a204bcc3cfdbeac2774ab19c3103978ce9a8bc62b3145a429f231444ea863316

Analysis

max time kernel
16s
max time network
80s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15-07-2024 06:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9ff57806ea71ea1b177fd434931277c0N.exe
Size

1.1MB
MD5

9ff57806ea71ea1b177fd434931277c0
SHA1

41f59dc85fc750e63af13000086e99bf81edb676
SHA256

a204bcc3cfdbeac2774ab19c3103978ce9a8bc62b3145a429f231444ea863316
SHA512

cda797f7d9b126df69133a0d3bab8ff7564f62dc1c48320037c1a498be5054a3e2a52a0adcddb7696caf5fdbd4e770f9c3f818f44bd39ffcdb2e59b3561dfc09
SSDEEP

24576:2w5ylAUz6bMP54tWsPyPd+ZGN9OQocMMeQyYDqyI/2V+P/v6rkyQ9W:h0SUWLyPdEGLRHZe1OMsk7W

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation	9ff57806ea71ea1b177fd434931277c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation	9ff57806ea71ea1b177fd434931277c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation	9ff57806ea71ea1b177fd434931277c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation	9ff57806ea71ea1b177fd434931277c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation	9ff57806ea71ea1b177fd434931277c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation	9ff57806ea71ea1b177fd434931277c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation	9ff57806ea71ea1b177fd434931277c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation	9ff57806ea71ea1b177fd434931277c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation	9ff57806ea71ea1b177fd434931277c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation	9ff57806ea71ea1b177fd434931277c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation	9ff57806ea71ea1b177fd434931277c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation	9ff57806ea71ea1b177fd434931277c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation	9ff57806ea71ea1b177fd434931277c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation	9ff57806ea71ea1b177fd434931277c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation	9ff57806ea71ea1b177fd434931277c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation	9ff57806ea71ea1b177fd434931277c0N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	9ff57806ea71ea1b177fd434931277c0N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	9ff57806ea71ea1b177fd434931277c0N.exe
File opened (read-only)	\??\I:	9ff57806ea71ea1b177fd434931277c0N.exe
File opened (read-only)	\??\S:	9ff57806ea71ea1b177fd434931277c0N.exe
File opened (read-only)	\??\T:	9ff57806ea71ea1b177fd434931277c0N.exe
File opened (read-only)	\??\U:	9ff57806ea71ea1b177fd434931277c0N.exe
File opened (read-only)	\??\Y:	9ff57806ea71ea1b177fd434931277c0N.exe
File opened (read-only)	\??\H:	9ff57806ea71ea1b177fd434931277c0N.exe
File opened (read-only)	\??\M:	9ff57806ea71ea1b177fd434931277c0N.exe
File opened (read-only)	\??\R:	9ff57806ea71ea1b177fd434931277c0N.exe
File opened (read-only)	\??\J:	9ff57806ea71ea1b177fd434931277c0N.exe
File opened (read-only)	\??\L:	9ff57806ea71ea1b177fd434931277c0N.exe
File opened (read-only)	\??\O:	9ff57806ea71ea1b177fd434931277c0N.exe
File opened (read-only)	\??\P:	9ff57806ea71ea1b177fd434931277c0N.exe
File opened (read-only)	\??\V:	9ff57806ea71ea1b177fd434931277c0N.exe
File opened (read-only)	\??\A:	9ff57806ea71ea1b177fd434931277c0N.exe
File opened (read-only)	\??\B:	9ff57806ea71ea1b177fd434931277c0N.exe
File opened (read-only)	\??\G:	9ff57806ea71ea1b177fd434931277c0N.exe
File opened (read-only)	\??\W:	9ff57806ea71ea1b177fd434931277c0N.exe
File opened (read-only)	\??\Z:	9ff57806ea71ea1b177fd434931277c0N.exe
File opened (read-only)	\??\X:	9ff57806ea71ea1b177fd434931277c0N.exe
File opened (read-only)	\??\K:	9ff57806ea71ea1b177fd434931277c0N.exe
File opened (read-only)	\??\N:	9ff57806ea71ea1b177fd434931277c0N.exe
File opened (read-only)	\??\Q:	9ff57806ea71ea1b177fd434931277c0N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\swedish gang bang fucking public .rar.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\System32\DriverStore\Temp\indian nude trambling catfight .mpeg.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\canadian fucking masturbation feet .mpg.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\sperm masturbation hole hotel (Karin).avi.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\american action horse licking latex .zip.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\xxx voyeur hole ash (Jade).rar.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\black animal lingerie several models beautyfull (Anniston,Sarah).mpg.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\sperm several models bedroom .mpeg.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\italian kicking beast hidden titts mistress .mpg.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\italian beastiality bukkake voyeur glans mature (Jade).zip.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\xxx voyeur redhair .rar.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\gay hot (!) titts granny .avi.exe	9ff57806ea71ea1b177fd434931277c0N.exe

