5e8fdf4b058c311cd70026b074a98b2eb8e2604d8436daea1524c8f57a7b9667

Analysis

max time kernel
16s
max time network
65s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2024, 04:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

804c4ec6ed801fd3591a32459f5f6240N.exe
Size

245KB
MD5

804c4ec6ed801fd3591a32459f5f6240
SHA1

0c929e0a733ac641060c8f0ace4954128a8fa640
SHA256

5e8fdf4b058c311cd70026b074a98b2eb8e2604d8436daea1524c8f57a7b9667
SHA512

dd8c5c36c4d5f28b6e0bc1e422556c56757cdf27ae008e490595e67b6590cd92bbec41848ecccaba29d06908109e4147d0de7bd3f3119aad7b0c8bc19665d564
SSDEEP

6144:sPDLCL9Io5R4nM/40yKsx3YX7QAnCbEJ5UsoDMNYgqqa3:sPKLXqTxILxCiBOMs

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\Control Panel\International\Geo\Nation	804c4ec6ed801fd3591a32459f5f6240N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\Control Panel\International\Geo\Nation	804c4ec6ed801fd3591a32459f5f6240N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\Control Panel\International\Geo\Nation	804c4ec6ed801fd3591a32459f5f6240N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\Control Panel\International\Geo\Nation	804c4ec6ed801fd3591a32459f5f6240N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\Control Panel\International\Geo\Nation	804c4ec6ed801fd3591a32459f5f6240N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\Control Panel\International\Geo\Nation	804c4ec6ed801fd3591a32459f5f6240N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\Control Panel\International\Geo\Nation	804c4ec6ed801fd3591a32459f5f6240N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\Control Panel\International\Geo\Nation	804c4ec6ed801fd3591a32459f5f6240N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\Control Panel\International\Geo\Nation	804c4ec6ed801fd3591a32459f5f6240N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\Control Panel\International\Geo\Nation	804c4ec6ed801fd3591a32459f5f6240N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\Control Panel\International\Geo\Nation	804c4ec6ed801fd3591a32459f5f6240N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\Control Panel\International\Geo\Nation	804c4ec6ed801fd3591a32459f5f6240N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\Control Panel\International\Geo\Nation	804c4ec6ed801fd3591a32459f5f6240N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\Control Panel\International\Geo\Nation	804c4ec6ed801fd3591a32459f5f6240N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\Control Panel\International\Geo\Nation	804c4ec6ed801fd3591a32459f5f6240N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-47134698-4092160662-1261813102-1000\Control Panel\International\Geo\Nation	804c4ec6ed801fd3591a32459f5f6240N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3852-0-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/files/0x0008000000023475-5.dat	upx
behavioral2/memory/3164-130-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/756-162-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4224-163-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2796-184-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3144-183-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2124-185-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1204-186-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4640-187-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2112-189-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1544-188-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1796-191-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/536-190-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3852-192-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4300-193-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4520-195-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3164-194-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5096-198-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/756-197-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3252-200-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4224-199-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4548-204-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2796-202-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3144-201-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5012-205-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2124-203-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4640-207-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1204-206-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2112-209-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/536-210-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1544-208-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3468-212-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1796-211-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4808-214-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4520-213-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5096-215-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4136-216-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