5ae321a4379ebd4e01f7e02ae94c5be67712eeef3437324bb5234406ef51dfd9

Analysis

max time kernel
11s
max time network
4s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
16/07/2024, 04:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6f19b5c81d8a669fba241880c6497340N.exe
Size

517KB
MD5

6f19b5c81d8a669fba241880c6497340
SHA1

560376f70b83b6f61c66a5bddbd852660d133b53
SHA256

5ae321a4379ebd4e01f7e02ae94c5be67712eeef3437324bb5234406ef51dfd9
SHA512

7fd3f245e5bf9096640dcf8b2ef30fcd81f861f02cdbbb9a80b0d1ffa5dd3b77fa3f884b09b1a0b7b5294f62e2d29825ad8b7a978993710a80581dafde4c9721
SSDEEP

12288:bPKL8qO4DuG+uFsXO51cOQ0TmQbT2NFk20RIgM4jTJiN4N+W:bSL//FsXOUOtVT2NDujTg40W

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 14 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	6f19b5c81d8a669fba241880c6497340N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	6f19b5c81d8a669fba241880c6497340N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	6f19b5c81d8a669fba241880c6497340N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	6f19b5c81d8a669fba241880c6497340N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	6f19b5c81d8a669fba241880c6497340N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	6f19b5c81d8a669fba241880c6497340N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	6f19b5c81d8a669fba241880c6497340N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	6f19b5c81d8a669fba241880c6497340N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	6f19b5c81d8a669fba241880c6497340N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	6f19b5c81d8a669fba241880c6497340N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	6f19b5c81d8a669fba241880c6497340N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	6f19b5c81d8a669fba241880c6497340N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	6f19b5c81d8a669fba241880c6497340N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	6f19b5c81d8a669fba241880c6497340N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2024-0-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/files/0x00070000000234c9-5.dat	upx
behavioral2/memory/384-38-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2356-206-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/8-207-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4408-226-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4956-227-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2776-228-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4016-231-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5056-240-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2024-241-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2316-243-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2100-242-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4904-244-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1760-246-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/384-245-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2356-247-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/8-249-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/860-250-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4516-252-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4408-251-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/800-255-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4956-254-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1596-253-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4212-258-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4272-257-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4016-259-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2776-256-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2100-262-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3736-261-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5056-260-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2316-263-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/852-266-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4904-265-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4324-264-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4748-267-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1596-275-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2092-274-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2416-273-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4200-272-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/860-271-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3804-277-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/800-276-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4212-279-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4272-278-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1396-281-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3552-282-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3736-280-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4836-284-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4748-283-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4480-285-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2092-289-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2416-288-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5584-302-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5628-296-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5924-303-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5576-301-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5660-300-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5652-299-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4624-298-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5636-297-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5620-295-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5612-294-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3804-293-0x0000000000400000-0x000000000041D000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	6f19b5c81d8a669fba241880c6497340N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Z:	6f19b5c81d8a669fba241880c6497340N.exe
File opened (read-only)	\??\A:	6f19b5c81d8a669fba241880c6497340N.exe
File opened (read-only)	\??\H:	6f19b5c81d8a669fba241880c6497340N.exe
File opened (read-only)	\??\Q:	6f19b5c81d8a669fba241880c6497340N.exe
File opened (read-only)	\??\O:	6f19b5c81d8a669fba241880c6497340N.exe
File opened (read-only)	\??\S:	6f19b5c81d8a669fba241880c6497340N.exe
File opened (read-only)	\??\X:	6f19b5c81d8a669fba241880c6497340N.exe
File opened (read-only)	\??\E:	6f19b5c81d8a669fba241880c6497340N.exe
File opened (read-only)	\??\L:	6f19b5c81d8a669fba241880c6497340N.exe
File opened (read-only)	\??\M:	6f19b5c81d8a669fba241880c6497340N.exe
File opened (read-only)	\??\N:	6f19b5c81d8a669fba241880c6497340N.exe
File opened (read-only)	\??\P:	6f19b5c81d8a669fba241880c6497340N.exe
File opened (read-only)	\??\R:	6f19b5c81d8a669fba241880c6497340N.exe
File opened (read-only)	\??\U:	6f19b5c81d8a669fba241880c6497340N.exe
File opened (read-only)	\??\V:	6f19b5c81d8a669fba241880c6497340N.exe
File opened (read-only)	\??\B:	6f19b5c81d8a669fba241880c6497340N.exe
File opened (read-only)	\??\I:	6f19b5c81d8a669fba241880c6497340N.exe
File opened (read-only)	\??\K:	6f19b5c81d8a669fba241880c6497340N.exe
File opened (read-only)	\??\Y:	6f19b5c81d8a669fba241880c6497340N.exe
File opened (read-only)	\??\W:	6f19b5c81d8a669fba241880c6497340N.exe
File opened (read-only)	\??\G:	6f19b5c81d8a669fba241880c6497340N.exe
File opened (read-only)	\??\J:	6f19b5c81d8a669fba241880c6497340N.exe
File opened (read-only)	\??\T:	6f19b5c81d8a669fba241880c6497340N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\IME\SHARED\norwegian cumshot xxx sleeping .rar.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\asian beast public boobs penetration (Christine).mpg.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\SysWOW64\FxsTmp\japanese blowjob [bangbus] .mpg.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\spanish lesbian fucking licking .mpg.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\malaysia xxx nude sleeping ash .avi.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\nude licking legs .mpg.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\horse several models castration (Sylvia,Jenna).mpeg.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\SysWOW64\FxsTmp\indian lingerie trambling masturbation hole mistress (Karin,Anniston).zip.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\norwegian hardcore horse voyeur traffic .rar.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\System32\DriverStore\Temp\tyrkish porn gang bang [free] vagina .mpeg.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\horse cumshot masturbation ejaculation .zip.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\bukkake full movie legs .mpg.exe	6f19b5c81d8a669fba241880c6497340N.exe

