fb1de2d16d5a6bfb4ff07c72d67113806c344955b36ffdc604cc498b3ec805c9

Analysis

max time kernel
119s
max time network
119s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12-07-2024 04:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
Size

744KB
MD5

2fc83ea15ef2239a3a8ab7dae3c752f0
SHA1

d4a97ed2f0f918f33622ad2d7be5759d16949f77
SHA256

fb1de2d16d5a6bfb4ff07c72d67113806c344955b36ffdc604cc498b3ec805c9
SHA512

cc60bb3c50f902a2402c7d8819c1c438438d32cbe559fe866e05055cc6842407d62cab11924ede626f305d1a900c312a3549dbdd39c36bb9fc6f00a038a3693f
SSDEEP

12288:dXCNi9BbXTo7SeY9Cfw4U1YFkimVmS4fJWV5x5abmRbGkUUT3zTGYCnj1iPNhrkg:oWbXToGeBfwXwjS4h+x4bQUazC/n5iP7

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\P:	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File opened (read-only)	\??\T:	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File opened (read-only)	\??\V:	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File opened (read-only)	\??\W:	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File opened (read-only)	\??\Y:	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File opened (read-only)	\??\A:	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File opened (read-only)	\??\I:	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File opened (read-only)	\??\S:	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File opened (read-only)	\??\U:	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File opened (read-only)	\??\E:	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File opened (read-only)	\??\H:	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File opened (read-only)	\??\J:	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File opened (read-only)	\??\K:	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File opened (read-only)	\??\M:	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File opened (read-only)	\??\R:	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File opened (read-only)	\??\Z:	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File opened (read-only)	\??\B:	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File opened (read-only)	\??\G:	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File opened (read-only)	\??\L:	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File opened (read-only)	\??\N:	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File opened (read-only)	\??\O:	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File opened (read-only)	\??\Q:	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File opened (read-only)	\??\X:	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\chinese horse public ash .mpg.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\brasilian cumshot bukkake licking ash femdom (Sylvia,Samantha).rar.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\sperm cum hot (!) hairy .rar.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\danish lingerie hidden hole mistress (Sandy,Janette).zip.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\russian blowjob [milf] hotel .mpeg.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\french gang bang several models (Sarah,Sonja).mpg.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\japanese kicking kicking uncut lady .rar.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\african animal horse lesbian glans ejaculation .avi.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\indian nude masturbation .mpg.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\System32\DriverStore\Temp\african horse uncut shoes .mpeg.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\tyrkish porn fucking hot (!) lady .zip.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\indian kicking sperm catfight penetration (Sylvia,Sonja).mpeg.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\british fucking cumshot big .zip.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\horse beastiality girls hole .zip.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Program Files\Common Files\microsoft shared\malaysia action sperm licking feet redhair .mpeg.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\norwegian cumshot beastiality public wifey .avi.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\brasilian fucking lingerie [milf] glans blondie (Karin,Liz).mpeg.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\kicking hot (!) ash (Sonja).mpg.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\brasilian lesbian xxx hidden glans .avi.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\handjob beast [free] .avi.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Program Files\dotnet\shared\indian sperm catfight boobs sweet .mpg.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\canadian horse [bangbus] hole mistress .rar.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\norwegian horse fetish [bangbus] .rar.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Program Files (x86)\Microsoft\Temp\handjob animal full movie fishy .mpeg.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\african porn [bangbus] ash .mpg.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Program Files (x86)\Google\Temp\action voyeur boobs shoes .mpg.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\porn cum hidden fishy .zip.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Program Files\Microsoft Office\root\Templates\xxx voyeur ¼ë .avi.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Program Files (x86)\Google\Update\Download\bukkake fucking [milf] hotel .avi.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\norwegian lingerie catfight gorgeoushorny (Kathrin,Kathrin).rar.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\spanish xxx gang bang full movie leather .rar.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\bukkake catfight .mpeg.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\american cumshot [milf] (Janette).avi.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\animal hidden cock YEâPSè& .mpg.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\gay hot (!) ejaculation .zip.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\brasilian beastiality porn voyeur circumcision (Ashley,Sonja).mpg.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\tyrkish cum cum catfight beautyfull (Gina,Britney).rar.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\porn [milf] hairy .mpg.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\sperm licking castration .mpeg.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\chinese sperm masturbation stockings .zip.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\norwegian xxx xxx hot (!) mistress .mpg.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\xxx sleeping upskirt .avi.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\assembly\tmp\russian animal [milf] beautyfull .zip.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\swedish trambling [milf] hotel .zip.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\trambling bukkake girls nipples .mpg.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\american gay bukkake public .avi.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\security\templates\african beastiality hardcore licking boobs hairy .mpeg.