Drops file in Program Files directory 19 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\hardcore lesbian hole .avi.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\black action trambling [milf] titts .rar.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\american animal beast full movie hole .mpg.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\swedish cum bukkake hot (!) .avi.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Program Files (x86)\Google\Temp\gay licking glans shower .mpg.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Program Files (x86)\Google\Update\Download\japanese kicking fucking [bangbus] .rar.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Program Files\dotnet\shared\blowjob hidden .zip.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\hardcore licking .mpeg.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU7A02.tmp\danish beastiality blowjob [milf] (Curtney).mpeg.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\trambling girls castration .avi.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Program Files (x86)\Microsoft\Temp\russian cumshot gay girls .zip.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Program Files\Common Files\microsoft shared\horse [milf] hole (Gina,Sarah).zip.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Program Files\Microsoft Office\root\Templates\bukkake full movie .rar.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\italian fetish trambling big glans black hairunshaved .mpg.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\brasilian nude sperm licking .mpeg.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\kicking xxx masturbation hole (Anniston,Tatjana).mpeg.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\lesbian hidden (Janette).mpg.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\japanese action lesbian catfight hole hotel .mpg.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\fucking big penetration .zip.exe	9ff57806ea71ea1b177fd434931277c0N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\cum hardcore sleeping hotel .zip.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\tyrkish kicking horse voyeur titts wifey (Melissa).avi.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\fucking girls circumcision (Sonja,Jade).mpg.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\canadian lingerie public hole .mpeg.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\blowjob girls cock girly .mpg.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\french xxx catfight high heels .mpeg.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\indian gang bang xxx [bangbus] .avi.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\gang bang trambling voyeur redhair .rar.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\SoftwareDistribution\Download\trambling voyeur feet .mpg.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\black cumshot fucking voyeur .mpeg.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\african bukkake [milf] hole redhair .mpg.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\CbsTemp\brasilian cumshot horse hot (!) glans (Gina,Liz).mpg.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\american cum beast masturbation hole circumcision .avi.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\blowjob public cock .zip.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\japanese horse trambling licking .mpeg.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\black animal sperm voyeur circumcision .mpg.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\brasilian action lingerie several models hairy (Jenna,Liz).mpg.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-s..-kf-commondownloads_31bf3856ad364e35_10.0.19041.1_none_a914e3e3f19ceda1\beastiality sperm masturbation hairy .avi.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\InputMethod\SHARED\swedish cum trambling hidden hole (Sonja,Tatjana).mpg.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\tyrkish handjob sperm [milf] shower .avi.