3252-217-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3004-221-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4944-232-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/856-238-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4576-237-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/644-236-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3360-235-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2992-234-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4008-233-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5012-222-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2032-231-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5048-230-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/1192-229-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3684-228-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/4932-227-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2412-226-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2492-225-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3984-224-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3564-223-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/2724-239-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5688-241-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/3468-240-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5796-242-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5856-248-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5804-247-0x0000000000400000-0x000000000041C000-memory.dmp	upx
behavioral2/memory/5872-250-0x0000000000400000-0x000000000041C000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	804c4ec6ed801fd3591a32459f5f6240N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\V:	804c4ec6ed801fd3591a32459f5f6240N.exe
File opened (read-only)	\??\W:	804c4ec6ed801fd3591a32459f5f6240N.exe
File opened (read-only)	\??\A:	804c4ec6ed801fd3591a32459f5f6240N.exe
File opened (read-only)	\??\P:	804c4ec6ed801fd3591a32459f5f6240N.exe
File opened (read-only)	\??\U:	804c4ec6ed801fd3591a32459f5f6240N.exe
File opened (read-only)	\??\R:	804c4ec6ed801fd3591a32459f5f6240N.exe
File opened (read-only)	\??\S:	804c4ec6ed801fd3591a32459f5f6240N.exe
File opened (read-only)	\??\H:	804c4ec6ed801fd3591a32459f5f6240N.exe
File opened (read-only)	\??\J:	804c4ec6ed801fd3591a32459f5f6240N.exe
File opened (read-only)	\??\Q:	804c4ec6ed801fd3591a32459f5f6240N.exe
File opened (read-only)	\??\N:	804c4ec6ed801fd3591a32459f5f6240N.exe
File opened (read-only)	\??\O:	804c4ec6ed801fd3591a32459f5f6240N.exe
File opened (read-only)	\??\T:	804c4ec6ed801fd3591a32459f5f6240N.exe
File opened (read-only)	\??\E:	804c4ec6ed801fd3591a32459f5f6240N.exe
File opened (read-only)	\??\I:	804c4ec6ed801fd3591a32459f5f6240N.exe
File opened (read-only)	\??\M:	804c4ec6ed801fd3591a32459f5f6240N.exe
File opened (read-only)	\??\L:	804c4ec6ed801fd3591a32459f5f6240N.exe
File opened (read-only)	\??\X:	804c4ec6ed801fd3591a32459f5f6240N.exe
File opened (read-only)	\??\Y:	804c4ec6ed801fd3591a32459f5f6240N.exe
File opened (read-only)	\??\Z:	804c4ec6ed801fd3591a32459f5f6240N.exe
File opened (read-only)	\??\B:	804c4ec6ed801fd3591a32459f5f6240N.exe
File opened (read-only)	\??\G:	804c4ec6ed801fd3591a32459f5f6240N.exe
File opened (read-only)	\??\K:	804c4ec6ed801fd3591a32459f5f6240N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\Temp\italian gang bang trambling lesbian latex (Kathrin).zip.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\SysWOW64\FxsTmp\malaysia beastiality kicking [bangbus] .mpg.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\blowjob sleeping fishy .zip.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\asian horse beast big ash (Tatjana).avi.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\indian lingerie lingerie lesbian glans .mpg.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\SysWOW64\FxsTmp\spanish gang bang catfight feet blondie .mpg.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\sperm lingerie [milf] 40+ (Sonja).mpg.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\russian beast hot (!) titts .rar.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\spanish nude masturbation .avi.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\fetish action hidden legs swallow (Melissa,Samantha).avi.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\handjob animal sleeping lady (Sonja,Jenna).mpeg.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\cum fetish hot (!) vagina .mpg.exe	804c4ec6ed801fd3591a32459f5f6240N.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\brasilian fucking big .mpg.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\german lesbian several models granny .rar.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Program Files (x86)\Google\Temp\norwegian bukkake sleeping .mpeg.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Program Files (x86)\Google\Update\Download\asian beast handjob sleeping swallow .mpg.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Program Files\Microsoft Office\root\Templates\blowjob beastiality hidden traffic .zip.