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\SoftwareDistribution\Download\norwegian horse beastiality several models .rar.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\asian horse lesbian [free] .mpg.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\canadian hardcore big cock hotel .mpeg.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\canadian kicking gang bang uncut beautyfull .zip.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\japanese animal full movie gorgeoushorny (Melissa,Melissa).mpeg.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\horse trambling [bangbus] cock (Curtney,Karin).avi.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\mssrv.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\norwegian fucking gay voyeur bedroom .rar.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\porn voyeur legs mistress .avi.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\cumshot public feet balls .avi.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\norwegian animal trambling sleeping legs .mpg.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\chinese lesbian [milf] wifey (Sandy,Curtney).rar.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\sperm hardcore masturbation granny (Sonja).mpeg.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\animal kicking hot (!) .rar.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\horse [milf] granny .mpg.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\tyrkish fucking xxx licking glans mistress .mpeg.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\spanish cumshot public shower (Curtney,Sonja).zip.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\kicking fucking lesbian hole stockings .mpeg.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\malaysia fetish action masturbation cock swallow .mpeg.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\gay [milf] shower .avi.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\animal lingerie hot (!) .avi.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\tyrkish bukkake full movie castration .rar.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\japanese gang bang porn big glans .mpg.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\japanese fetish several models vagina leather (Liz,Ashley).avi.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\handjob hot (!) castration (Anniston).rar.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\fetish fetish big vagina young (Janette).avi.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\horse horse [free] .avi.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\british beast cumshot hot (!) legs .mpeg.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\beastiality uncut .mpeg.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\malaysia bukkake girls leather .mpeg.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\gay full movie sweet .rar.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\french gang bang animal lesbian granny (Karin).mpg.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\german lingerie [milf] fishy (Samantha,Sonja).mpeg.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\assembly\temp\russian sperm gang bang big bedroom (Gina,Sarah).zip.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\CbsTemp\canadian hardcore xxx hot (!) .mpg.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\african porn masturbation .zip.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\InputMethod\SHARED\beastiality cumshot licking titts pregnant (Tatjana,Britney).zip.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\trambling full movie castration .mpeg.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\gang bang beast sleeping mistress .avi.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\lesbian fucking catfight .avi.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\german nude sleeping .mpeg.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\malaysia beastiality lingerie [milf] shower .zip.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\norwegian porn licking YEâPSè& .mpeg.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\danish nude fucking hot (!) young .rar.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\kicking uncut sm .mpeg.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\japanese xxx public mistress .rar.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\japanese action hardcore several models cock gorgeoushorny (Liz).avi.exe	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4060	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
4060	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
1844	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
1844	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
4060	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
4060	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
3704	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
3704	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
3920	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
3920	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
1844	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
1844	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
4060	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
4060	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
2904	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
2904	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
4452	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
4452	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
228	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
228	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
1844	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
1844	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
4060	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
4060	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
3704	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
3704	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
4396	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
4396	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
3920	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
3920	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
1108	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
1108	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
1844	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
1844	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
2728	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
2728	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
4060	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
4060	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
2684	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
2684	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
3704	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
3704	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
4368	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
4368	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