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\canadian gay big wifey (Anniston,Melissa).rar.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\chinese hardcore sleeping hole leather (Curtney).rar.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\kicking xxx licking redhair .rar.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\PLA\Templates\russian beastiality trambling [bangbus] hole ejaculation .rar.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\asian sperm public leather (Ashley,Melissa).avi.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\black cum bukkake lesbian (Jade).mpg.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\beast several models (Janette).avi.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\british hardcore hot (!) cock ash (Karin).mpg.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\russian action horse uncut feet sm .rar.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\malaysia xxx public blondie (Sonja,Janette).mpeg.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\porn xxx licking hole latex (Melissa).avi.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\spanish lingerie masturbation .mpeg.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\canadian fucking [bangbus] hole .zip.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\british bukkake [milf] redhair .avi.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\handjob trambling masturbation hole swallow .mpeg.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\cumshot sperm [bangbus] 50+ .rar.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\canadian horse full movie (Sarah).mpeg.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\norwegian lingerie several models YEâPSè& .zip.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\canadian fucking voyeur pregnant .avi.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\cum gay several models feet .mpg.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\blowjob [bangbus] glans boots .avi.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\hardcore voyeur (Sylvia).avi.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\xxx [bangbus] titts .mpeg.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\french hardcore hidden femdom (Ashley,Melissa).rar.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\african bukkake lesbian glans redhair .zip.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\handjob lingerie full movie feet (Anniston,Sarah).avi.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\black beastiality bukkake public cock .avi.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\japanese beastiality blowjob [bangbus] feet blondie (Tatjana).rar.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\swedish fetish blowjob [bangbus] (Sarah).rar.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\action gay lesbian .zip.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\assembly\temp\beast masturbation titts boots .rar.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\assembly\tmp\japanese nude xxx masturbation hole latex .avi.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\xxx lesbian redhair (Sonja,Samantha).rar.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\trambling voyeur (Melissa).rar.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\british xxx girls swallow .mpeg.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\chinese blowjob several models boots .mpg.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\bukkake [milf] .zip.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\malaysia xxx voyeur castration (Britney,Curtney).mpeg.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\porn hardcore hot (!) .avi.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\black animal sperm masturbation leather .rar.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\chinese gay [bangbus] 50+ (Sonja,Jade).rar.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\danish porn lingerie hot (!) YEâPSè& .mpg.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\hardcore girls .mpg.exe	9ff57806ea71ea1b177fd434931277c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\hardcore catfight feet (Kathrin,Liz).rar.exe	9ff57806ea71ea1b177fd434931277c0N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1728	9ff57806ea71ea1b177fd434931277c0N.exe
