47faffba7206fe4861c09dd2ab0397aa2f356955c2f95fdbd40ee15c1dd1db0d

Analysis

max time kernel
10s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 01:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3c8c6a27294a013666ca0997458f3980N.exe
Size

1.8MB
MD5

3c8c6a27294a013666ca0997458f3980
SHA1

dfec06a58a8b9633c961af30ba174abe1c819198
SHA256

47faffba7206fe4861c09dd2ab0397aa2f356955c2f95fdbd40ee15c1dd1db0d
SHA512

9d200d24e0f937cf7e7444024343181a3f13c1a0e47452e0b5499f028dceb17e44971f5b5b5fd57acba023a057bc709205aff5eb6e91e6a90af7553cbbb751e2
SSDEEP

49152:CBviTfAFkLeBpMMrr7OzsckayEN1re17Kcsh5W7p:TTIFUMrrIs0yEnevp

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 8 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation	3c8c6a27294a013666ca0997458f3980N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation	3c8c6a27294a013666ca0997458f3980N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation	3c8c6a27294a013666ca0997458f3980N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation	3c8c6a27294a013666ca0997458f3980N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation	3c8c6a27294a013666ca0997458f3980N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation	3c8c6a27294a013666ca0997458f3980N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation	3c8c6a27294a013666ca0997458f3980N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\Control Panel\International\Geo\Nation	3c8c6a27294a013666ca0997458f3980N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	3c8c6a27294a013666ca0997458f3980N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\H:	3c8c6a27294a013666ca0997458f3980N.exe
File opened (read-only)	\??\S:	3c8c6a27294a013666ca0997458f3980N.exe
File opened (read-only)	\??\U:	3c8c6a27294a013666ca0997458f3980N.exe
File opened (read-only)	\??\V:	3c8c6a27294a013666ca0997458f3980N.exe
File opened (read-only)	\??\X:	3c8c6a27294a013666ca0997458f3980N.exe
File opened (read-only)	\??\A:	3c8c6a27294a013666ca0997458f3980N.exe
File opened (read-only)	\??\P:	3c8c6a27294a013666ca0997458f3980N.exe
File opened (read-only)	\??\G:	3c8c6a27294a013666ca0997458f3980N.exe
File opened (read-only)	\??\I:	3c8c6a27294a013666ca0997458f3980N.exe
File opened (read-only)	\??\J:	3c8c6a27294a013666ca0997458f3980N.exe
File opened (read-only)	\??\N:	3c8c6a27294a013666ca0997458f3980N.exe
File opened (read-only)	\??\O:	3c8c6a27294a013666ca0997458f3980N.exe
File opened (read-only)	\??\W:	3c8c6a27294a013666ca0997458f3980N.exe
File opened (read-only)	\??\Z:	3c8c6a27294a013666ca0997458f3980N.exe
File opened (read-only)	\??\B:	3c8c6a27294a013666ca0997458f3980N.exe
File opened (read-only)	\??\K:	3c8c6a27294a013666ca0997458f3980N.exe
File opened (read-only)	\??\L:	3c8c6a27294a013666ca0997458f3980N.exe
File opened (read-only)	\??\M:	3c8c6a27294a013666ca0997458f3980N.exe
File opened (read-only)	\??\Q:	3c8c6a27294a013666ca0997458f3980N.exe
File opened (read-only)	\??\R:	3c8c6a27294a013666ca0997458f3980N.exe
File opened (read-only)	\??\T:	3c8c6a27294a013666ca0997458f3980N.exe
File opened (read-only)	\??\Y:	3c8c6a27294a013666ca0997458f3980N.exe
File opened (read-only)	\??\E:	3c8c6a27294a013666ca0997458f3980N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\trambling uncut fishy .zip.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Windows\SysWOW64\FxsTmp\russian cumshot lingerie hidden cock Ôï (Sarah).avi.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\blowjob hot (!) pregnant .rar.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Windows\System32\DriverStore\Temp\beast big lady .mpg.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Windows\SysWOW64\FxsTmp\swedish animal beast licking girly .mpeg.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\danish nude gay [free] cock .mpg.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\russian horse sperm full movie cock .zip.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\sperm several models young .rar.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\hardcore several models feet boots .mpeg.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\italian cumshot gay sleeping redhair .rar.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\african gay several models titts .zip.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\russian cumshot lingerie voyeur hole hairy (Liz).mpeg.exe	3c8c6a27294a013666ca0997458f3980N.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\gay voyeur .rar.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\swedish animal hardcore hidden granny .mpeg.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Program Files\dotnet\shared\gay lesbian wifey (Sonja,Samantha).zip.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\american kicking xxx [free] hole (Gina,Samantha).zip.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\indian cum fucking [free] feet sweet .mpeg.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\black fetish beast [milf] sweet .mpg.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Program Files (x86)\Google\Update\Download\tyrkish nude lesbian licking cock mistress (Samantha).avi.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\hardcore hidden cock mature .mpeg.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Program Files\Common Files\microsoft shared\american gang bang xxx [bangbus] hole 50+ .rar.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\american porn fucking full movie .zip.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\xxx full movie hole .rar.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\lesbian full movie (Janette).rar.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\gang bang hardcore full movie .rar.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Program Files (x86)\Google\Temp\gay big cock leather (Liz).mpeg.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Program Files\Microsoft Office\root\Templates\tyrkish action gay licking gorgeoushorny .mpg.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\trambling hidden titts mistress .rar.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\japanese porn gay girls .avi.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Program Files (x86)\Microsoft\Temp\swedish handjob blowjob hot (!) (Karin).mpeg.exe	3c8c6a27294a013666ca0997458f3980N.exe