1468	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
1468	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
2260	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
2260	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
3560	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
3560	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
3920	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
3920	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
4452	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
4452	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
228	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
228	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
2904	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
2904	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
1428	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
1428	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
4396	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
4396	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
640	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
640	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4060 wrote to memory of 1844	4060	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	86
PID 4060 wrote to memory of 1844	4060	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	86
PID 4060 wrote to memory of 1844	4060	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	86
PID 1844 wrote to memory of 3704	1844	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	87
PID 1844 wrote to memory of 3704	1844	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	87
PID 1844 wrote to memory of 3704	1844	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	87
PID 4060 wrote to memory of 3920	4060	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	88
PID 4060 wrote to memory of 3920	4060	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	88
PID 4060 wrote to memory of 3920	4060	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	88
PID 1844 wrote to memory of 2904	1844	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	89
PID 1844 wrote to memory of 2904	1844	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	89
PID 1844 wrote to memory of 2904	1844	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	89
PID 3704 wrote to memory of 228	3704	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	90
PID 3704 wrote to memory of 228	3704	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	90
PID 3704 wrote to memory of 228	3704	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	90
PID 4060 wrote to memory of 4452	4060	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	91
PID 4060 wrote to memory of 4452	4060	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	91
PID 4060 wrote to memory of 4452	4060	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	91
PID 3920 wrote to memory of 4396	3920	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	92
PID 3920 wrote to memory of 4396	3920	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	92
PID 3920 wrote to memory of 4396	3920	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	92
PID 1844 wrote to memory of 1108	1844	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	93
PID 1844 wrote to memory of 1108	1844	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	93
PID 1844 wrote to memory of 1108	1844	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	93
PID 4060 wrote to memory of 2728	4060	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	94
PID 4060 wrote to memory of 2728	4060	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	94
PID 4060 wrote to memory of 2728	4060	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	94
PID 3704 wrote to memory of 2684	3704	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	95
PID 3704 wrote to memory of 2684	3704	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	95
PID 3704 wrote to memory of 2684	3704	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	95
PID 3920 wrote to memory of 2260	3920	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	96
PID 3920 wrote to memory of 2260	3920	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	96
PID 3920 wrote to memory of 2260	3920	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	96
PID 2904 wrote to memory of 4368	2904	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	97
PID 2904 wrote to memory of 4368	2904	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	97
PID 2904 wrote to memory of 4368	2904	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	97
PID 228 wrote to memory of 1468	228	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	98
PID 228 wrote to memory of 1468	228	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	98
PID 228 wrote to memory of 1468	228	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	98
PID 4452 wrote to memory of 3560	4452	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	99
PID 4452 wrote to memory of 3560	4452	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	99
PID 4452 wrote to memory of 3560	4452	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	99
PID 4396 wrote to memory of 1428	4396	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	100
PID 4396 wrote to memory of 1428	4396	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	100
PID 4396 wrote to memory of 1428	4396	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	100
PID 1844 wrote to memory of 640	1844	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	101
PID 1844 wrote to memory of 640	1844	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	101
PID 1844 wrote to memory of 640	1844	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	101
PID 4060 wrote to memory of 4556	4060	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	102
PID 4060 wrote to memory of 4556	4060	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	102
PID 4060 wrote to memory of 4556	4060	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	102
PID 3704 wrote to memory of 1848	3704	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	103
PID 3704 wrote to memory of 1848	3704	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	103
PID 3704 wrote to memory of 1848	3704	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	103
PID 1108 wrote to memory of 4692	1108	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	104
PID 1108 wrote to memory of 4692	1108	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	104
PID 1108 wrote to memory of 4692	1108	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	104
PID 2904 wrote to memory of 572	2904	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	105
PID 2904 wrote to memory of 572	2904	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	105
PID 2904 wrote to memory of 572	2904	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	105
PID 228 wrote to memory of 1072	228	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	106
PID 228 wrote to memory of 1072	228	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	106
PID 228 wrote to memory of 1072	228	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	106
PID 3920 wrote to memory of 1264	3920	2fc83ea15ef2239a3a8ab7dae3c752f0N.exe	107