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\norwegian bukkake bukkake several models .rar.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\british animal licking titts mistress .zip.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Program Files\Common Files\microsoft shared\asian action gang bang [milf] .mpeg.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Program Files\dotnet\shared\sperm public .rar.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\fetish gay hidden swallow .mpeg.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Program Files (x86)\Microsoft\Temp\spanish sperm cumshot voyeur .avi.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\british kicking fetish big 40+ (Sarah,Gina).zip.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\porn blowjob public .rar.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\bukkake animal full movie latex .mpeg.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\japanese trambling beast hidden ejaculation (Samantha).mpg.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\horse licking feet (Christine).zip.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\action nude [free] fishy (Jenna,Jenna).mpg.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\danish beast public vagina leather (Christine).mpeg.exe	804c4ec6ed801fd3591a32459f5f6240N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\british nude sleeping (Christine).mpeg.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\trambling uncut hole granny (Liz).rar.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\Downloaded Program Files\french beast hot (!) bondage .mpg.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\horse girls girly (Tatjana).avi.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\indian handjob blowjob licking lady .avi.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\cumshot licking boots .zip.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\american hardcore blowjob girls mistress (Sonja).rar.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\black blowjob masturbation .zip.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\spanish horse sperm [free] titts shoes .mpg.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\spanish fetish fetish masturbation .rar.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\malaysia kicking hardcore uncut shower .mpeg.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\canadian gay bukkake hidden high heels (Christine,Anniston).rar.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\black porn porn [free] hole (Sonja).rar.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\british beast big .mpeg.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\british blowjob cumshot [free] beautyfull .rar.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\danish fucking hardcore uncut nipples .zip.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\lingerie [bangbus] .rar.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\indian beast hardcore hot (!) sweet .avi.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\african action gay uncut 40+ .zip.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\swedish gay [bangbus] .zip.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\lesbian [bangbus] .mpeg.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\spanish cumshot nude hot (!) 50+ (Kathrin).avi.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\trambling full movie .rar.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\american beast sleeping young .zip.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\african cumshot [bangbus] .mpeg.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\indian xxx lesbian masturbation (Anniston).mpg.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\bukkake bukkake hot (!) .avi.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\horse hidden sm .avi.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\trambling several models shoes .mpeg.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\danish lingerie masturbation .avi.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\french horse big hole .zip.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\assembly\temp\malaysia trambling xxx big high heels .rar.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\norwegian gay fetish [bangbus] .zip.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\russian kicking girls (Sonja).mpg.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\british cumshot [bangbus] black hairunshaved (Curtney,Karin).rar.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\blowjob fucking [milf] .avi.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\assembly\tmp\cum bukkake [free] (Curtney,Melissa).zip.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\action uncut (Britney).rar.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\american nude full movie .mpg.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\action [free] vagina beautyfull (Jade,Curtney).zip.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\porn sperm uncut (Jenna).mpeg.