Drops file in Windows directory 28 IoCs

description	ioc	Process
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\black cumshot lesbian masturbation feet beautyfull (Melissa).mpeg.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\russian cumshot beast [bangbus] beautyfull .zip.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\swedish kicking horse catfight cock gorgeoushorny .avi.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Windows\assembly\temp\tyrkish action lingerie full movie (Samantha).rar.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\beast masturbation (Tatjana).rar.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\tyrkish action hardcore lesbian hole .zip.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\lesbian girls 40+ (Anniston,Tatjana).rar.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\lingerie masturbation granny .mpg.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\russian kicking beast masturbation glans .zip.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Windows\InputMethod\SHARED\swedish kicking hardcore catfight hole 40+ (Samantha).mpg.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Windows\security\templates\swedish gang bang fucking masturbation (Melissa).rar.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\black handjob fucking uncut titts (Britney,Sylvia).zip.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\lesbian voyeur .mpg.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\italian handjob fucking full movie .rar.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\russian handjob fucking lesbian .avi.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Windows\assembly\tmp\brasilian gang bang blowjob hot (!) hole YEâPSè& (Sylvia).mpg.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\fucking public .mpeg.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Windows\SoftwareDistribution\Download\american kicking gay [milf] (Curtney).mpg.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Windows\CbsTemp\norwegian blowjob voyeur penetration .avi.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Windows\Downloaded Program Files\japanese gang bang beast hidden hole .rar.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Windows\PLA\Templates\swedish porn horse masturbation .rar.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\xxx sleeping high heels .zip.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\tyrkish kicking beast girls .rar.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\blowjob [milf] .mpg.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\russian animal beast full movie titts redhair (Liz).avi.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Windows\mssrv.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\blowjob voyeur .avi.exe	3c8c6a27294a013666ca0997458f3980N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\brasilian cumshot blowjob full movie circumcision .mpg.exe	3c8c6a27294a013666ca0997458f3980N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 30 IoCs

pid	Process
1836	3c8c6a27294a013666ca0997458f3980N.exe
1836	3c8c6a27294a013666ca0997458f3980N.exe
1384	3c8c6a27294a013666ca0997458f3980N.exe
1384	3c8c6a27294a013666ca0997458f3980N.exe
1836	3c8c6a27294a013666ca0997458f3980N.exe
1836	3c8c6a27294a013666ca0997458f3980N.exe
1548	3c8c6a27294a013666ca0997458f3980N.exe
1548	3c8c6a27294a013666ca0997458f3980N.exe
3640	3c8c6a27294a013666ca0997458f3980N.exe
3640	3c8c6a27294a013666ca0997458f3980N.exe
1384	3c8c6a27294a013666ca0997458f3980N.exe
1384	3c8c6a27294a013666ca0997458f3980N.exe
1836	3c8c6a27294a013666ca0997458f3980N.exe
1836	3c8c6a27294a013666ca0997458f3980N.exe
1844	3c8c6a27294a013666ca0997458f3980N.exe
1844	3c8c6a27294a013666ca0997458f3980N.exe
2880	3c8c6a27294a013666ca0997458f3980N.exe
2880	3c8c6a27294a013666ca0997458f3980N.exe
1384	3c8c6a27294a013666ca0997458f3980N.exe
1384	3c8c6a27294a013666ca0997458f3980N.exe
2708	3c8c6a27294a013666ca0997458f3980N.exe
2708	3c8c6a27294a013666ca0997458f3980N.exe
1836	3c8c6a27294a013666ca0997458f3980N.exe
1836	3c8c6a27294a013666ca0997458f3980N.exe
1892	3c8c6a27294a013666ca0997458f3980N.exe
1892	3c8c6a27294a013666ca0997458f3980N.exe
1548	3c8c6a27294a013666ca0997458f3980N.exe
1548	3c8c6a27294a013666ca0997458f3980N.exe
3640	3c8c6a27294a013666ca0997458f3980N.exe
3640	3c8c6a27294a013666ca0997458f3980N.exe