C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
"C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4060
- C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1844
- - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3704
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:228
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:1468
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        7⤵
        
        PID:5780
        
        C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        8⤵
        
        PID:9868
        
        C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        8⤵
        
        PID:13632
        
        C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        8⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        7⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        8⤵
        
        PID:15304
        
        C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        8⤵
        
        PID:16344
        
        C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        7⤵
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        7⤵
        
        PID:14100
        
        C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        7⤵
        
        PID:20324
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:4248
        
        C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        7⤵
        
        PID:6724
        
        C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        8⤵
        
        PID:13236
        
        C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        8⤵
        
        PID:19300
        
        C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        7⤵
        
        PID:7228
        
        C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        8⤵
        
        PID:16816
        
        C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        7⤵
        
        PID:10312
        
        C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        7⤵
        
        PID:14248
        
        C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        7⤵
        
        PID:19236
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:6228
        
        C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        7⤵
        
        PID:14744
        
        C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        7⤵
        
        PID:21396
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:7284
        
        C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        7⤵
        
        PID:16540
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:9752
        
        C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        7⤵
        
        PID:20840
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:13496
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:18940
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:1072
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:5884
        
        C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        7⤵
        
        PID:12816
        
        C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        7⤵
        
        PID:18448
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:7188
        
        C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        7⤵
        
        PID:16968
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:10276
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:14488
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:19356
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:4564
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:9456
        
        C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        7⤵
        
        PID:5976
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:13248
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:19348
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:6796
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:13128
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:19240
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:7212
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:15200
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:15708
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:9852
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:21380
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:13616
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:8384
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:2684
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:2180
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        7⤵
        
        PID:12384
        
        C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        7⤵
        
        PID:16852
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:7356
        
        C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        7⤵
        
        PID:17916
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:10192
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:14116
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:19176
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:1384
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:8488
        
        C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        7⤵
        
        PID:17964
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:11188
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:15944
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:6156
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:14568
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:20832
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:7308
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:17972
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:9924
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:13672
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:9092
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:1848
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:5552
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:8752
        
        C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        7⤵
        
        PID:18792
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:11792
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:15952
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:7024
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:16588
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:8652
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:18884
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:11604
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:16108
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:7420
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:16596
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:10304
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:14256
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:9948
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:6576
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:14592
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:20792
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:7244
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:16572
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:9768
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:21320
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:13608
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:8600
- - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2904
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4368
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:4848
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:5876
        
        C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        7⤵
        
        PID:12392
        
        C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        7⤵
        
        PID:16860
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        7⤵
        
        PID:17948
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:10296
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:14280
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:20436
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:4544
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:6716
        
        C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        7⤵
        
        PID:13116
        
        C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        7⤵
        
        PID:19224
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:7220
        
        C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        7⤵
        
        PID:16620
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:9776
        
        C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        7⤵
        
        PID:14428
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:13624
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:8416
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:6060
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:13428
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:5992
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:7332
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:18004
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:9892
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:13656
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:19620
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:572
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:14608
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:396
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:7348
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:16628
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:10208
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:14108
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:20504
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:2620
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:8228
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:18048
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:11056
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:15676
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:6140
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:14576
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:20864
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:7180
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:16844
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:9908
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:13804
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:14036
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:20040
- - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1108
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:4692
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:5620
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:8920
        
        C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        7⤵
        
        PID:19000
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:12964
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:18468
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:7412
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:17924
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:10532
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:14272
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:10088
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:2992
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:8420
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:17980
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:11164
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:15760
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:6560
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:14560
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:21204
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:7252
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:16960
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:9860
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:2552
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:13588
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:8584
- - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:640
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:5572
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:8720
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:15084
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:11704
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:16060
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:7016
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:15312
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:8640
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:17988
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:11556
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:16184
- - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
    3⤵
    PID:4032
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:8268
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:18012
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:11112
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:15936
- - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
    3⤵
    PID:6052
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:12612
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:18440
- - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
    3⤵
    PID:7340
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:16548
- - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
    3⤵
    PID:9876
- - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
    3⤵
    PID:13600
- - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
    3⤵
    PID:8400
- C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3920
- - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4396
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:1428
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:3984
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        7⤵
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        8⤵
        
        PID:4284
        
        C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        7⤵
        
        PID:13228
        
        C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        7⤵
        
        PID:19284
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:7008
        
        C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        7⤵
        
        PID:15320
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:8712
        
        C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        7⤵
        
        PID:18716
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:11900
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:16252
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:3516
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:8736
        
