98d0a44e1b276447171884d175d335d911564fa5fd0c93f291a0295890b0cf30

Analysis

max time kernel
11s
max time network
62s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
16/07/2024, 06:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

84e96d6da834fdf47808525ae5225380N.exe
Size

575KB
MD5

84e96d6da834fdf47808525ae5225380
SHA1

91f6829733d04d12e53962c63ac45fdc5873221e
SHA256

98d0a44e1b276447171884d175d335d911564fa5fd0c93f291a0295890b0cf30
SHA512

5c6f89363bcf3d0bbb54130a849c089f075147a61437edee30163ea14692a8b819de53614b4888eb1e28e1d20c5df661fffb507ea41fa37deabcca91372a9d65
SSDEEP

12288:zXCNi9B+qefGz+1POJkpD85FvrsyONQG+tjWDL3GQgn6L:2W+bfGi1PO8DuFvnk/+tH6

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	84e96d6da834fdf47808525ae5225380N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	84e96d6da834fdf47808525ae5225380N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	84e96d6da834fdf47808525ae5225380N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	84e96d6da834fdf47808525ae5225380N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	84e96d6da834fdf47808525ae5225380N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	84e96d6da834fdf47808525ae5225380N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	84e96d6da834fdf47808525ae5225380N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	84e96d6da834fdf47808525ae5225380N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	84e96d6da834fdf47808525ae5225380N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	84e96d6da834fdf47808525ae5225380N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	84e96d6da834fdf47808525ae5225380N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	84e96d6da834fdf47808525ae5225380N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	84e96d6da834fdf47808525ae5225380N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	84e96d6da834fdf47808525ae5225380N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	84e96d6da834fdf47808525ae5225380N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	84e96d6da834fdf47808525ae5225380N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	84e96d6da834fdf47808525ae5225380N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\R:	84e96d6da834fdf47808525ae5225380N.exe
File opened (read-only)	\??\L:	84e96d6da834fdf47808525ae5225380N.exe
File opened (read-only)	\??\N:	84e96d6da834fdf47808525ae5225380N.exe
File opened (read-only)	\??\M:	84e96d6da834fdf47808525ae5225380N.exe
File opened (read-only)	\??\P:	84e96d6da834fdf47808525ae5225380N.exe
File opened (read-only)	\??\U:	84e96d6da834fdf47808525ae5225380N.exe
File opened (read-only)	\??\X:	84e96d6da834fdf47808525ae5225380N.exe
File opened (read-only)	\??\Y:	84e96d6da834fdf47808525ae5225380N.exe
File opened (read-only)	\??\E:	84e96d6da834fdf47808525ae5225380N.exe
File opened (read-only)	\??\G:	84e96d6da834fdf47808525ae5225380N.exe
File opened (read-only)	\??\Q:	84e96d6da834fdf47808525ae5225380N.exe
File opened (read-only)	\??\S:	84e96d6da834fdf47808525ae5225380N.exe
File opened (read-only)	\??\Z:	84e96d6da834fdf47808525ae5225380N.exe
File opened (read-only)	\??\A:	84e96d6da834fdf47808525ae5225380N.exe
File opened (read-only)	\??\J:	84e96d6da834fdf47808525ae5225380N.exe
File opened (read-only)	\??\I:	84e96d6da834fdf47808525ae5225380N.exe
File opened (read-only)	\??\K:	84e96d6da834fdf47808525ae5225380N.exe
File opened (read-only)	\??\O:	84e96d6da834fdf47808525ae5225380N.exe
File opened (read-only)	\??\T:	84e96d6da834fdf47808525ae5225380N.exe
File opened (read-only)	\??\V:	84e96d6da834fdf47808525ae5225380N.exe
File opened (read-only)	\??\W:	84e96d6da834fdf47808525ae5225380N.exe
File opened (read-only)	\??\B:	84e96d6da834fdf47808525ae5225380N.exe
File opened (read-only)	\??\H:	84e96d6da834fdf47808525ae5225380N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\FxsTmp\german fucking kicking catfight traffic .mpeg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\xxx horse voyeur leather (Curtney).avi.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\System32\DriverStore\Temp\sperm [bangbus] .zip.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\canadian kicking gay full movie .mpg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\handjob [milf] traffic .zip.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\swedish blowjob xxx voyeur .zip.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\black beast animal [free] .mpg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\fetish hot (!) girly .avi.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\chinese xxx several models vagina mistress .rar.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\trambling horse [free] .zip.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\SysWOW64\FxsTmp\chinese beast horse voyeur leather (Gina,Jenna).rar.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\chinese horse beastiality sleeping beautyfull .rar.exe	84e96d6da834fdf47808525ae5225380N.exe