Suspicious use of WriteProcessMemory 45 IoCs

description	pid	Process	procid_target
PID 1836 wrote to memory of 1384	1836	3c8c6a27294a013666ca0997458f3980N.exe	87
PID 1836 wrote to memory of 1384	1836	3c8c6a27294a013666ca0997458f3980N.exe	87
PID 1836 wrote to memory of 1384	1836	3c8c6a27294a013666ca0997458f3980N.exe	87
PID 1384 wrote to memory of 1548	1384	3c8c6a27294a013666ca0997458f3980N.exe	92
PID 1384 wrote to memory of 1548	1384	3c8c6a27294a013666ca0997458f3980N.exe	92
PID 1384 wrote to memory of 1548	1384	3c8c6a27294a013666ca0997458f3980N.exe	92
PID 1836 wrote to memory of 3640	1836	3c8c6a27294a013666ca0997458f3980N.exe	93
PID 1836 wrote to memory of 3640	1836	3c8c6a27294a013666ca0997458f3980N.exe	93
PID 1836 wrote to memory of 3640	1836	3c8c6a27294a013666ca0997458f3980N.exe	93
PID 1384 wrote to memory of 1844	1384	3c8c6a27294a013666ca0997458f3980N.exe	94
PID 1384 wrote to memory of 1844	1384	3c8c6a27294a013666ca0997458f3980N.exe	94
PID 1384 wrote to memory of 1844	1384	3c8c6a27294a013666ca0997458f3980N.exe	94
PID 1836 wrote to memory of 2880	1836	3c8c6a27294a013666ca0997458f3980N.exe	95
PID 1836 wrote to memory of 2880	1836	3c8c6a27294a013666ca0997458f3980N.exe	95
PID 1836 wrote to memory of 2880	1836	3c8c6a27294a013666ca0997458f3980N.exe	95
PID 1548 wrote to memory of 2708	1548	3c8c6a27294a013666ca0997458f3980N.exe	96
PID 1548 wrote to memory of 2708	1548	3c8c6a27294a013666ca0997458f3980N.exe	96
PID 1548 wrote to memory of 2708	1548	3c8c6a27294a013666ca0997458f3980N.exe	96
PID 3640 wrote to memory of 1892	3640	3c8c6a27294a013666ca0997458f3980N.exe	97
PID 3640 wrote to memory of 1892	3640	3c8c6a27294a013666ca0997458f3980N.exe	97
PID 3640 wrote to memory of 1892	3640	3c8c6a27294a013666ca0997458f3980N.exe	97
PID 1844 wrote to memory of 4860	1844	3c8c6a27294a013666ca0997458f3980N.exe	99
PID 1844 wrote to memory of 4860	1844	3c8c6a27294a013666ca0997458f3980N.exe	99
PID 1844 wrote to memory of 4860	1844	3c8c6a27294a013666ca0997458f3980N.exe	99
PID 1384 wrote to memory of 4820	1384	3c8c6a27294a013666ca0997458f3980N.exe	100
PID 1384 wrote to memory of 4820	1384	3c8c6a27294a013666ca0997458f3980N.exe	100
PID 1384 wrote to memory of 4820	1384	3c8c6a27294a013666ca0997458f3980N.exe	100
PID 1836 wrote to memory of 4924	1836	3c8c6a27294a013666ca0997458f3980N.exe	101
PID 1836 wrote to memory of 4924	1836	3c8c6a27294a013666ca0997458f3980N.exe	101
PID 1836 wrote to memory of 4924	1836	3c8c6a27294a013666ca0997458f3980N.exe	101
PID 1548 wrote to memory of 1648	1548	3c8c6a27294a013666ca0997458f3980N.exe	102
PID 1548 wrote to memory of 1648	1548	3c8c6a27294a013666ca0997458f3980N.exe	102
PID 1548 wrote to memory of 1648	1548	3c8c6a27294a013666ca0997458f3980N.exe	102
PID 3640 wrote to memory of 4688	3640	3c8c6a27294a013666ca0997458f3980N.exe	103
PID 3640 wrote to memory of 4688	3640	3c8c6a27294a013666ca0997458f3980N.exe	103
PID 3640 wrote to memory of 4688	3640	3c8c6a27294a013666ca0997458f3980N.exe	103
PID 2880 wrote to memory of 5112	2880	3c8c6a27294a013666ca0997458f3980N.exe	104
PID 2880 wrote to memory of 5112	2880	3c8c6a27294a013666ca0997458f3980N.exe	104
PID 2880 wrote to memory of 5112	2880	3c8c6a27294a013666ca0997458f3980N.exe	104
PID 1892 wrote to memory of 3840	1892	3c8c6a27294a013666ca0997458f3980N.exe	105
PID 1892 wrote to memory of 3840	1892	3c8c6a27294a013666ca0997458f3980N.exe	105
PID 1892 wrote to memory of 3840	1892	3c8c6a27294a013666ca0997458f3980N.exe	105
PID 2708 wrote to memory of 4672	2708	3c8c6a27294a013666ca0997458f3980N.exe	106
PID 2708 wrote to memory of 4672	2708	3c8c6a27294a013666ca0997458f3980N.exe	106
PID 2708 wrote to memory of 4672	2708	3c8c6a27294a013666ca0997458f3980N.exe	106