        C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        7⤵
        
        PID:19032
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:11712
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:16076
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:6212
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:13696
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:8888
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:7292
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:18236
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:10020
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:14044
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:20024
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:2380
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:5788
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:11744
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:16100
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:7196
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:15328
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:9784
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:21388
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:13712
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:9096
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:4908
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:6880
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:13280
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:19292
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:7204
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:16580
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:9976
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:4148
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:13680
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:9080
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:6220
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:14600
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:20784
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:7300
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:16824
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:10036
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:14124
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:20016
- - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:2260
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:4144
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:5720
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:11040
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:15684
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:7404
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:16604
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:10268
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:14736
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:9724
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:4332
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:8260
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:17932
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:11084
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:15976
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:6272
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:14584
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:20776
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:7276
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:16984
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:9952
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:13640
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:19852
- - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
    3⤵
    PID:1264
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:5648
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:11588
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:16068
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:7428
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:16556
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:10328
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:14404
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:20488
- - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
    3⤵
    PID:1040
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:8744
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:18812
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:12200
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:16520
- - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
    3⤵
    PID:6628
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:12736
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:18456
- - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
    3⤵
    PID:7236
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:15148
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:14708
- - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
    3⤵
    PID:9884
- - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
    3⤵
    PID:13688
- - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
    3⤵
    PID:20008
- C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4452
- - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:3560
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:1936
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:5836
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:11468
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:16052
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:7372
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:16692
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:9916
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:13664
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:9084
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:2672
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:7436
      - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        6⤵
        
        PID:16564
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:10288
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:14224
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:20396
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:6236
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:14752
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:21404
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:7268
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:17096
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:10320
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:14232
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:20220
- - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
    3⤵
    PID:1524
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:5756
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:11736
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:16084
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:7388
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:17940
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:10252
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:14216
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:20416
- - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
    3⤵
    PID:4304
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:8236
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:17956
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:11020
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:15600
- - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
    3⤵
    PID:6112
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:13028
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:18820
- - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
    3⤵
    PID:7324
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:16532
- - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
    3⤵
    PID:9900
- - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
    3⤵
    PID:13648
- - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
    3⤵
    PID:9152
- C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:2728
- - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
    3⤵
    PID:3484
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:5728
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:12500
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:17356
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:7396
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:17996
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:10260
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:14240
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:20424
- - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
    3⤵
    PID:3488
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:7032
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:15284
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:8728
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:19196
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:11696
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:16092
- - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
    3⤵
    PID:6452
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:12600
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:18408
- - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
    3⤵
    PID:7260
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:16976
- - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
    3⤵
    PID:9760
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:20496
- - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
    3⤵
    PID:13504
- - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
    3⤵
    PID:7556
- C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
  2⤵
  PID:4556
- - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
    3⤵
    PID:5640
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:8360
    - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
        5⤵
        
        PID:17904
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:11156
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:15768
- - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
    3⤵
    PID:7464
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:18744
- - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
    3⤵
    PID:10780
- - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
    3⤵
    PID:14532
- - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
    3⤵
    PID:16508
- C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
  2⤵
  PID:3688
- - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
    3⤵
    PID:7900
  - - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
      4⤵
      PID:18080
- - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
    3⤵
    PID:11048
- - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
    3⤵
    PID:15960
- C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
  2⤵
  PID:6176
- - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
    3⤵
    PID:13188
- - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
    3⤵
    PID:19376
- C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
  2⤵
  PID:7316
- - C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
    3⤵
    PID:18020
- C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
  2⤵
  PID:10028
- C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
  2⤵
  PID:14052
- C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\2fc83ea15ef2239a3a8ab7dae3c752f0N.exe"
  2⤵
  PID:20032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\norwegian cumshot beastiality public wifey .avi.exe

Filesize
705KB

MD5
060b6163ae690f1129591f90af9090d7

SHA1
14bef7c86ea14726cb0bffb3dfc430cb74b0af62

SHA256
3755c274f28074debeab56691e9dff21dfad4bd0943acdefbf587677e7304b07

SHA512
c1051e0e8783f600c469f3318ae362beb0c467747f1b7c92e56c2f324f0d509b2ee868d597533031ed198855eca80e8110bbd12e6ad7b4e41d7c27faceefb55d

Download Submit
C:\debug.txt

Filesize
146B

MD5
54ec619b9f6f3897ca3a6bf53a7898b9

SHA1
a9d9105b6872aa5e6491c7da3d32d5395da8bc8d

SHA256
8a7fd068e17fcbe3f15f7b758f7eec6112804eddf154f68b4c0310ed8ba36bf0

SHA512
d87b82c7c1befe3310ab6727ef0fd809be4ad0adc87b25e28cf2070bc244132847612f37208cb93c8ade78e872c2b3f5eca41d3e92fda4730b162be0d038d7b7

Download Submit