Drops file in Program Files directory 17 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Templates\indian horse action catfight ash beautyfull .zip.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\bukkake voyeur .mpg.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\african action public (Melissa,Sandy).avi.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\norwegian beastiality girls .zip.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\cumshot voyeur bondage .mpeg.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\handjob beast licking hole .zip.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\german handjob public titts boots .avi.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\fetish beastiality public balls .mpeg.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Program Files (x86)\Google\Temp\indian blowjob porn girls (Janette).mpg.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\danish animal gay hot (!) .rar.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Program Files\Common Files\microsoft shared\indian trambling bukkake lesbian redhair .avi.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Program Files\dotnet\shared\nude horse [free] vagina .mpg.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\danish bukkake hidden penetration .avi.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\horse [bangbus] mature .mpeg.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\black hardcore licking .mpeg.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\swedish beast hardcore sleeping glans 50+ .mpeg.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Program Files (x86)\Google\Update\Download\spanish handjob hot (!) girly (Anniston,Anniston).zip.exe	6f19b5c81d8a669fba241880c6497340N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\italian nude porn licking latex (Anniston,Jenna).mpg.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\african bukkake beastiality big swallow .mpg.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\tyrkish cumshot action full movie (Christine,Sarah).mpeg.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\norwegian lingerie gang bang uncut hotel (Sandy).rar.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\swedish hardcore beastiality big .mpeg.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\beastiality lesbian sleeping hole (Anniston).mpeg.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\japanese kicking fucking uncut boots (Kathrin).avi.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\kicking cumshot girls (Christine,Janette).avi.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\italian beastiality several models hotel .mpg.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\beast porn lesbian 50+ .zip.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\porn full movie redhair (Ashley).mpeg.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\action voyeur (Curtney).avi.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\british lingerie lesbian (Karin).rar.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\german lesbian kicking masturbation bondage (Ashley).mpg.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\japanese trambling lesbian girls cock penetration .mpg.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\african lingerie girls titts ejaculation .mpg.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\assembly\temp\chinese beastiality horse hot (!) .mpeg.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\swedish animal sperm uncut .mpeg.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\hardcore [bangbus] legs granny .zip.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\indian trambling [bangbus] .avi.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\animal porn uncut cock .avi.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\porn lesbian uncut legs (Ashley,Jenna).mpg.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\african gang bang masturbation (Britney,Liz).rar.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\horse [bangbus] .mpg.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\indian trambling fucking hot (!) nipples .zip.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\russian beastiality fucking hot (!) shoes (Melissa).rar.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\german gay hot (!) glans balls .avi.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\swedish trambling gang bang several models .avi.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\asian animal [free] sweet .mpeg.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\action catfight ash mature (Tatjana).zip.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\blowjob public boots .mpg.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\spanish horse licking (Melissa,Kathrin).mpeg.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\german action lingerie sleeping titts 40+ .avi.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\blowjob licking boobs (Tatjana).mpg.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\xxx girls glans beautyfull .avi.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\InputMethod\SHARED\american cum sperm full movie nipples latex .avi.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\bukkake cum [milf] YEâPSè& .mpg.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\french hardcore animal girls Ôï .avi.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\asian action [bangbus] granny .zip.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\porn handjob [free] boobs .mpeg.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\french trambling uncut titts .mpeg.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\russian cumshot uncut young (Sonja,Tatjana).mpg.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\cum handjob voyeur sm .mpeg.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\horse uncut cock .avi.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\gang bang licking mistress .mpg.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\CbsTemp\lesbian sleeping feet (Melissa).avi.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\PLA\Templates\chinese beastiality gang bang big hole (Sandy,Jade).zip.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\fucking masturbation blondie .mpeg.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\xxx girls .mpg.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\gang bang licking mature (Britney).mpeg.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\gay full movie .mpg.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\gang bang lesbian sleeping titts bondage .mpg.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\french gay lesbian mature .avi.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\beastiality lesbian high heels (Sonja).mpg.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\spanish kicking gay public young .mpeg.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\italian trambling lesbian (Gina).mpeg.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\porn cum masturbation nipples latex .rar.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\japanese beastiality several models vagina balls .mpg.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\bukkake gang bang public sm .avi.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\beastiality nude public .mpeg.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\horse uncut .rar.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\beastiality [bangbus] titts hairy .mpg.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\blowjob licking .avi.exe	6f19b5c81d8a669fba241880c6497340N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\swedish fucking fetish catfight .zip.exe	6f19b5c81d8a669fba241880c6497340N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 60 IoCs

