103
PID 4372 wrote to memory of 2320	4372	0982943ec76e3bad6c9c2715f1f1ac60N.exe	104
PID 4372 wrote to memory of 2320	4372	0982943ec76e3bad6c9c2715f1f1ac60N.exe	104
PID 4372 wrote to memory of 2320	4372	0982943ec76e3bad6c9c2715f1f1ac60N.exe	104
PID 2004 wrote to memory of 2280	2004	0982943ec76e3bad6c9c2715f1f1ac60N.exe	105
PID 2004 wrote to memory of 2280	2004	0982943ec76e3bad6c9c2715f1f1ac60N.exe	105
PID 2004 wrote to memory of 2280	2004	0982943ec76e3bad6c9c2715f1f1ac60N.exe	105
PID 3088 wrote to memory of 1972	3088	0982943ec76e3bad6c9c2715f1f1ac60N.exe	106
PID 3088 wrote to memory of 1972	3088	0982943ec76e3bad6c9c2715f1f1ac60N.exe	106
PID 3088 wrote to memory of 1972	3088	0982943ec76e3bad6c9c2715f1f1ac60N.exe	106
PID 4104 wrote to memory of 3116	4104	0982943ec76e3bad6c9c2715f1f1ac60N.exe	107
PID 4104 wrote to memory of 3116	4104	0982943ec76e3bad6c9c2715f1f1ac60N.exe	107
PID 4104 wrote to memory of 3116	4104	0982943ec76e3bad6c9c2715f1f1ac60N.exe	107
PID 1496 wrote to memory of 2204	1496	0982943ec76e3bad6c9c2715f1f1ac60N.exe	108
PID 1496 wrote to memory of 2204	1496	0982943ec76e3bad6c9c2715f1f1ac60N.exe	108
PID 1496 wrote to memory of 2204	1496	0982943ec76e3bad6c9c2715f1f1ac60N.exe	108
PID 3092 wrote to memory of 3704	3092	0982943ec76e3bad6c9c2715f1f1ac60N.exe	109
PID 3092 wrote to memory of 3704	3092	0982943ec76e3bad6c9c2715f1f1ac60N.exe	109
PID 3092 wrote to memory of 3704	3092	0982943ec76e3bad6c9c2715f1f1ac60N.exe	109
PID 4648 wrote to memory of 1408	4648	0982943ec76e3bad6c9c2715f1f1ac60N.exe	110
PID 4648 wrote to memory of 1408	4648	0982943ec76e3bad6c9c2715f1f1ac60N.exe	110
PID 4648 wrote to memory of 1408	4648	0982943ec76e3bad6c9c2715f1f1ac60N.exe	110
PID 4432 wrote to memory of 2364	4432	0982943ec76e3bad6c9c2715f1f1ac60N.exe	112

C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
"C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3088
- C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
  "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4104
- - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
    "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4432
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:392
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:4992
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:3276
        
        C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        7⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        8⤵
        
        PID:11132
        
        C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        8⤵
        
        PID:4632
        
        C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        7⤵
        
        PID:6648
        
        C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        8⤵
        
        PID:14788
        
        C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        7⤵
        
        PID:8840
        
        C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        7⤵
        
        PID:12080
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        7⤵
        
        PID:11156
        
        C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        7⤵
        
        PID:4512
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:6768
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:8864
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:13088
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:1416
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:5732
        
        C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        7⤵
        
        PID:10348
        
        C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        7⤵
        
        PID:14908
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:6736
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:8696
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:13152
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:4200
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:7064
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:8848
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:12056
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:6216
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:11188
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:15656
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:6640
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:16136
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:8624
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:13080
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4624
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:4520
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        7⤵
        
        PID:11440
        
        C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        7⤵
        
        PID:15752
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:6712
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:8648
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:11868
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:4904
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:6428
        
        C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        7⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        7⤵
        
        PID:12112
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:6592
        
        C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        7⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        7⤵
        
        PID:11892
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:8896
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:12096
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:6340
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:11092
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:15264
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:6616
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:11588
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:15776
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:8608
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:11900
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:16656
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:2364
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:5688
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:10780
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:15036
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:6760
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:8728
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:12408
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:2492
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:6992
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:16144
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:8768
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:13320
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:6368
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:11148
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:15648
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:6600
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:11108
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:15640
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:8880
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:12072
- - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
    "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1496
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:2448
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:1704
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:5812
        
        C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        7⤵
        
        PID:11004
        
        C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        7⤵
        
        PID:15184
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:6696
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:8656
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:13072
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:3476
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:6504
        