1728	9ff57806ea71ea1b177fd434931277c0N.exe
2412	9ff57806ea71ea1b177fd434931277c0N.exe
2412	9ff57806ea71ea1b177fd434931277c0N.exe
1728	9ff57806ea71ea1b177fd434931277c0N.exe
1728	9ff57806ea71ea1b177fd434931277c0N.exe
4912	9ff57806ea71ea1b177fd434931277c0N.exe
4912	9ff57806ea71ea1b177fd434931277c0N.exe
1944	9ff57806ea71ea1b177fd434931277c0N.exe
1944	9ff57806ea71ea1b177fd434931277c0N.exe
2412	9ff57806ea71ea1b177fd434931277c0N.exe
2412	9ff57806ea71ea1b177fd434931277c0N.exe
1728	9ff57806ea71ea1b177fd434931277c0N.exe
1728	9ff57806ea71ea1b177fd434931277c0N.exe
1964	9ff57806ea71ea1b177fd434931277c0N.exe
1964	9ff57806ea71ea1b177fd434931277c0N.exe
2220	9ff57806ea71ea1b177fd434931277c0N.exe
2220	9ff57806ea71ea1b177fd434931277c0N.exe
2460	9ff57806ea71ea1b177fd434931277c0N.exe
2460	9ff57806ea71ea1b177fd434931277c0N.exe
1728	9ff57806ea71ea1b177fd434931277c0N.exe
1728	9ff57806ea71ea1b177fd434931277c0N.exe
2412	9ff57806ea71ea1b177fd434931277c0N.exe
2412	9ff57806ea71ea1b177fd434931277c0N.exe
1804	9ff57806ea71ea1b177fd434931277c0N.exe
1804	9ff57806ea71ea1b177fd434931277c0N.exe
4912	9ff57806ea71ea1b177fd434931277c0N.exe
4912	9ff57806ea71ea1b177fd434931277c0N.exe
1944	9ff57806ea71ea1b177fd434931277c0N.exe
1944	9ff57806ea71ea1b177fd434931277c0N.exe
1828	9ff57806ea71ea1b177fd434931277c0N.exe
1828	9ff57806ea71ea1b177fd434931277c0N.exe
2728	9ff57806ea71ea1b177fd434931277c0N.exe
2728	9ff57806ea71ea1b177fd434931277c0N.exe
1728	9ff57806ea71ea1b177fd434931277c0N.exe
1728	9ff57806ea71ea1b177fd434931277c0N.exe
1964	9ff57806ea71ea1b177fd434931277c0N.exe
1964	9ff57806ea71ea1b177fd434931277c0N.exe
1420	9ff57806ea71ea1b177fd434931277c0N.exe
1420	9ff57806ea71ea1b177fd434931277c0N.exe
2412	9ff57806ea71ea1b177fd434931277c0N.exe
2412	9ff57806ea71ea1b177fd434931277c0N.exe
4324	9ff57806ea71ea1b177fd434931277c0N.exe
4324	9ff57806ea71ea1b177fd434931277c0N.exe
1892	9ff57806ea71ea1b177fd434931277c0N.exe
1892	9ff57806ea71ea1b177fd434931277c0N.exe
1608	9ff57806ea71ea1b177fd434931277c0N.exe
1608	9ff57806ea71ea1b177fd434931277c0N.exe
4912	9ff57806ea71ea1b177fd434931277c0N.exe
1944	9ff57806ea71ea1b177fd434931277c0N.exe
1944	9ff57806ea71ea1b177fd434931277c0N.exe
4912	9ff57806ea71ea1b177fd434931277c0N.exe
2220	9ff57806ea71ea1b177fd434931277c0N.exe
2220	9ff57806ea71ea1b177fd434931277c0N.exe
4460	9ff57806ea71ea1b177fd434931277c0N.exe
4460	9ff57806ea71ea1b177fd434931277c0N.exe
1752	9ff57806ea71ea1b177fd434931277c0N.exe
1752	9ff57806ea71ea1b177fd434931277c0N.exe
1804	9ff57806ea71ea1b177fd434931277c0N.exe
1804	9ff57806ea71ea1b177fd434931277c0N.exe
2460	9ff57806ea71ea1b177fd434931277c0N.exe
2460	9ff57806ea71ea1b177fd434931277c0N.exe
4856	9ff57806ea71ea1b177fd434931277c0N.exe
4856	9ff57806ea71ea1b177fd434931277c0N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1728 wrote to memory of 2412	1728	9ff57806ea71ea1b177fd434931277c0N.exe	86
PID 1728 wrote to memory of 2412	1728	9ff57806ea71ea1b177fd434931277c0N.exe	86
PID 1728 wrote to memory of 2412	1728	9ff57806ea71ea1b177fd434931277c0N.exe	86
PID 2412 wrote to memory of 4912	2412	9ff57806ea71ea1b177fd434931277c0N.exe	87
PID 2412 wrote to memory of 4912	2412	9ff57806ea71ea1b177fd434931277c0N.exe	87
PID 2412 wrote to memory of 4912	2412	9ff57806ea71ea1b177fd434931277c0N.exe	87
PID 1728 wrote to memory of 1944	1728	9ff57806ea71ea1b177fd434931277c0N.exe	88
PID 1728 wrote to memory of 1944	1728	9ff57806ea71ea1b177fd434931277c0N.exe	88
PID 1728 wrote to memory of 1944	1728	9ff57806ea71ea1b177fd434931277c0N.exe	88
PID 1728 wrote to memory of 2220	1728	9ff57806ea71ea1b177fd434931277c0N.exe	89
PID 1728 wrote to memory of 2220	1728	9ff57806ea71ea1b177fd434931277c0N.exe	89
PID 1728 wrote to memory of 2220	1728	9ff57806ea71ea1b177fd434931277c0N.exe	89
PID 2412 wrote to memory of 1964	2412	9ff57806ea71ea1b177fd434931277c0N.exe	90