pid	Process
2024	6f19b5c81d8a669fba241880c6497340N.exe
2024	6f19b5c81d8a669fba241880c6497340N.exe
384	6f19b5c81d8a669fba241880c6497340N.exe
384	6f19b5c81d8a669fba241880c6497340N.exe
2024	6f19b5c81d8a669fba241880c6497340N.exe
2024	6f19b5c81d8a669fba241880c6497340N.exe
2356	6f19b5c81d8a669fba241880c6497340N.exe
2356	6f19b5c81d8a669fba241880c6497340N.exe
8	6f19b5c81d8a669fba241880c6497340N.exe
8	6f19b5c81d8a669fba241880c6497340N.exe
2024	6f19b5c81d8a669fba241880c6497340N.exe
2024	6f19b5c81d8a669fba241880c6497340N.exe
384	6f19b5c81d8a669fba241880c6497340N.exe
384	6f19b5c81d8a669fba241880c6497340N.exe
4408	6f19b5c81d8a669fba241880c6497340N.exe
4408	6f19b5c81d8a669fba241880c6497340N.exe
4956	6f19b5c81d8a669fba241880c6497340N.exe
4956	6f19b5c81d8a669fba241880c6497340N.exe
2776	6f19b5c81d8a669fba241880c6497340N.exe
2776	6f19b5c81d8a669fba241880c6497340N.exe
4016	6f19b5c81d8a669fba241880c6497340N.exe
2356	6f19b5c81d8a669fba241880c6497340N.exe
2356	6f19b5c81d8a669fba241880c6497340N.exe
4016	6f19b5c81d8a669fba241880c6497340N.exe
2024	6f19b5c81d8a669fba241880c6497340N.exe
2024	6f19b5c81d8a669fba241880c6497340N.exe
384	6f19b5c81d8a669fba241880c6497340N.exe
384	6f19b5c81d8a669fba241880c6497340N.exe
8	6f19b5c81d8a669fba241880c6497340N.exe
8	6f19b5c81d8a669fba241880c6497340N.exe
5056	6f19b5c81d8a669fba241880c6497340N.exe
5056	6f19b5c81d8a669fba241880c6497340N.exe
2356	6f19b5c81d8a669fba241880c6497340N.exe
2356	6f19b5c81d8a669fba241880c6497340N.exe
1540	6f19b5c81d8a669fba241880c6497340N.exe
1540	6f19b5c81d8a669fba241880c6497340N.exe
2316	6f19b5c81d8a669fba241880c6497340N.exe
2316	6f19b5c81d8a669fba241880c6497340N.exe
4904	6f19b5c81d8a669fba241880c6497340N.exe
4904	6f19b5c81d8a669fba241880c6497340N.exe
4324	6f19b5c81d8a669fba241880c6497340N.exe
4324	6f19b5c81d8a669fba241880c6497340N.exe
8	6f19b5c81d8a669fba241880c6497340N.exe
8	6f19b5c81d8a669fba241880c6497340N.exe
4408	6f19b5c81d8a669fba241880c6497340N.exe
4408	6f19b5c81d8a669fba241880c6497340N.exe
4956	6f19b5c81d8a669fba241880c6497340N.exe
4956	6f19b5c81d8a669fba241880c6497340N.exe
384	6f19b5c81d8a669fba241880c6497340N.exe
384	6f19b5c81d8a669fba241880c6497340N.exe
2024	6f19b5c81d8a669fba241880c6497340N.exe
2024	6f19b5c81d8a669fba241880c6497340N.exe
4604	6f19b5c81d8a669fba241880c6497340N.exe
4604	6f19b5c81d8a669fba241880c6497340N.exe
1760	6f19b5c81d8a669fba241880c6497340N.exe
1760	6f19b5c81d8a669fba241880c6497340N.exe
2776	6f19b5c81d8a669fba241880c6497340N.exe
2776	6f19b5c81d8a669fba241880c6497340N.exe
4016	6f19b5c81d8a669fba241880c6497340N.exe