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\spanish nude girls wifey .mpeg.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\beastiality horse hidden bondage (Jenna).zip.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\american trambling animal hot (!) .avi.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\british beast animal girls .mpg.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\security\templates\russian blowjob masturbation lady .avi.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\fucking beastiality several models .mpg.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\danish lingerie uncut mistress .mpeg.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\indian lingerie sleeping .mpeg.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\american fetish [bangbus] glans shoes .zip.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\cumshot public cock leather (Janette,Sarah).mpg.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\cum hardcore lesbian (Tatjana,Curtney).avi.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\russian bukkake hidden granny (Karin,Melissa).avi.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\xxx nude [milf] nipples 40+ .mpeg.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\japanese horse licking cock ejaculation (Liz,Sarah).mpg.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\spanish beastiality hidden castration .avi.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\chinese nude [free] hotel (Melissa).rar.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\trambling sleeping .rar.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\danish kicking hot (!) feet .mpeg.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\japanese horse cum public .mpeg.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\african trambling lesbian vagina .avi.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\SoftwareDistribution\Download\malaysia handjob public stockings .mpeg.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\canadian hardcore masturbation pregnant .mpg.exe	804c4ec6ed801fd3591a32459f5f6240N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\spanish fucking nude voyeur beautyfull (Sonja).avi.exe	804c4ec6ed801fd3591a32459f5f6240N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3852	804c4ec6ed801fd3591a32459f5f6240N.exe
3852	804c4ec6ed801fd3591a32459f5f6240N.exe
3164	804c4ec6ed801fd3591a32459f5f6240N.exe
3164	804c4ec6ed801fd3591a32459f5f6240N.exe
3852	804c4ec6ed801fd3591a32459f5f6240N.exe
3852	804c4ec6ed801fd3591a32459f5f6240N.exe
756	804c4ec6ed801fd3591a32459f5f6240N.exe
756	804c4ec6ed801fd3591a32459f5f6240N.exe
3852	804c4ec6ed801fd3591a32459f5f6240N.exe
3852	804c4ec6ed801fd3591a32459f5f6240N.exe
4224	804c4ec6ed801fd3591a32459f5f6240N.exe
4224	804c4ec6ed801fd3591a32459f5f6240N.exe
3164	804c4ec6ed801fd3591a32459f5f6240N.exe
3164	804c4ec6ed801fd3591a32459f5f6240N.exe
3144	804c4ec6ed801fd3591a32459f5f6240N.exe
3144	804c4ec6ed801fd3591a32459f5f6240N.exe
2796	804c4ec6ed801fd3591a32459f5f6240N.exe
2796	804c4ec6ed801fd3591a32459f5f6240N.exe
756	804c4ec6ed801fd3591a32459f5f6240N.exe
756	804c4ec6ed801fd3591a32459f5f6240N.exe
3852	804c4ec6ed801fd3591a32459f5f6240N.exe
3852	804c4ec6ed801fd3591a32459f5f6240N.exe
2124	804c4ec6ed801fd3591a32459f5f6240N.exe
2124	804c4ec6ed801fd3591a32459f5f6240N.exe
3164	804c4ec6ed801fd3591a32459f5f6240N.exe
3164	804c4ec6ed801fd3591a32459f5f6240N.exe
1204	804c4ec6ed801fd3591a32459f5f6240N.exe
1204	804c4ec6ed801fd3591a32459f5f6240N.exe
4224	804c4ec6ed801fd3591a32459f5f6240N.exe
4224	804c4ec6ed801fd3591a32459f5f6240N.exe
4640	804c4ec6ed801fd3591a32459f5f6240N.exe
4640	804c4ec6ed801fd3591a32459f5f6240N.exe
3144	804c4ec6ed801fd3591a32459f5f6240N.exe
3144	804c4ec6ed801fd3591a32459f5f6240N.exe
1544	804c4ec6ed801fd3591a32459f5f6240N.exe
1544	804c4ec6ed801fd3591a32459f5f6240N.exe
2112	804c4ec6ed801fd3591a32459f5f6240N.exe
2112	804c4ec6ed801fd3591a32459f5f6240N.exe
756	804c4ec6ed801fd3591a32459f5f6240N.exe
756	804c4ec6ed801fd3591a32459f5f6240N.exe
3852	804c4ec6ed801fd3591a32459f5f6240N.exe
3852	804c4ec6ed801fd3591a32459f5f6240N.exe
1796	804c4ec6ed801fd3591a32459f5f6240N.exe
1796	804c4ec6ed801fd3591a32459f5f6240N.exe
536	804c4ec6ed801fd3591a32459f5f6240N.exe
536	804c4ec6ed801fd3591a32459f5f6240N.exe
3164	804c4ec6ed801fd3591a32459f5f6240N.exe
3164	804c4ec6ed801fd3591a32459f5f6240N.exe
2796	804c4ec6ed801fd3591a32459f5f6240N.exe
2796	804c4ec6ed801fd3591a32459f5f6240N.exe
4300	804c4ec6ed801fd3591a32459f5f6240N.exe
4300	804c4ec6ed801fd3591a32459f5f6240N.exe
4520	804c4ec6ed801fd3591a32459f5f6240N.exe
4520	804c4ec6ed801fd3591a32459f5f6240N.exe
2124	804c4ec6ed801fd3591a32459f5f6240N.exe
2124	804c4ec6ed801fd3591a32459f5f6240N.exe
4224	804c4ec6ed801fd3591a32459f5f6240N.exe
4224	804c4ec6ed801fd3591a32459f5f6240N.exe
4808	804c4ec6ed801fd3591a32459f5f6240N.exe
4808	804c4ec6ed801fd3591a32459f5f6240N.exe
1204	804c4ec6ed801fd3591a32459f5f6240N.exe
1204	804c4ec6ed801fd3591a32459f5f6240N.exe
5096	804c4ec6ed801fd3591a32459f5f6240N.exe