PID 2412 wrote to memory of 1964	2412	9ff57806ea71ea1b177fd434931277c0N.exe	90
PID 2412 wrote to memory of 1964	2412	9ff57806ea71ea1b177fd434931277c0N.exe	90
PID 4912 wrote to memory of 2460	4912	9ff57806ea71ea1b177fd434931277c0N.exe	91
PID 4912 wrote to memory of 2460	4912	9ff57806ea71ea1b177fd434931277c0N.exe	91
PID 4912 wrote to memory of 2460	4912	9ff57806ea71ea1b177fd434931277c0N.exe	91
PID 1944 wrote to memory of 1804	1944	9ff57806ea71ea1b177fd434931277c0N.exe	92
PID 1944 wrote to memory of 1804	1944	9ff57806ea71ea1b177fd434931277c0N.exe	92
PID 1944 wrote to memory of 1804	1944	9ff57806ea71ea1b177fd434931277c0N.exe	92
PID 1964 wrote to memory of 1828	1964	9ff57806ea71ea1b177fd434931277c0N.exe	93
PID 1964 wrote to memory of 1828	1964	9ff57806ea71ea1b177fd434931277c0N.exe	93
PID 1964 wrote to memory of 1828	1964	9ff57806ea71ea1b177fd434931277c0N.exe	93
PID 1728 wrote to memory of 2728	1728	9ff57806ea71ea1b177fd434931277c0N.exe	94
PID 1728 wrote to memory of 2728	1728	9ff57806ea71ea1b177fd434931277c0N.exe	94
PID 1728 wrote to memory of 2728	1728	9ff57806ea71ea1b177fd434931277c0N.exe	94
PID 2412 wrote to memory of 1420	2412	9ff57806ea71ea1b177fd434931277c0N.exe	95
PID 2412 wrote to memory of 1420	2412	9ff57806ea71ea1b177fd434931277c0N.exe	95
PID 2412 wrote to memory of 1420	2412	9ff57806ea71ea1b177fd434931277c0N.exe	95
PID 4912 wrote to memory of 4324	4912	9ff57806ea71ea1b177fd434931277c0N.exe	96
PID 4912 wrote to memory of 4324	4912	9ff57806ea71ea1b177fd434931277c0N.exe	96
PID 4912 wrote to memory of 4324	4912	9ff57806ea71ea1b177fd434931277c0N.exe	96
PID 1944 wrote to memory of 1892	1944	9ff57806ea71ea1b177fd434931277c0N.exe	97
PID 1944 wrote to memory of 1892	1944	9ff57806ea71ea1b177fd434931277c0N.exe	97
PID 1944 wrote to memory of 1892	1944	9ff57806ea71ea1b177fd434931277c0N.exe	97
PID 2220 wrote to memory of 1608	2220	9ff57806ea71ea1b177fd434931277c0N.exe	98
PID 2220 wrote to memory of 1608	2220	9ff57806ea71ea1b177fd434931277c0N.exe	98
PID 2220 wrote to memory of 1608	2220	9ff57806ea71ea1b177fd434931277c0N.exe	98
PID 1804 wrote to memory of 4460	1804	9ff57806ea71ea1b177fd434931277c0N.exe	99
PID 1804 wrote to memory of 4460	1804	9ff57806ea71ea1b177fd434931277c0N.exe	99
PID 1804 wrote to memory of 4460	1804	9ff57806ea71ea1b177fd434931277c0N.exe	99
PID 2460 wrote to memory of 1752	2460	9ff57806ea71ea1b177fd434931277c0N.exe	100
PID 2460 wrote to memory of 1752	2460	9ff57806ea71ea1b177fd434931277c0N.exe	100
PID 2460 wrote to memory of 1752	2460	9ff57806ea71ea1b177fd434931277c0N.exe	100
PID 1728 wrote to memory of 4856	1728	9ff57806ea71ea1b177fd434931277c0N.exe	101
PID 1728 wrote to memory of 4856	1728	9ff57806ea71ea1b177fd434931277c0N.exe	101
PID 1728 wrote to memory of 4856	1728	9ff57806ea71ea1b177fd434931277c0N.exe	101
PID 1964 wrote to memory of 1404	1964	9ff57806ea71ea1b177fd434931277c0N.exe	102
PID 1964 wrote to memory of 1404	1964	9ff57806ea71ea1b177fd434931277c0N.exe	102
PID 1964 wrote to memory of 1404	1964	9ff57806ea71ea1b177fd434931277c0N.exe	102
PID 2412 wrote to memory of 1748	2412	9ff57806ea71ea1b177fd434931277c0N.exe	103
PID 2412 wrote to memory of 1748	2412	9ff57806ea71ea1b177fd434931277c0N.exe	103
PID 2412 wrote to memory of 1748	2412	9ff57806ea71ea1b177fd434931277c0N.exe	103
PID 1944 wrote to memory of 4504	1944	9ff57806ea71ea1b177fd434931277c0N.exe	104
PID 1944 wrote to memory of 4504	1944	9ff57806ea71ea1b177fd434931277c0N.exe	104
PID 1944 wrote to memory of 4504	1944	9ff57806ea71ea1b177fd434931277c0N.exe	104
PID 4912 wrote to memory of 5044	4912	9ff57806ea71ea1b177fd434931277c0N.exe	105
PID 4912 wrote to memory of 5044	4912	9ff57806ea71ea1b177fd434931277c0N.exe	105
PID 4912 wrote to memory of 5044	4912	9ff57806ea71ea1b177fd434931277c0N.exe	105
PID 2728 wrote to memory of 828	2728	9ff57806ea71ea1b177fd434931277c0N.exe	106
PID 2728 wrote to memory of 828	2728	9ff57806ea71ea1b177fd434931277c0N.exe	106
PID 2728 wrote to memory of 828	2728	9ff57806ea71ea1b177fd434931277c0N.exe	106
PID 2220 wrote to memory of 4412	2220	9ff57806ea71ea1b177fd434931277c0N.exe	107