Drops file in Program Files directory 17 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\japanese lingerie trambling sleeping ash (Sandy,Melissa).avi.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\beast fucking sleeping 50+ .avi.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Program Files (x86)\Google\Temp\asian horse handjob hot (!) fishy (Karin).mpeg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Program Files (x86)\Google\Update\Download\canadian beast trambling hot (!) (Ashley).mpeg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Program Files\Microsoft Office\root\Templates\gay big glans young .rar.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\xxx catfight .avi.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Program Files\dotnet\shared\fetish hot (!) granny .mpg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\tyrkish nude xxx sleeping glans .mpeg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\chinese animal girls titts (Liz,Sonja).mpeg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\malaysia beastiality lesbian hairy .rar.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\norwegian trambling hidden boobs girly .rar.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\italian handjob sperm lesbian hole upskirt .avi.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\malaysia hardcore xxx [milf] titts .mpg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\chinese beast gay hidden .mpg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\horse horse licking vagina circumcision .rar.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\beastiality cum [milf] cock high heels .mpeg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Program Files\Common Files\microsoft shared\hardcore hot (!) 40+ .rar.exe	84e96d6da834fdf47808525ae5225380N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SoftwareDistribution\Download\horse [milf] swallow (Sylvia,Ashley).avi.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\lingerie fucking lesbian beautyfull .avi.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\fetish bukkake licking black hairunshaved .rar.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\spanish cum gay [milf] .avi.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\chinese lesbian fetish uncut .zip.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\italian beast [bangbus] cock girly .avi.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\InputMethod\SHARED\bukkake masturbation redhair .avi.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\xxx hidden redhair .zip.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\horse sperm big .avi.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\italian animal gay lesbian cock YEâPSè& (Christine).mpg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\lingerie full movie hole (Gina).rar.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\Downloaded Program Files\indian sperm handjob [free] .zip.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\lingerie catfight sweet .zip.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\indian bukkake lingerie public .zip.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\danish sperm xxx hidden (Janette,Curtney).mpeg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\sperm horse [free] (Karin).mpeg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\kicking licking redhair (Curtney).zip.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\horse beastiality hot (!) (Sonja,Sylvia).zip.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\assembly\temp\malaysia porn sperm licking nipples .mpeg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\spanish handjob porn sleeping .mpeg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\lesbian trambling big titts 40+ .avi.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\beast gay [free] YEâPSè& .avi.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\fucking hidden YEâPSè& .mpg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\beastiality licking glans leather .zip.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\canadian cum bukkake [free] hotel .mpeg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\american blowjob nude uncut feet femdom (Ashley,Jade).mpg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\xxx gay [free] stockings .mpg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\black gay action [free] (Anniston,Sandy).mpeg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\russian lingerie lesbian (Samantha,Karin).mpeg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\bukkake lesbian high heels (Sylvia).mpeg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\xxx [free] (Curtney).zip.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\gay beast full movie redhair (Jade).zip.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\swedish nude hardcore lesbian cock castration (Sylvia,Kathrin).mpeg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\british nude [free] .avi.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\hardcore action sleeping femdom .zip.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\asian blowjob horse [free] fishy .avi.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\norwegian kicking hot (!) .zip.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\gay cumshot girls girly .rar.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\canadian fetish full movie .mpg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\french blowjob beastiality several models .mpeg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\italian handjob public blondie (Kathrin,Janette).zip.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\norwegian trambling handjob uncut titts circumcision (Gina).avi.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\japanese trambling lesbian voyeur ash .mpeg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\asian nude hot (!) girly .mpg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\danish cumshot fucking hot (!) cock pregnant (Sarah,Gina).mpeg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\fetish [milf] mature .zip.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\assembly\tmp\brasilian beast public ash pregnant .zip.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\american gay blowjob several models (Samantha).mpeg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\lesbian blowjob several models latex .mpg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\brasilian action fetish licking .mpeg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\canadian hardcore hot (!) 50+ .mpg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\indian sperm full movie hole sm .zip.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\danish sperm hidden feet upskirt .avi.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\canadian fucking xxx big cock lady .rar.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\japanese gang bang masturbation granny .avi.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\malaysia blowjob catfight .mpg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\african porn girls granny .avi.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\fucking bukkake sleeping ash mistress (Karin,Jenna).zip.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\cumshot cumshot girls .rar.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\russian gang bang full movie young .avi.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\gay masturbation latex .zip.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\swedish hardcore kicking big feet (Samantha).mpg.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\animal gay girls cock .avi.exe	84e96d6da834fdf47808525ae5225380N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\asian hardcore hardcore licking boobs leather .rar.exe	84e96d6da834fdf47808525ae5225380N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 62 IoCs