5096	804c4ec6ed801fd3591a32459f5f6240N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3852 wrote to memory of 3164	3852	804c4ec6ed801fd3591a32459f5f6240N.exe	86
PID 3852 wrote to memory of 3164	3852	804c4ec6ed801fd3591a32459f5f6240N.exe	86
PID 3852 wrote to memory of 3164	3852	804c4ec6ed801fd3591a32459f5f6240N.exe	86
PID 3852 wrote to memory of 756	3852	804c4ec6ed801fd3591a32459f5f6240N.exe	87
PID 3852 wrote to memory of 756	3852	804c4ec6ed801fd3591a32459f5f6240N.exe	87
PID 3852 wrote to memory of 756	3852	804c4ec6ed801fd3591a32459f5f6240N.exe	87
PID 3164 wrote to memory of 4224	3164	804c4ec6ed801fd3591a32459f5f6240N.exe	88
PID 3164 wrote to memory of 4224	3164	804c4ec6ed801fd3591a32459f5f6240N.exe	88
PID 3164 wrote to memory of 4224	3164	804c4ec6ed801fd3591a32459f5f6240N.exe	88
PID 756 wrote to memory of 3144	756	804c4ec6ed801fd3591a32459f5f6240N.exe	89
PID 756 wrote to memory of 3144	756	804c4ec6ed801fd3591a32459f5f6240N.exe	89
PID 756 wrote to memory of 3144	756	804c4ec6ed801fd3591a32459f5f6240N.exe	89
PID 3852 wrote to memory of 2796	3852	804c4ec6ed801fd3591a32459f5f6240N.exe	90
PID 3852 wrote to memory of 2796	3852	804c4ec6ed801fd3591a32459f5f6240N.exe	90
PID 3852 wrote to memory of 2796	3852	804c4ec6ed801fd3591a32459f5f6240N.exe	90
PID 3164 wrote to memory of 2124	3164	804c4ec6ed801fd3591a32459f5f6240N.exe	91
PID 3164 wrote to memory of 2124	3164	804c4ec6ed801fd3591a32459f5f6240N.exe	91
PID 3164 wrote to memory of 2124	3164	804c4ec6ed801fd3591a32459f5f6240N.exe	91
PID 4224 wrote to memory of 1204	4224	804c4ec6ed801fd3591a32459f5f6240N.exe	92
PID 4224 wrote to memory of 1204	4224	804c4ec6ed801fd3591a32459f5f6240N.exe	92
PID 4224 wrote to memory of 1204	4224	804c4ec6ed801fd3591a32459f5f6240N.exe	92
PID 3144 wrote to memory of 4640	3144	804c4ec6ed801fd3591a32459f5f6240N.exe	93
PID 3144 wrote to memory of 4640	3144	804c4ec6ed801fd3591a32459f5f6240N.exe	93
PID 3144 wrote to memory of 4640	3144	804c4ec6ed801fd3591a32459f5f6240N.exe	93
PID 756 wrote to memory of 1544	756	804c4ec6ed801fd3591a32459f5f6240N.exe	94
PID 756 wrote to memory of 1544	756	804c4ec6ed801fd3591a32459f5f6240N.exe	94
PID 756 wrote to memory of 1544	756	804c4ec6ed801fd3591a32459f5f6240N.exe	94
PID 3852 wrote to memory of 2112	3852	804c4ec6ed801fd3591a32459f5f6240N.exe	95
PID 3852 wrote to memory of 2112	3852	804c4ec6ed801fd3591a32459f5f6240N.exe	95
PID 3852 wrote to memory of 2112	3852	804c4ec6ed801fd3591a32459f5f6240N.exe	95
PID 2796 wrote to memory of 1796	2796	804c4ec6ed801fd3591a32459f5f6240N.exe	96
PID 2796 wrote to memory of 1796	2796	804c4ec6ed801fd3591a32459f5f6240N.exe	96
PID 2796 wrote to memory of 1796	2796	804c4ec6ed801fd3591a32459f5f6240N.exe	96
PID 3164 wrote to memory of 536	3164	804c4ec6ed801fd3591a32459f5f6240N.exe	97
PID 3164 wrote to memory of 536	3164	804c4ec6ed801fd3591a32459f5f6240N.exe	97
PID 3164 wrote to memory of 536	3164	804c4ec6ed801fd3591a32459f5f6240N.exe	97
PID 4224 wrote to memory of 4300	4224	804c4ec6ed801fd3591a32459f5f6240N.exe	98
PID 4224 wrote to memory of 4300	4224	804c4ec6ed801fd3591a32459f5f6240N.exe	98
PID 4224 wrote to memory of 4300	4224	804c4ec6ed801fd3591a32459f5f6240N.exe	98
PID 2124 wrote to memory of 4808	2124	804c4ec6ed801fd3591a32459f5f6240N.exe	99
PID 2124 wrote to memory of 4808	2124	804c4ec6ed801fd3591a32459f5f6240N.exe	99
PID 2124 wrote to memory of 4808	2124	804c4ec6ed801fd3591a32459f5f6240N.exe	99
PID 1204 wrote to memory of 4520	1204	804c4ec6ed801fd3591a32459f5f6240N.exe	100
PID 1204 wrote to memory of 4520	1204	804c4ec6ed801fd3591a32459f5f6240N.exe	100
PID 1204 wrote to memory of 4520	1204	804c4ec6ed801fd3591a32459f5f6240N.exe	100
PID 3144 wrote to memory of 5096	3144	804c4ec6ed801fd3591a32459f5f6240N.exe	101
PID 3144 wrote to memory of 5096	3144	804c4ec6ed801fd3591a32459f5f6240N.exe	101
PID 3144 wrote to memory of 5096	3144	804c4ec6ed801fd3591a32459f5f6240N.exe	101
PID 756 wrote to memory of 3252	756	804c4ec6ed801fd3591a32459f5f6240N.exe	102
PID 756 wrote to memory of 3252	756	804c4ec6ed801fd3591a32459f5f6240N.exe	102
PID 756 wrote to memory of 3252	756	804c4ec6ed801fd3591a32459f5f6240N.exe	102
PID 3852 wrote to memory of 3004	3852	804c4ec6ed801fd3591a32459f5f6240N.exe	103
PID 3852 wrote to memory of 3004	3852	804c4ec6ed801fd3591a32459f5f6240N.exe	103
PID 3852 wrote to memory of 3004	3852	804c4ec6ed801fd3591a32459f5f6240N.exe	103
PID 2796 wrote to memory of 4548	2796	804c4ec6ed801fd3591a32459f5f6240N.exe	104
PID 2796 wrote to memory of 4548	2796	804c4ec6ed801fd3591a32459f5f6240N.exe	104
PID 2796 wrote to memory of 4548	2796	804c4ec6ed801fd3591a32459f5f6240N.exe	104
PID 4640 wrote to memory of 5012	4640	804c4ec6ed801fd3591a32459f5f6240N.exe	105
PID 4640 wrote to memory of 5012	4640	804c4ec6ed801fd3591a32459f5f6240N.exe	105
PID 4640 wrote to memory of 5012	4640	804c4ec6ed801fd3591a32459f5f6240N.exe	105
PID 3164 wrote to memory of 4576	3164	804c4ec6ed801fd3591a32459f5f6240N.exe	106
PID 3164 wrote to memory of 4576	3164	804c4ec6ed801fd3591a32459f5f6240N.exe	106
PID 3164 wrote to memory of 4576	3164	804c4ec6ed801fd3591a32459f5f6240N.exe	106
PID 2112 wrote to memory of 3680	2112	804c4ec6ed801fd3591a32459f5f6240N.exe	107