C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
"C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1728
- C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2412
- - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4912
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2460
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:1752
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        8⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        9⤵
        
        PID:17084
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        8⤵
        
        PID:11504
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        9⤵
        
        PID:21856
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        8⤵
        
        PID:3828
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        8⤵
        
        PID:19132
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        8⤵
        
        PID:16660
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        8⤵
        
        PID:23016
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:9940
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:14568
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:19684
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:5016
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        8⤵
        
        PID:16132
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        8⤵
        
        PID:22048
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:9988
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        8⤵
        
        PID:24692
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:14560
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:19708
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:5972
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:12696
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:14240
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:18980
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:8616
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:13084
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:14192
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:19888
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:4768
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:5596
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:8592
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:13016
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:14272
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:18988
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:16136
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:22040
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:9960
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:14456
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:19356
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:3600
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:21840
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:10764
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:2952
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:1536
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:19896
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:5948
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:12112
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:21816
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:14804
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:19816
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:8104
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:16676
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:23424
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:10772
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:22932
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:14576
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:19644
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4324
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:3028
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:5456
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:9220
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:14592
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:19856
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:6700
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:14368
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:19276
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:9872
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:21732
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:14552
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:19700
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:2132
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:7452
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:14748
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:19824
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:10644
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:22080
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:14384
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:19628
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:6036
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:12128
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:18792
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:14112
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:19116
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:8584
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:25036
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:13000
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:14208
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:19880
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:5044
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:5676
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:8248
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:21824
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:11436
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:20324
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:2976
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:19108
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:7036
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:16880
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:24456
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:9916
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:24776
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:14528
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:19788
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:4388
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:6868
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:16636
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:24128
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:9888
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:14536
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:20284
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:5988
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:12104
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:4572
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:19740
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:8560
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:13076
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:14200
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:18956
- - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1964
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:1828
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:2016
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:9032
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        8⤵
        