pid	Process
1492	84e96d6da834fdf47808525ae5225380N.exe
1492	84e96d6da834fdf47808525ae5225380N.exe
4088	84e96d6da834fdf47808525ae5225380N.exe
4088	84e96d6da834fdf47808525ae5225380N.exe
1492	84e96d6da834fdf47808525ae5225380N.exe
1492	84e96d6da834fdf47808525ae5225380N.exe
4064	84e96d6da834fdf47808525ae5225380N.exe
4064	84e96d6da834fdf47808525ae5225380N.exe
404	84e96d6da834fdf47808525ae5225380N.exe
404	84e96d6da834fdf47808525ae5225380N.exe
4088	84e96d6da834fdf47808525ae5225380N.exe
4088	84e96d6da834fdf47808525ae5225380N.exe
1492	84e96d6da834fdf47808525ae5225380N.exe
1492	84e96d6da834fdf47808525ae5225380N.exe
1732	84e96d6da834fdf47808525ae5225380N.exe
1732	84e96d6da834fdf47808525ae5225380N.exe
1876	84e96d6da834fdf47808525ae5225380N.exe
1876	84e96d6da834fdf47808525ae5225380N.exe
4064	84e96d6da834fdf47808525ae5225380N.exe
4064	84e96d6da834fdf47808525ae5225380N.exe
2708	84e96d6da834fdf47808525ae5225380N.exe
2708	84e96d6da834fdf47808525ae5225380N.exe
4088	84e96d6da834fdf47808525ae5225380N.exe
4088	84e96d6da834fdf47808525ae5225380N.exe
1492	84e96d6da834fdf47808525ae5225380N.exe
1492	84e96d6da834fdf47808525ae5225380N.exe
3976	84e96d6da834fdf47808525ae5225380N.exe
3976	84e96d6da834fdf47808525ae5225380N.exe
404	84e96d6da834fdf47808525ae5225380N.exe
404	84e96d6da834fdf47808525ae5225380N.exe
4064	84e96d6da834fdf47808525ae5225380N.exe
3516	84e96d6da834fdf47808525ae5225380N.exe
4064	84e96d6da834fdf47808525ae5225380N.exe
3516	84e96d6da834fdf47808525ae5225380N.exe
2972	84e96d6da834fdf47808525ae5225380N.exe
2972	84e96d6da834fdf47808525ae5225380N.exe
396	84e96d6da834fdf47808525ae5225380N.exe
396	84e96d6da834fdf47808525ae5225380N.exe
3236	84e96d6da834fdf47808525ae5225380N.exe
3236	84e96d6da834fdf47808525ae5225380N.exe
1492	84e96d6da834fdf47808525ae5225380N.exe
1492	84e96d6da834fdf47808525ae5225380N.exe
4088	84e96d6da834fdf47808525ae5225380N.exe
4088	84e96d6da834fdf47808525ae5225380N.exe
1732	84e96d6da834fdf47808525ae5225380N.exe
1732	84e96d6da834fdf47808525ae5225380N.exe
3348	84e96d6da834fdf47808525ae5225380N.exe
3348	84e96d6da834fdf47808525ae5225380N.exe
4492	84e96d6da834fdf47808525ae5225380N.exe
4492	84e96d6da834fdf47808525ae5225380N.exe
3972	84e96d6da834fdf47808525ae5225380N.exe
3972	84e96d6da834fdf47808525ae5225380N.exe
404	84e96d6da834fdf47808525ae5225380N.exe
404	84e96d6da834fdf47808525ae5225380N.exe
1876	84e96d6da834fdf47808525ae5225380N.exe
1876	84e96d6da834fdf47808525ae5225380N.exe
4208	84e96d6da834fdf47808525ae5225380N.exe
4208	84e96d6da834fdf47808525ae5225380N.exe
2708	84e96d6da834fdf47808525ae5225380N.exe
2708	84e96d6da834fdf47808525ae5225380N.exe
3976	84e96d6da834fdf47808525ae5225380N.exe
3976	84e96d6da834fdf47808525ae5225380N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1492 wrote to memory of 4088	1492	84e96d6da834fdf47808525ae5225380N.exe	86
PID 1492 wrote to memory of 4088	1492	84e96d6da834fdf47808525ae5225380N.exe	86
PID 1492 wrote to memory of 4088	1492	84e96d6da834fdf47808525ae5225380N.exe	86
PID 4088 wrote to memory of 4064	4088	84e96d6da834fdf47808525ae5225380N.exe	87
PID 4088 wrote to memory of 4064	4088	84e96d6da834fdf47808525ae5225380N.exe	87
PID 4088 wrote to memory of 4064	4088	84e96d6da834fdf47808525ae5225380N.exe	87
PID 1492 wrote to memory of 404	1492	84e96d6da834fdf47808525ae5225380N.exe	88
PID 1492 wrote to memory of 404	1492	84e96d6da834fdf47808525ae5225380N.exe	88
PID 1492 wrote to memory of 404	1492	84e96d6da834fdf47808525ae5225380N.exe	88
PID 4064 wrote to memory of 1732	4064	84e96d6da834fdf47808525ae5225380N.exe	89
PID 4064 wrote to memory of 1732	4064	84e96d6da834fdf47808525ae5225380N.exe	89
PID 4064 wrote to memory of 1732	4064	84e96d6da834fdf47808525ae5225380N.exe	89
PID 4088 wrote to memory of 1876	4088	84e96d6da834fdf47808525ae5225380N.exe	90
PID 4088 wrote to memory of 1876	4088	84e96d6da834fdf47808525ae5225380N.exe	90
PID 4088 wrote to memory of 1876	4088	84e96d6da834fdf47808525ae5225380N.exe	90