        C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        7⤵
        
        PID:10788
        
        C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        7⤵
        
        PID:14932
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:7092
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:8672
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:11844
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:16596
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:6268
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:9048
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:11956
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:6608
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:11180
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:15444
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:8872
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:12088
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:2204
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:5696
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:11140
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:15340
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:6752
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:8720
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:11852
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:16572
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:4576
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:10284
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:14916
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:6824
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:13608
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:8832
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:12048
- - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
    "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:1244
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:4428
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:5724
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:10772
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:14984
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:6576
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:11164
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:15436
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:8904
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:12104
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:3532
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:6832
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:14240
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:8664
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:11992
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:16624
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:6224
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:11084
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:15256
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:6632
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:8760
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:12344
- - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
    "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
    3⤵
    PID:3116
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:5768
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:9376
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:12064
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:6720
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:8816
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:12040
- - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
    "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
    3⤵
    PID:2776
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:8940
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:12144
- - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
    "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
    3⤵
    PID:6800
- - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
    "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
    3⤵
    PID:8744
- - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
    "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
    3⤵
    PID:12136
- C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
  "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3092
- - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
    "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4372
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:2320
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:712
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        7⤵
        
        PID:10820
        
        C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        7⤵
        
        PID:15160
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:6664
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:8808
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:13128
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:4256
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:10476
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:15108
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:6784
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:8680
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:12196
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:532
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:5796
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:10996
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:15512
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:6680
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:8824
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:13144
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:3252
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:10844
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:14968
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:6776
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:14780
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:8688
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:11876
- - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
    "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:5060
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:348
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:5804
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:10804
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:14940
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:6672
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:8776
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:13120
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:2052
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:10828
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:15280
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:6744
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:8800
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:12032
- - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
    "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
    3⤵
    PID:3704
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:5940
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:10764
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:14924
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:6584
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:11100
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:15248
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:8888
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:12128
- - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
    "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
    3⤵
    PID:4060
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:8912
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:12120
- - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
    "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
    3⤵
    PID:6816
- - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
    "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
    3⤵
    PID:8616
- - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
    "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
    3⤵
    PID:11980
- C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
  "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2004
- - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
    "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4648
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:1408
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:5788
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:11428
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:15744
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:6728
      - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        6⤵
        
        PID:16604
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:8784
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:13112
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:1560
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:6136
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:8640
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:12152
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:6280
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:11124
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:15684
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:6624
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:8856
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:3832
- - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
    "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
    3⤵
    PID:2280
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:5888
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:10796
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:14948
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:6656
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:8736
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:13136
- - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
    "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
    3⤵
    PID:536
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:11172
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:15352
- - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
    "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
    3⤵
    PID:6808
- - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
    "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
    3⤵
    PID:8752
- - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
    "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
    3⤵
    PID:12016
- C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
  "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:5020
- - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
    "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
    3⤵
    PID:4364
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:5820
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:10836
    - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
        5⤵
        
        PID:15152
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:6704
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:8632
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:11656
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:15868
- - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
    "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
    3⤵
    PID:4996
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:8956
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:11928
- - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
    "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
    3⤵
    PID:6512
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:11116
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:15272
- - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
    "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
    3⤵
    PID:7084
- - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
    "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
    3⤵
    PID:8712
- - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
    "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
    3⤵
    PID:11884
- - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
    "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
    3⤵
    PID:16580
- C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
  "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1972
- - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
    "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
    3⤵
    PID:5760
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:10812
  - - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
      "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
      4⤵
      PID:14960
- - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
    "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
    3⤵
    PID:6688
- - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
    "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
    3⤵
    PID:8792
- - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
    "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
    3⤵
    PID:12024
- C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
  "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
  2⤵
  PID:4848
- - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
    "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
    3⤵
    PID:8964
- - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
    "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
    3⤵
    PID:11948
- - C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
    "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
    3⤵
    PID:16612
- C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
  "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
  2⤵
  PID:6792
- C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
  "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
  2⤵
  PID:8700
- C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe
  "C:\Users\Admin\AppData\Local\Temp\0982943ec76e3bad6c9c2715f1f1ac60N.exe"
  2⤵
  PID:11860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\japanese porn lingerie hidden redhair .zip.exe

Filesize
435KB

MD5
6d4806db7a2be25dee0048495e348d60

SHA1
d415a345c9f8e003df73a5d4cb5bdae15945aa44

SHA256
8f7bb67b80c313ff9fc59d967fe4d1805a7dc5a6dd1aa609fb63179ffde1fd72

SHA512
54a25690d879e3d2c03e1fc50f65390a1ff2db2a48b87c2405a3721b4203325241dbb4b99b08cdd6112fdd41d46b8c59fdecf7119d1c3df4f22d7ac18102ef30

Download Submit