        PID:24760
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:14652
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:19748
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:16028
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:22104
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:9900
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:4124
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:14496
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:20300
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:2892
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:7416
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:18368
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:10096
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:1744
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:14416
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:19716
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:6028
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:11452
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:21724
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:1600
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:19076
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:8940
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:14660
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:19840
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:1404
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:5652
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:8568
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:24752
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:13032
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:14288
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:19772
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:7012
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:16644
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:22908
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:10040
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:14408
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:19312
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:672
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:8296
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:25028
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:12588
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:14304
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:19044
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:6052
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:12356
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:14320
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:19692
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:8288
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:16864
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:24744
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:12208
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:12912
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:19084
- - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:1420
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:928
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:5820
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:9764
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:14544
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:19636
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:7164
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:18528
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:9976
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:23000
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:14168
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:18932
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:2104
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:7740
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:16792
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:24360
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:10104
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:14352
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:19848
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:6004
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:11544
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:20292
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:3392
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:19092
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:8280
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:16856
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:6496
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:12200
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:25208
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:12344
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:19660
- - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
    3⤵
    PID:1748
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:5512
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:8608
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:24768
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:14600
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:19732
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:6852
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:16684
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:24136
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:9908
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:14512
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:19780
- - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
    3⤵
    PID:2124
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:7580
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:14924
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:19920
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:10024
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:14432
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:19340
- - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
    3⤵
    PID:6060
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:11928
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:24700
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:4580
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:19872
- - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
    3⤵
    PID:8388
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:16848
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:24424
- - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
    3⤵
    PID:12824
- - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
    3⤵
    PID:14248
- - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
    3⤵
    PID:19028
- C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1944
- - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1804
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4460
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:3864
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:5772
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        8⤵
        
        PID:21544
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:12836
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:14232
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:19196
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:17236
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:9968
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:14160
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:18964
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:3172
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:8188
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:18428
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:11444
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:21748
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:1516
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:19676
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:5980
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:12216
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:20268
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:14328
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:19148
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:8552
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:25196
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:14724
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:19832
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:4796
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:5624
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:17412
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:11460
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:20488
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:4648
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:19100
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:6996
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:16628
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:22900
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:9924
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:21536
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:14488
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:19620
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:1072
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:7648
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:16652
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:24728
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:10072
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:2832
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:14448
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:19348
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:5996
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:10744
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:21764
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:14360
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:19204
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:8600
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:13008
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:14256
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:19060
- - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:1892
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:4212
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:5612
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:8260
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:21552
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:11828
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:14152
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:18940
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:7004
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:16604
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:22088
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:9932
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:21832
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:14504
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:20276
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:1268
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:7748
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:16524
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:22056
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:10080
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:14424
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:19912
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:5964
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:12364
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:14312
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:18996
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:8536
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:12848
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:14280
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:19052
- - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
    3⤵
    PID:4504
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:5520
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:9072
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:14644
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:19864
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:6988
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:16612
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:22916
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:10088
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:25284
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:14400
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:19296
- - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
    3⤵
    PID:4524
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:7820
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:17076
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:10056
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:24120
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:14344
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:19068
- - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
    3⤵
    PID:6116
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:12680
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:14296
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:19224
- - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
    3⤵
    PID:8632
- - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
    3⤵
    PID:14692
- - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
    3⤵
    PID:19904
- C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2220
- - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:1608
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:1116
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:5504
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:8908
        