PID 1492 wrote to memory of 2708	1492	84e96d6da834fdf47808525ae5225380N.exe	91
PID 1492 wrote to memory of 2708	1492	84e96d6da834fdf47808525ae5225380N.exe	91
PID 1492 wrote to memory of 2708	1492	84e96d6da834fdf47808525ae5225380N.exe	91
PID 404 wrote to memory of 3976	404	84e96d6da834fdf47808525ae5225380N.exe	92
PID 404 wrote to memory of 3976	404	84e96d6da834fdf47808525ae5225380N.exe	92
PID 404 wrote to memory of 3976	404	84e96d6da834fdf47808525ae5225380N.exe	92
PID 4064 wrote to memory of 3516	4064	84e96d6da834fdf47808525ae5225380N.exe	93
PID 4064 wrote to memory of 3516	4064	84e96d6da834fdf47808525ae5225380N.exe	93
PID 4064 wrote to memory of 3516	4064	84e96d6da834fdf47808525ae5225380N.exe	93
PID 4088 wrote to memory of 2972	4088	84e96d6da834fdf47808525ae5225380N.exe	94
PID 4088 wrote to memory of 2972	4088	84e96d6da834fdf47808525ae5225380N.exe	94
PID 4088 wrote to memory of 2972	4088	84e96d6da834fdf47808525ae5225380N.exe	94
PID 1492 wrote to memory of 3236	1492	84e96d6da834fdf47808525ae5225380N.exe	95
PID 1492 wrote to memory of 3236	1492	84e96d6da834fdf47808525ae5225380N.exe	95
PID 1492 wrote to memory of 3236	1492	84e96d6da834fdf47808525ae5225380N.exe	95
PID 1732 wrote to memory of 396	1732	84e96d6da834fdf47808525ae5225380N.exe	96
PID 1732 wrote to memory of 396	1732	84e96d6da834fdf47808525ae5225380N.exe	96
PID 1732 wrote to memory of 396	1732	84e96d6da834fdf47808525ae5225380N.exe	96
PID 404 wrote to memory of 4492	404	84e96d6da834fdf47808525ae5225380N.exe	97
PID 404 wrote to memory of 4492	404	84e96d6da834fdf47808525ae5225380N.exe	97
PID 404 wrote to memory of 4492	404	84e96d6da834fdf47808525ae5225380N.exe	97
PID 1876 wrote to memory of 3348	1876	84e96d6da834fdf47808525ae5225380N.exe	98
PID 1876 wrote to memory of 3348	1876	84e96d6da834fdf47808525ae5225380N.exe	98
PID 1876 wrote to memory of 3348	1876	84e96d6da834fdf47808525ae5225380N.exe	98
PID 2708 wrote to memory of 3972	2708	84e96d6da834fdf47808525ae5225380N.exe	99
PID 2708 wrote to memory of 3972	2708	84e96d6da834fdf47808525ae5225380N.exe	99
PID 2708 wrote to memory of 3972	2708	84e96d6da834fdf47808525ae5225380N.exe	99
PID 3976 wrote to memory of 4208	3976	84e96d6da834fdf47808525ae5225380N.exe	100
PID 3976 wrote to memory of 4208	3976	84e96d6da834fdf47808525ae5225380N.exe	100
PID 3976 wrote to memory of 4208	3976	84e96d6da834fdf47808525ae5225380N.exe	100
PID 4064 wrote to memory of 5000	4064	84e96d6da834fdf47808525ae5225380N.exe	101
PID 4064 wrote to memory of 5000	4064	84e96d6da834fdf47808525ae5225380N.exe	101
PID 4064 wrote to memory of 5000	4064	84e96d6da834fdf47808525ae5225380N.exe	101
PID 1492 wrote to memory of 4708	1492	84e96d6da834fdf47808525ae5225380N.exe	102
PID 1492 wrote to memory of 4708	1492	84e96d6da834fdf47808525ae5225380N.exe	102
PID 1492 wrote to memory of 4708	1492	84e96d6da834fdf47808525ae5225380N.exe	102
PID 4088 wrote to memory of 4700	4088	84e96d6da834fdf47808525ae5225380N.exe	103
PID 4088 wrote to memory of 4700	4088	84e96d6da834fdf47808525ae5225380N.exe	103
PID 4088 wrote to memory of 4700	4088	84e96d6da834fdf47808525ae5225380N.exe	103
PID 1732 wrote to memory of 3860	1732	84e96d6da834fdf47808525ae5225380N.exe	104
PID 1732 wrote to memory of 3860	1732	84e96d6da834fdf47808525ae5225380N.exe	104
PID 1732 wrote to memory of 3860	1732	84e96d6da834fdf47808525ae5225380N.exe	104
PID 404 wrote to memory of 312	404	84e96d6da834fdf47808525ae5225380N.exe	105
PID 404 wrote to memory of 312	404	84e96d6da834fdf47808525ae5225380N.exe	105
PID 404 wrote to memory of 312	404	84e96d6da834fdf47808525ae5225380N.exe	105
PID 1876 wrote to memory of 208	1876	84e96d6da834fdf47808525ae5225380N.exe	106
PID 1876 wrote to memory of 208	1876	84e96d6da834fdf47808525ae5225380N.exe	106
PID 1876 wrote to memory of 208	1876	84e96d6da834fdf47808525ae5225380N.exe	106
PID 2708 wrote to memory of 4856	2708	84e96d6da834fdf47808525ae5225380N.exe	107