C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
"C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3852
- C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
  "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3164
- - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
    "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4224
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1204
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:4520
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:5804
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        8⤵
        
        PID:6344
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        9⤵
        
        PID:19948
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        8⤵
        
        PID:13140
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        8⤵
        
        PID:17608
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:6920
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        8⤵
        
        PID:12888
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        8⤵
        
        PID:17280
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:9756
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        8⤵
        
        PID:19940
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:12392
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:16860
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:3984
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:8104
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        8⤵
        
        PID:13428
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        8⤵
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:11008
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        8⤵
        
        PID:24020
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:12520
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:17892
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:5964
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:11276
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        8⤵
        
        PID:10556
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:12448
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:16980
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:22448
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:12840
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:17152
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:3668
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:5724
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        8⤵
        
        PID:21960
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:13048
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:17868
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:13276
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:19748
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:9804
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:19984
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:12560
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:17184
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:644
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:7992
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:16728
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:13608
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:10632
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:4620
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:12536
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:17136
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:4904
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:13108
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:17232
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:8436
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:22000
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:12824
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:17128
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4300
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:4136
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:9348
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        8⤵
        
        PID:19700
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:12712
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:17108
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:808
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:12980
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:17520
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:8328
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:21928
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:12832
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:17100
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:2492
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:13180
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:17508
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:9876
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:16372
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:11600
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:12552
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:16900
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:5984
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:12872
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:17224
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:8428
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:19804
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:12792
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:19732
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:4668
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:5660
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:19964
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:12688
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:16964
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:6844
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:13172
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:17940
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:9724
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:4124
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:12032
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:12568
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:17004
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:1828
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:8388
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:20364
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:12784
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:17248
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:6136
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:11316
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:12368
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:16780
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:8420
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:1308
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:23972
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:12800
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:18544
- - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
    "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2124
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4808
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:4812
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:9616
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        8⤵
        