4016	6f19b5c81d8a669fba241880c6497340N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 384	2024	6f19b5c81d8a669fba241880c6497340N.exe	86
PID 2024 wrote to memory of 384	2024	6f19b5c81d8a669fba241880c6497340N.exe	86
PID 2024 wrote to memory of 384	2024	6f19b5c81d8a669fba241880c6497340N.exe	86
PID 2024 wrote to memory of 2356	2024	6f19b5c81d8a669fba241880c6497340N.exe	87
PID 2024 wrote to memory of 2356	2024	6f19b5c81d8a669fba241880c6497340N.exe	87
PID 2024 wrote to memory of 2356	2024	6f19b5c81d8a669fba241880c6497340N.exe	87
PID 384 wrote to memory of 8	384	6f19b5c81d8a669fba241880c6497340N.exe	88
PID 384 wrote to memory of 8	384	6f19b5c81d8a669fba241880c6497340N.exe	88
PID 384 wrote to memory of 8	384	6f19b5c81d8a669fba241880c6497340N.exe	88
PID 2356 wrote to memory of 4408	2356	6f19b5c81d8a669fba241880c6497340N.exe	89
PID 2356 wrote to memory of 4408	2356	6f19b5c81d8a669fba241880c6497340N.exe	89
PID 2356 wrote to memory of 4408	2356	6f19b5c81d8a669fba241880c6497340N.exe	89
PID 2024 wrote to memory of 4956	2024	6f19b5c81d8a669fba241880c6497340N.exe	90
PID 2024 wrote to memory of 4956	2024	6f19b5c81d8a669fba241880c6497340N.exe	90
PID 2024 wrote to memory of 4956	2024	6f19b5c81d8a669fba241880c6497340N.exe	90
PID 384 wrote to memory of 2776	384	6f19b5c81d8a669fba241880c6497340N.exe	91
PID 384 wrote to memory of 2776	384	6f19b5c81d8a669fba241880c6497340N.exe	91
PID 384 wrote to memory of 2776	384	6f19b5c81d8a669fba241880c6497340N.exe	91
PID 8 wrote to memory of 4016	8	6f19b5c81d8a669fba241880c6497340N.exe	92
PID 8 wrote to memory of 4016	8	6f19b5c81d8a669fba241880c6497340N.exe	92
PID 8 wrote to memory of 4016	8	6f19b5c81d8a669fba241880c6497340N.exe	92
PID 2356 wrote to memory of 5056	2356	6f19b5c81d8a669fba241880c6497340N.exe	93
PID 2356 wrote to memory of 5056	2356	6f19b5c81d8a669fba241880c6497340N.exe	93
PID 2356 wrote to memory of 5056	2356	6f19b5c81d8a669fba241880c6497340N.exe	93
PID 4408 wrote to memory of 1540	4408	6f19b5c81d8a669fba241880c6497340N.exe	94
PID 4408 wrote to memory of 1540	4408	6f19b5c81d8a669fba241880c6497340N.exe	94
PID 4408 wrote to memory of 1540	4408	6f19b5c81d8a669fba241880c6497340N.exe	94
PID 4956 wrote to memory of 2100	4956	6f19b5c81d8a669fba241880c6497340N.exe	95
PID 4956 wrote to memory of 2100	4956	6f19b5c81d8a669fba241880c6497340N.exe	95
PID 4956 wrote to memory of 2100	4956	6f19b5c81d8a669fba241880c6497340N.exe	95
PID 8 wrote to memory of 2316	8	6f19b5c81d8a669fba241880c6497340N.exe	96
PID 8 wrote to memory of 2316	8	6f19b5c81d8a669fba241880c6497340N.exe	96