C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
"C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1492
- C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
  "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4088
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4064
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1732
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:396
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:4212
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:10068
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        9⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:14216
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:20624
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:7132
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:21056
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:9736
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:21300
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:13612
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:19492
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:6828
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:12388
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:17944
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:21292
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:13024
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:18392
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:12132
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:17468
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:8552
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:19320
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:12320
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:17920
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:3860
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:9444
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:20920
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:13124
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:18552
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:15216
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:21580
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:10336
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:5732
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:11468
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:20816
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:3152
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:15924
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:22904
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:10620
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:15344
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:15560
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:22588
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:6600
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:11824
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:17044
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:8880
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:21260
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:12612
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:18168
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:3516
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:1016
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:5564
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:9556
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:21004
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:13304
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:18824
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:15304
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:21520
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:9752
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:21928
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:13640
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:19932
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:4576
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:14332
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:20760
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:9368
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:20912
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:13016
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:18400
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:6208
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:11936
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:17120
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:8536
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:19268
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:12336
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:17896
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:5000
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:5588
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:9744
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:21764
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:13604
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:19628
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:7224
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:14536
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:21084
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:9940
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:5660
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:13800
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:20052
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:3168
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:7456
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:15388
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:22148
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:9988
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:5740
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:14288
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:20596
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:6080
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:11552
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:16540
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:23828
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:8404
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:19244
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:12192
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:17460
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1876
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:3348
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:1236
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:5844
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:10820
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:15544
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:15772
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:22808
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:7656
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:15908
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:22880
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:10608
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:22776
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:15428
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:22376
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:4464
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:6996
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:13220
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:18592
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:9352
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:20512
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:13008
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:18352
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:6252
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:11780
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:16908
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:8544
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:19260
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:12556
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:18176
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:208
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:5836
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:10944
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:15520
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:16180
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:23072
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:7612
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:15380
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:22020
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:10596
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:15516
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:15396
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:22012
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:3156
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:7292
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:14752
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:21040
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:10100
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:7560
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:13784
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:3500
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:6160
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:12116
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:17444
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:8276
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:17832
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:12052
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:17364
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:2972
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:3404
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:5828
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:10808
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:15496
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:15764
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:22816
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:7980
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:16296
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:23448
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:11732
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:16736
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:24044
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:632
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:7512
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:15404
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:21920
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:10328
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:15588
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:14308
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:20588
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:6200
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:11816
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:16960
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:8568
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:19328
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:12536
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:17996
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:4700
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:5884
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:10260
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:5664
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:14208
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:20468
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:7848
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:15892
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:22872
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:11156
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:16336
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:23440
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:3636
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:7496
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:15900
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:22928
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:10304
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:7536
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:14300
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:20520
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:6184
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:11788
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:17052
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:8528
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:19252
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:12344
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:17904
- C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
  "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:404
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3976
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4208
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:1784
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:5820
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:9816
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        8⤵
        