        PID:19820
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:12616
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:17076
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:19708
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:9796
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:21968
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:12576
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:17052
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:2412
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:8172
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:20040
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:11184
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:10616
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:12488
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:16972
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:5956
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:11248
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:12480
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:17012
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:8344
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:16316
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:11932
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:12856
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:17932
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:2376
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:5856
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:9364
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:12016
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:12704
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:16844
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:7140
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:13188
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:17876
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:9780
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:21976
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:12384
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:16788
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:1192
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:21984
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:11432
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:12432
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:16948
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:2988
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:13032
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:17304
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:8444
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:21952
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:12808
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:17296
- - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
    "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:536
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:1424
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:5864
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:9716
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:20008
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:12600
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:16828
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:6932
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:14328
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:19724
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:9656
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:15300
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:19572
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:12632
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:17084
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:4932
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:7384
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:22016
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:13060
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:17216
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:5768
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:13124
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:17884
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:8396
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:23028
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:12776
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:17168
- - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
    "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
    3⤵
    PID:4576
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:5928
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:9356
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:22344
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:12400
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:16804
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:6852
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:12904
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:18536
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:9648
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:13512
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:11936
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:12608
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:17044
- - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
    "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
    3⤵
    PID:4008
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:8380
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:19956
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:12768
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:17192
- - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
    "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
    3⤵
    PID:6128
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:12924
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:17176
- - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
    "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
    3⤵
    PID:8360
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:21936
- - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
    "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
    3⤵
    PID:12864
- - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
    "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
    3⤵
    PID:17320
- C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
  "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:756
- - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
    "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3144
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:4640
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:5012
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:5688
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:9372
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        8⤵
        
        PID:13524
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        8⤵
        
        PID:11996
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:12672
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:16908
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:6836
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:13228
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:19772
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:9748
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:18864
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:12584
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:17060
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:2032
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:7984
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:15284
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:22336
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:10620
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:12228
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:12544
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:17088
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:4780
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:13016
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:17208
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:9104
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:19788
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:12720
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:17068
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5096
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:5648
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:8112
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:5064
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:14812
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:11000
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:12496
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:16956
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:6828
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:13196
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:17900
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:9632
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:14868
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:23960
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:12648
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:17020
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:3360
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:8096
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:16916
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:10984
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:10700
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:12524
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:17036
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:3836
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:13116
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:17504
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:8412
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:19844
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:12728
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:17144
- - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
    "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:1544
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:2724
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:5872
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:9332
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:20000
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:12680
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:16988
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:6940
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:14540
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:19716
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:9788
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:2948
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:12592
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:16820
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:856
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:7392
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:1964
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:11424
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:12424
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:16940
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:5172
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:12952
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:18232
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:8528
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:16924
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:12816
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:17908
- - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
    "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
    3⤵
    PID:3252
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:5828
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:7368
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:20016
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:13132
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:17288
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:6948
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:12896
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:17924
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:9764
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:18892
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:12376
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:17028
- - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
    "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
    3⤵
    PID:2992
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:8016
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:22008
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:11440
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:12416
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:16796
- - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
    "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
    3⤵
    PID:3372
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:11256
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:12472
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:16932
- - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
    "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
    3⤵
    PID:8904
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:19812
- - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
    "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
    3⤵
    PID:12744
- - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
    "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
    3⤵
    PID:18556
- C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
  "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2796
- - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
    "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:1796
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:3468
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:5796
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        7⤵
        
        PID:20024
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:11416
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:12352
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:16868
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:6900
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:13204
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:19756
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:9620
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:16380
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:7252
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:12640
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:16996
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:3684
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:8024
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:19992
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:11448
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:12440
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:16892
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:4628
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:11208
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:12456
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:17312
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:9004
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:19780
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:12752
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:17160
- - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
    "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
    3⤵
    PID:4548
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:5836
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:9340
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:19796
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:12696
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:5104
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:6352
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:13212
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:19740
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:9772
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:19828
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:12360
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:16736
- - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
    "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
    3⤵
    PID:4944
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:8164
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:21944
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:11016
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:9076
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:12512
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:16836
- - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
    "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
    3⤵
    PID:336
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:12880
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:17328
- - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
    "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
    3⤵
    PID:8352
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:20188
- - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
    "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
    3⤵
    PID:12848
- - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
    "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
    3⤵
    PID:17272
- C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
  "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2112
- - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
    "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
    3⤵
    PID:3680
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:5700
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:8228
      - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        6⤵
        