PID 8 wrote to memory of 2316	8	6f19b5c81d8a669fba241880c6497340N.exe	96
PID 2024 wrote to memory of 4324	2024	6f19b5c81d8a669fba241880c6497340N.exe	97
PID 2024 wrote to memory of 4324	2024	6f19b5c81d8a669fba241880c6497340N.exe	97
PID 2024 wrote to memory of 4324	2024	6f19b5c81d8a669fba241880c6497340N.exe	97
PID 384 wrote to memory of 4904	384	6f19b5c81d8a669fba241880c6497340N.exe	98
PID 384 wrote to memory of 4904	384	6f19b5c81d8a669fba241880c6497340N.exe	98
PID 384 wrote to memory of 4904	384	6f19b5c81d8a669fba241880c6497340N.exe	98
PID 2776 wrote to memory of 1760	2776	6f19b5c81d8a669fba241880c6497340N.exe	99
PID 2776 wrote to memory of 1760	2776	6f19b5c81d8a669fba241880c6497340N.exe	99
PID 2776 wrote to memory of 1760	2776	6f19b5c81d8a669fba241880c6497340N.exe	99
PID 4016 wrote to memory of 4604	4016	6f19b5c81d8a669fba241880c6497340N.exe	100
PID 4016 wrote to memory of 4604	4016	6f19b5c81d8a669fba241880c6497340N.exe	100
PID 4016 wrote to memory of 4604	4016	6f19b5c81d8a669fba241880c6497340N.exe	100
PID 2356 wrote to memory of 860	2356	6f19b5c81d8a669fba241880c6497340N.exe	101
PID 2356 wrote to memory of 860	2356	6f19b5c81d8a669fba241880c6497340N.exe	101
PID 2356 wrote to memory of 860	2356	6f19b5c81d8a669fba241880c6497340N.exe	101
PID 8 wrote to memory of 4516	8	6f19b5c81d8a669fba241880c6497340N.exe	102
PID 8 wrote to memory of 4516	8	6f19b5c81d8a669fba241880c6497340N.exe	102
PID 8 wrote to memory of 4516	8	6f19b5c81d8a669fba241880c6497340N.exe	102
PID 4408 wrote to memory of 1652	4408	6f19b5c81d8a669fba241880c6497340N.exe	103
PID 4408 wrote to memory of 1652	4408	6f19b5c81d8a669fba241880c6497340N.exe	103
PID 4408 wrote to memory of 1652	4408	6f19b5c81d8a669fba241880c6497340N.exe	103
PID 4956 wrote to memory of 1596	4956	6f19b5c81d8a669fba241880c6497340N.exe	104
PID 4956 wrote to memory of 1596	4956	6f19b5c81d8a669fba241880c6497340N.exe	104
PID 4956 wrote to memory of 1596	4956	6f19b5c81d8a669fba241880c6497340N.exe	104
PID 384 wrote to memory of 800	384	6f19b5c81d8a669fba241880c6497340N.exe	105
PID 384 wrote to memory of 800	384	6f19b5c81d8a669fba241880c6497340N.exe	105
PID 384 wrote to memory of 800	384	6f19b5c81d8a669fba241880c6497340N.exe	105
PID 4016 wrote to memory of 4572	4016	6f19b5c81d8a669fba241880c6497340N.exe	108
PID 4016 wrote to memory of 4572	4016	6f19b5c81d8a669fba241880c6497340N.exe	108
PID 4016 wrote to memory of 4572	4016	6f19b5c81d8a669fba241880c6497340N.exe	108
PID 2776 wrote to memory of 3672	2776	6f19b5c81d8a669fba241880c6497340N.exe	107