C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
"C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1836
- C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
  "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1384
- - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1548
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2708
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:4672
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        7⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        8⤵
        
        PID:10048
        
        C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        9⤵
        
        PID:20104
        
        C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        8⤵
        
        PID:13896
        
        C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        8⤵
        
        PID:12044
        
        C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        7⤵
        
        PID:7884
        
        C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        8⤵
        
        PID:17480
        
        C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        7⤵
        
        PID:11148
        
        C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        7⤵
        
        PID:15980
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        7⤵
        
        PID:9136
        
        C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        8⤵
        
        PID:20036
        
        C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        7⤵
        
        PID:12672
        
        C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        7⤵
        
        PID:18252
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:7064
        
        C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        7⤵
        
        PID:13216
        
        C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        7⤵
        
        PID:8672
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        7⤵
        
        PID:20280
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:14072
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:18676
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:1196
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        7⤵
        
        PID:9284
        
        C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        8⤵
        
        PID:19308
        
        C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        7⤵
        
        PID:13404
        
        C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        7⤵
        
        PID:8940
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:7488
        
        C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        7⤵
        
        PID:15736
        
        C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        7⤵
        
        PID:22028
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:10636
        
        C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        7⤵
        
        PID:21044
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:15020
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:19960
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:5436
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:8280
        
        C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        7⤵
        
        PID:17528
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:11612
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:16556
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:6852
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:12708
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:15660
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:9056
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:18932
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:12644
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:18156
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:1648
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:3780
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:6176
        
        C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        7⤵
        
        PID:9956
        
        C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        8⤵
        
        PID:20096
        
        C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        7⤵
        
        PID:14088
        
        C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        7⤵
        
        PID:18748
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:7676
        
        C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        7⤵
        
        PID:15996
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:10744
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:15296
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:14764
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:5768
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:8748
        
        C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        7⤵
        
        PID:5280
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:11840
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:17040
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:7380
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:15404
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:20824
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:10324
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:20120
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:14380
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:19196
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:4624
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:5780
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:9208
        
        C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        7⤵
        
        PID:19368
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:12820
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:6752
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:7400
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:15728
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:21872
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:10620
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:21860
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:14956
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:19532
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:5396
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:8776
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:18412
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:11852
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:16804
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:6792
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:12460
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:17852
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:8964
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:18668
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:12376
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:3100
- - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1844
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:4860
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:3264
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:5912
        
        C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        7⤵
        
        PID:9220
        
        C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        8⤵
        
        PID:20136
        
        C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        7⤵
        
        PID:13232
        
        C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        7⤵
        
        PID:8932
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:7424
        
        C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        7⤵
        
        PID:15916
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:10612
        
        C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        7⤵
        
        PID:21028
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:14964
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:19880
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:5272
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        7⤵
        