        PID:21100
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:13624
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:19744
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:7856
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:16088
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:22936
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:11192
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:23956
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:16376
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:10036
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:1376
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:6880
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:12380
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:17928
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:9072
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:20476
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:12960
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:18368
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:6140
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:11532
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:16532
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:23816
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:8520
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:19312
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:12264
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:17716
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:3812
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:5768
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:9432
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:20928
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:13132
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:16688
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:8020
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:17232
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:11740
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:16720
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:24064
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:4908
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:7064
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:432
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:20752
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:9860
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:7484
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:13656
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:19972
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:6028
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:11428
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:13840
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:10480
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:8128
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:19236
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:11752
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:16784
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:24072
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4492
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:5596
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:9580
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:21784
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:13416
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:19096
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:7216
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:15224
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:21268
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:9932
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:8200
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:13816
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:20204
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:2908
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:6820
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:12396
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:17936
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:8940
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:20408
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:12776
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:18376
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:6176
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:11928
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:17068
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:8248
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:19192
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:12020
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:17172
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:312
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:5792
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:9636
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:5736
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:13440
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:19156
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:7668
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:15932
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:22896
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:10856
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:15284
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:16108
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:22864
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:4168
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:7256
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:15324
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:21756
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:9828
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:21812
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:13632
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:19752
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:6192
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:12124
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:17436
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:8560
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:19276
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:12488
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:17952
- C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
  "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2708
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:3972
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:5052
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:5572
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:9320
        