        PID:19836
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:12736
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:17256
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:6864
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:13220
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:19764
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:9640
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:18884
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:12624
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:16400
- - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
    "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
    3⤵
    PID:5048
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:20048
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:13100
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:17264
- - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
    "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
    3⤵
    PID:4316
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:11268
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:20488
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:12464
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:16884
- - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
    "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
    3⤵
    PID:8336
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:19972
- - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
    "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
    3⤵
    PID:12912
- - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
    "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
    3⤵
    PID:17916
- C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
  "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
  2⤵
  PID:3004
- - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
    "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
    3⤵
    PID:5812
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:9380
    - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
        5⤵
        
        PID:20056
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:12656
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:17120
- - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
    "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
    3⤵
    PID:6912
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:12964
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:16392
- - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
    "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
    3⤵
    PID:9516
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:18900
- - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
    "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
    3⤵
    PID:12408
- - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
    "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
    3⤵
    PID:16852
- C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
  "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
  2⤵
  PID:3564
- - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
    "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
    3⤵
    PID:8072
  - - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
      "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
      4⤵
      PID:20032
- - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
    "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
    3⤵
    PID:11032
- - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
    "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
    3⤵
    PID:12504
- - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
    "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
    3⤵
    PID:16876
- C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
  "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
  2⤵
  PID:5972
- - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
    "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
    3⤵
    PID:12664
- - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
    "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
    3⤵
    PID:16812
- - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
    "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
    3⤵
    PID:13364
- C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
  "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
  2⤵
  PID:8372
- - C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
    "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
    3⤵
    PID:21992
- C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
  "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
  2⤵
  PID:12760
- C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe
  "C:\Users\Admin\AppData\Local\Temp\804c4ec6ed801fd3591a32459f5f6240N.exe"
  2⤵
  PID:17240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\action nude [free] fishy (Jenna,Jenna).mpg.exe

Filesize
1.2MB

MD5
61c03fb722e65a9b41d806bc08f14603

SHA1
07cd3a59906bf6d5209c4cc24203aa3a791b203a

SHA256
6f7dac3c4a2a52e61a445c2da9ed556aa62c86982b1500280845b3006db19404

SHA512
08d95cf5c4403df43ee14c8bafb89ec685290cb200f370f1c2a2bae6cf800211aef4edbe00ac0bab458ea71e822565f663b1a55c92c7126e438c67a2c3c9f109

Download Submit
C:\debug.txt

Filesize
146B

MD5
d836616a3ff02799d4bf02545b7f0d84

SHA1
0322281534a44e9a4eee5148d06157aecb807e6b

SHA256
074419c055f373e01219c2c061b7518748600a71f89678fbc70fb780972b15cc

SHA512
11c26192e5561f016a1411f688a0bc1db4387ed7af0b6f4227b7e5a94c27afcafc6452eb1518dcc73c8a3d9fdf13321ec6bb12457c989c34f346641d6fbd0790

Download Submit
memory/336-257-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/536-190-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/536-210-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/644-279-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/644-236-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/756-197-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/756-162-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/808-282-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/856-238-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/856-281-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1192-272-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1192-229-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1204-206-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1204-186-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1544-188-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1544-208-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1652-255-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1796-191-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1796-211-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/1828-280-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2032-274-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2032-231-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2112-189-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2112-209-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2124-203-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2124-185-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2412-226-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2412-270-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2492-225-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2492-269-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2724-239-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2796-202-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2796-184-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2988-261-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2992-277-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2992-234-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3004-221-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3144-201-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3144-183-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3164-194-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3164-130-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3252-200-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3252-217-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3360-235-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3360-278-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3372-262-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3468-212-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3468-240-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3564-223-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3684-271-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3684-228-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3852-192-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3852-0-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3984-224-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/3984-268-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4008-276-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4008-233-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4136-216-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4224-163-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4224-199-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4300-193-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4316-258-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4520-195-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4520-213-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4548-204-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4576-237-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4640-207-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4640-187-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4780-263-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4808-214-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4904-259-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4932-227-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4944-275-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/4944-232-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5012-222-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5012-205-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5048-230-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5048-273-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5096-198-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5096-215-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5172-260-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5688-241-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5768-264-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5796-242-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5804-247-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5812-243-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5820-244-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5828-245-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5836-246-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5856-248-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5864-249-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5872-250-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5956-266-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5964-267-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/5984-265-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/6136-256-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download