C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
"C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
  "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:384
- - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
    "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:8
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:4016
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4604
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:4748
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        8⤵
        
        PID:9128
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        9⤵
        
        PID:20148
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        8⤵
        
        PID:13192
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        8⤵
        
        PID:19284
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        8⤵
        
        PID:15300
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        8⤵
        
        PID:22296
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:9848
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        8⤵
        
        PID:22804
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:14176
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:19880
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        8⤵
        
        PID:11824
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        8⤵
        
        PID:17020
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:8604
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        8⤵
        
        PID:18784
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:12784
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:18396
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:6156
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:11844
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:16964
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:8232
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:3196
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:11464
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:16828
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:22548
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:4572
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:9680
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        8⤵
        
        PID:20728
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:13324
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:17380
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:6612
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:14880
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:21536
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:22908
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:14960
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:21944
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:7004
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:14568
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:20520
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:22348
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:14184
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:19888
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:6692
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:12068
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:16196
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:9176
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:20092
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:12908
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:18960
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:2316
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:1960
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:8272
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        8⤵
        
        PID:18172
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:11880
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:17204
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:7336
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:16184
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:6644
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:10484
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:7700
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:15012
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:21952
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:3804
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:6628
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:12280
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:17764
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:8648
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:18952
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:12704
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:18216
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:6304
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:11584
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:16784
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:15032
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:8468
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:19040
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:12424
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:17836
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:4516
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:5560
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:9220
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:20016
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:13204
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:19276
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:7068
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:14748
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:20740
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:9840
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:22364
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:14192
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:19908
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:3332
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:8280
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:17616
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:12008
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:17232
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:6208
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:14992
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:21936
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:10212
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:22880
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:14536
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:20112
- - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
    "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2776
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1760
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:4352
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:9776
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        8⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:14124
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:19872
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:16420
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:7420
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:9244
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:22960
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:14432
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:18460
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:2092
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:6424
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:12308
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:17752
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:8588
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:19056
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:12720
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:18244
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:3048
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:11600
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:16836
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:24352
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:8200
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:16972
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:10228
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:23568
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:16576
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:21532
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:3672
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:5576
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:9640
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:22380
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:12896
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:18908
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:7368
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:15228
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:5516
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:10576
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:22968
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:14840
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:21540
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:2632
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:7384
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:15496
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:3288
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:10584
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:7272
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:15052
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:22240
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:6756
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:12608
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:17824
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:9052
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:20012
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:12808
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:18844
- - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
    "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4904
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:852
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:5628
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:10000
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:22868
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:924
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:20204
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:5692
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:15104
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:22248
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:10220
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:7456
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:14444
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:20468
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:4128
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:6348
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:11908
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:17028
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:8596
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:19404
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:12620
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:18252
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:6124
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:11524
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:16764
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:15764
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:8240
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:16540
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:8968
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:10504
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:23636
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:15536
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:5872
- - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
    "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
    3⤵
    PID:800
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:5584
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:9768
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:22196
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:13912
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:19760
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:7376
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:16128
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:23544
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:10532
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:7696
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:15096
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:22288
- - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
    "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
    3⤵
    PID:4836
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:7888
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:16268
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:2568
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:10824
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:7732
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:15020
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:21964
- - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
    "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
    3⤵
    PID:6772
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:12296
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:15820
- - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
    "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
    3⤵
    PID:9072
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:4484
- - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
    "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
    3⤵
    PID:12972
- - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
    "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
    3⤵
    PID:19024
- C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
  "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2356
- - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
    "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4408
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:1540
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:4272
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:5660
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:8380
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        8⤵
        