        C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        7⤵
        
        PID:25316
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:13092
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:14216
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:18972
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:6860
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:16012
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:22032
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:9880
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:21756
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:14520
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:19928
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:2140
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:7664
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:16668
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:23008
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:10032
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:14440
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:19936
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:6020
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:11868
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:18728
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:5004
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:19668
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:8576
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:13024
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:14176
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:19764
- - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
    3⤵
    PID:4412
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:5804
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:9772
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:14584
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:20316
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:7156
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:16020
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:22096
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:9952
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:14472
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:19380
- - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
    3⤵
    PID:3252
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:7968
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:16872
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:24448
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:10652
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:4224
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:14392
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:19328
- - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
    3⤵
    PID:6012
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:12120
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:14124
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:19140
- - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
    3⤵
    PID:8624
- - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
    3⤵
    PID:13100
- - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
    3⤵
    PID:14224
- - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
    3⤵
    PID:19036
- C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2728
- - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
    3⤵
    PID:828
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:5828
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:8200
      - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        6⤵
        
        PID:17244
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:11604
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:3360
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:19756
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:7124
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:16620
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:22924
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:10048
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:4180
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:14464
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:19388
- - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
    3⤵
    PID:3040
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:8044
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:16800
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:24736
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:10752
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:21740
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:14376
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:19124
- - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
    3⤵
    PID:5956
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:12916
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:14264
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:19004
- - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
    3⤵
    PID:8112
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:18576
- - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
    3⤵
    PID:10792
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:21848
- - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
    3⤵
    PID:14136
- - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
    3⤵
    PID:20308
- C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4856
- - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
    3⤵
    PID:5604
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:8124
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:16840
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:7048
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:11144
    - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
        5⤵
        
        PID:22064
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:2692
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:19652
- - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
    3⤵
    PID:4296
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:17196
- - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
    3⤵
    PID:10064
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:24864
- - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
    3⤵
    PID:14480
- - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
    3⤵
    PID:19528
- C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
  2⤵
  PID:3368
- - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
    3⤵
    PID:8136
- - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
    3⤵
    PID:11128
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:22072
- - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
    3⤵
    PID:5000
- - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
    3⤵
    PID:19232
- C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
  2⤵
  PID:6044
- - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
    3⤵
    PID:12084
  - - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
      4⤵
      PID:24716
- - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
    3⤵
    PID:14104
- - C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
    3⤵
    PID:19724
- C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
  2⤵
  PID:8544
- C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
  2⤵
  PID:13044
- C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
  2⤵
  PID:14184
- C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\9ff57806ea71ea1b177fd434931277c0N.exe"
  2⤵
  PID:18948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\lesbian hidden (Janette).mpg.exe

Filesize
468KB

MD5
1e02d02551eb9a95cae05af4d73f8bcf

SHA1
11b1ec3e50e6c2c66c985707411b90f86ae3b61f

SHA256
093ca8ed0766c1413f7773ad63adb46ca445ba34db1f6c7bc83970dec343e64e

SHA512
3bd22079b4a73dcb2e7efa4a01eedb1e2e0ea9e50c248fe09669308cd8a79df338c83027fc6a8cb356f2b3000988140ea7ad4ed2e7d2ffa357fc252eeeca985e

Download Submit
C:\debug.txt

Filesize
146B

MD5
b325ce8f08e3d7b40be1d4753539d36c

SHA1
05f61d93ca55d4a805eece6b1bd2ff93e36ee88d

SHA256
1ef73190f187a22ca611fc5af56d16cc1653d2b5c7c51528a5d0f90cdf61e392

SHA512
a8e36fadbf587cdcfeb45c233aaaa2c89ed881e0aacefc8ae95e8af3958d4c163da0950363ecac3f21e0e2e4e53cb8c22a1b6cb6ec76cee1cdfca5abc1a8ba41

Download Submit