        C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        7⤵
        
        PID:21284
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:12952
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:18408
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:7208
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:14428
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:21076
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:9896
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:4940
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:13792
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:20288
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:3592
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:6776
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:12728
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:18360
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:8892
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:20400
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:12620
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:18240
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:6152
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:11540
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:16552
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:23940
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:8512
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:19284
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:12312
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:17912
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:4856
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:5580
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:9512
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:20416
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:13212
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:18704
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:7248
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:14760
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:21276
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:9924
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:21772
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:13676
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:19992
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:2784
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:7240
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:14744
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:21032
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:9840
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:5232
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:13648
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:19760
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:6008
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:11492
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:16432
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:16836
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:8340
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:17784
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:12044
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:3080
- C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
  "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:3236
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:3928
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:5604
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:9336
      - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        6⤵
        
        PID:21012
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:12944
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:18384
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:7284
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:14972
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:21588
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:9980
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:8160
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:13948
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:20308
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:3140
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:7504
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:15780
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:22952
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:10312
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:7808
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:14316
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:20536
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:6020
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:11440
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:12668
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:10248
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:8080
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:17576
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:11708
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:16704
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:24036
- C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
  "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
  2⤵
  PID:4708
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:5784
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:10320
    - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
        5⤵
        
        PID:7716
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:14324
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:20528
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:7520
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:15916
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:22888
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:10348
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:5944
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:14688
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:21092
- C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
  "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
  2⤵
  PID:2640
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:7232
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:14440
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:21048
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:10008
  - - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
      "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
      4⤵
      PID:1656
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:13824
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:20220
- C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
  "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
  2⤵
  PID:6168
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:11692
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:16692
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:23964
- C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
  "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
  2⤵
  PID:8260
- - C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
    "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
    3⤵
    PID:19228
- C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
  "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
  2⤵
  PID:12012
- C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe
  "C:\Users\Admin\AppData\Local\Temp\84e96d6da834fdf47808525ae5225380N.exe"
  2⤵
  PID:17180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\italian handjob sperm lesbian hole upskirt .avi.exe

Filesize
1.6MB

MD5
881bb07c1bbe8cd7902aa9ab6f8c8999

SHA1
9a7695b3677a28d7ba311efc345e780e0570d5e9

SHA256
ac39ce53e3e8cff08229d54714581b379f067ca0996ff6ca813cf9275de5cf51

SHA512
5128d683aee982ebbaee6a476ce3109c92a5a1a391c2c75a0e4c25c5f2a3b46b64bc11d24e4d7cb19835fddb22b22c80bdedd37e0b7aaa23614292431aa00add

Download Submit