        PID:17588
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:12260
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:724
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:7352
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:16244
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:6892
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:9384
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:7684
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:14708
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:21240
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:3552
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:7028
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:15180
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:22272
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:9868
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:4652
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:13712
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:19772
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:6708
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:8396
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:4400
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:9120
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:20108
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:13308
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:19452
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:1652
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:5544
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:9612
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:20748
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:13652
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:19460
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:5684
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:15124
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:22256
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:10204
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:22756
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:15036
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:21560
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:4480
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:8424
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:18724
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:12096
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:1484
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:7020
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:15044
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:22096
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:9832
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:22372
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:14136
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:19792
- - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
    "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:5056
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:4212
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:9452
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:20264
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:4664
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:19420
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:6152
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:15240
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:22476
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:10248
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:7136
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:14528
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:22492
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:1396
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:6968
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:15348
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:4816
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:9340
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:20496
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:12352
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:19412
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:6740
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:12088
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:16612
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:9136
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:20504
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:13088
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:19048
- - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
    "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
    3⤵
    PID:860
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:5620
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:8612
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:18836
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:12712
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:18260
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:7344
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:16224
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:6648
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:9392
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:22844
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:14864
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:21552
- - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
    "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
    3⤵
    PID:4624
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:9192
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:20152
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:12928
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:19032
- - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
    "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
    3⤵
    PID:7392
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:15468
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:3696
- - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
    "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
    3⤵
    PID:10328
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:7672
- - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
    "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
    3⤵
    PID:14512
- - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
    "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
    3⤵
    PID:20512
- C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
  "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4956
- - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
    "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
    3⤵
    - Checks computer location settings
    PID:2100
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:3736
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:5820
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:9696
        
        C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        7⤵
        
        PID:20756
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:13672
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:19488
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:7480
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:15424
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:3784
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:10460
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:7276
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:14740
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:3268
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:344
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:6732
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:12460
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:17816
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:9184
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:20284
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:12876
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:18792
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:6528
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:12060
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:17324
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:8484
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:20100
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:12472
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:17808
- - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
    "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
    3⤵
    PID:1596
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:5924
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:9760
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:1792
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:13904
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:19640
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:7488
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:16260
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:23532
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:10592
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:7432
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:15308
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:22484
- - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
    "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
    3⤵
    PID:4972
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:6116
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:11492
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:16772
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:15076
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:8208
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:16292
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:7304
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:11252
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:64
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:6164
- - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
    "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
    3⤵
    PID:6132
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:11532
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:16792
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:16284
- - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
    "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
    3⤵
    PID:8216
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:16428
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:7856
- - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
    "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
    3⤵
    PID:10084
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:14344
- - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
    "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
    3⤵
    PID:16568
- - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
    "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
    3⤵
    PID:9068
- C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
  "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:4324
- - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
    "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
    3⤵
    PID:3124
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:5568
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:9992
      - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        6⤵
        
        PID:4072
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:13544
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:19992
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:7100
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:15576
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:22748
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:10076
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:22640
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:14412
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:20416
- - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
    "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
    3⤵
    PID:4200
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:6356
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:12052
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:17368
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:8492
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:20288
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:12160
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:4008
- - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
    "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
    3⤵
    PID:6140
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:12212
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:1336
- - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
    "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
    3⤵
    PID:8224
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:17036
- - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
    "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
    3⤵
    PID:11372
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:7052
- - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
    "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
    3⤵
    PID:16684
- - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
    "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
    3⤵
    PID:14308
- C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
  "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
  2⤵
  PID:3860
- - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
    "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
    3⤵
    PID:5644
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:9672
    - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
        5⤵
        
        PID:21048
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:13000
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:19196
- - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
    "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
    3⤵
    PID:7460
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:15436
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:3568
- - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
    "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
    3⤵
    PID:10444
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:7728
- - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
    "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
    3⤵
    PID:14728
- - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
    "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
    3⤵
    PID:5076
- C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
  "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
  2⤵
  PID:5072
- - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
    "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
    3⤵
    PID:6764
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:12796
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:19308
- - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
    "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
    3⤵
    PID:9040
  - - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
      "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
      4⤵
      PID:20488
- - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
    "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
    3⤵
    PID:12816
- - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
    "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
    3⤵
    PID:18968
- C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
  "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
  2⤵
  PID:6520
- - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
    "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
    3⤵
    PID:12148
- - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
    "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
    3⤵
    PID:15620
- C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
  "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
  2⤵
  PID:8476
- - C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
    "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
    3⤵
    PID:19980
- C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
  "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
  2⤵
  PID:10028
- C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe
  "C:\Users\Admin\AppData\Local\Temp\6f19b5c81d8a669fba241880c6497340N.exe"
  2⤵
  PID:17508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\cumshot voyeur bondage .mpeg.exe

Filesize
1.4MB

MD5
a2be9fbbb399d2c3987a03245ef3f4e0

SHA1
4abe0293429ef73ad2c0d59ac69b2294de32a9df

SHA256
6e2aeb5180d0dc152687ec8879935f6171a731fa13ee93848c380accbd8cbe7f

SHA512
28f8cb342ef07a7787e4fd5fb12f71753ada78888b880aa23c63331a462add3b2c048460b8d2f255e426fd41204f53568623807e4b0b602f7cf5a51b5598eaa5

Download Submit
memory/8-207-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/8-249-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/384-38-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/384-245-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/800-255-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/800-276-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/852-266-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/860-250-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/860-271-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1396-281-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1596-275-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1596-253-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1760-246-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2024-241-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2024-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2092-274-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2092-289-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2100-242-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2100-262-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2316-243-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2316-263-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2356-247-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2356-206-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2416-288-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2416-273-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2776-256-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2776-228-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3048-313-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3552-311-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3552-282-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3736-280-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3736-261-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3804-293-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3804-277-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4016-231-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4016-259-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4200-272-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4200-287-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4212-279-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4212-258-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4272-257-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4272-278-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4324-264-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4408-251-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4408-226-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4480-285-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4516-252-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4624-321-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4624-298-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4748-283-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4748-267-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4836-284-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4904-244-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4904-265-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4956-227-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4956-254-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4972-286-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5056-240-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5056-260-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5072-308-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5552-290-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5560-316-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5560-291-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5568-317-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5568-292-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5576-301-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5576-324-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5584-325-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5584-302-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5612-294-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5620-295-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5620-318-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5628-319-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5628-296-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5636-297-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5636-320-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5652-299-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5652-322-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5660-300-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5660-323-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5684-332-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5692-334-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5924-303-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6124-326-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6124-309-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6132-310-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6140-312-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6156-314-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6208-333-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6364-315-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6612-335-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6692-327-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6708-331-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6732-328-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6764-330-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6772-329-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download