        PID:1240
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:11164
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:16028
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:6608
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:11808
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:16968
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:8800
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:18620
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:11920
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:16820
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:4968
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:5128
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:6640
        
        C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        7⤵
        
        PID:12404
        
        C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        7⤵
        
        PID:15280
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:8624
        
        C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        7⤵
        
        PID:13228
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:12088
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:16796
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:6396
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:10124
        
        C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        7⤵
        
        PID:21068
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:14056
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:18756
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:8052
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:17520
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:11388
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:660
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:3404
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:6632
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:12396
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:17464
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:8848
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:13256
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:12080
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:16788
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:6368
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:10224
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:21020
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:14128
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:18940
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:7968
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:3368
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:11172
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:16248
- - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
    3⤵
    PID:4820
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:2224
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:6068
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:9200
        
        C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        7⤵
        
        PID:19360
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:12972
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:7504
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:7540
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:15700
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:21880
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:10752
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:15328
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:5632
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:5452
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:8552
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:2628
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:11872
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:16812
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:6956
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:12792
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:6228
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:9144
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:19316
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:12632
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:18148
- - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
    3⤵
    PID:2252
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:5256
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:8012
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:17512
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:11396
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:16268
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:6560
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:10780
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:21424
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:15384
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:20708
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:8524
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:18244
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:11800
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:16764
- - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
    3⤵
    PID:5212
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:6996
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:12688
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:6568
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:9268
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:20048
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:13496
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:12152
- - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
    3⤵
    PID:6464
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:10432
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:21208
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:14484
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:19280
- - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
    3⤵
    PID:8264
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:17496
- - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
    3⤵
    PID:11408
- - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
    3⤵
    PID:1736
- C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
  "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3640
- - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1892
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:3840
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:1840
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        7⤵
        
        PID:9968
        
        C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        8⤵
        
        PID:20128
        
        C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        7⤵
        
        PID:14096
        
        C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        7⤵
        
        PID:18720
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:7900
        
        C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        7⤵
        
        PID:15900
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:11156
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:16004
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:5856
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:9128
        
        C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        7⤵
        
        PID:20112
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:12612
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:18128
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:7184
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:13860
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:9304
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:9832
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:20144
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:14080
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:18712
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:1096
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:6160
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:10092
        
        C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        7⤵
        
        PID:20056
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:13984
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:13212
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:7480
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:17536
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:10604
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:21036
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:14844
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:19496
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:5404
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:8340
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:18216
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:11480
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:380
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:6860
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:12620
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:18140
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:9160
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:19132
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:13060
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:8580
- - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
    3⤵
    PID:4688
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:1752
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:6232
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        7⤵
        
        PID:21076
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:14120
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:19004
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:7800
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:15744
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:21912
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:10720
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:4184
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:15100
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:5864
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:4400
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:19288
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:13248
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:2128
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:7408
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:15508
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:20724
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:10532
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:21084
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:14596
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:14292
- - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
    3⤵
    PID:4792
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:6076
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:9168
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:20080
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:12964
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:8256
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:7552
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:16036
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:10728
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:21376
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:15196
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:20232
- - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
    3⤵
    PID:5308
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:7440
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:15572
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:21200
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:10676
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:21092
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:15284
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:14636
- - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
    3⤵
    PID:6616
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:12320
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:17048
- - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
    3⤵
    PID:8820
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:18660
- - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
    3⤵
    PID:11928
- - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
    3⤵
    PID:16772
- C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
  "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2880
- - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
    3⤵
    PID:5112
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:3324
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:6272
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:10136
        
        C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        7⤵
        
        PID:20272
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:14016
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:18652
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:7864
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:17488
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:11032
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:15988
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:5888
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:9192
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:19348
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:12812
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:6972
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:7448
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:15528
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:21012
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:10628
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:21216
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:14620
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:14272
- - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
    3⤵
    PID:452
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:5904
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:9512
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:20072
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:13560
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:8948
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:7416
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:15488
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:20716
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:10736
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:21528
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:15336
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:15032
- - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
    3⤵
    PID:5424
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:9064
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:18764
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:12652
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:18172
- - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
    3⤵
    PID:6816
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:12440
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:17472
- - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
    3⤵
    PID:8980
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:18612
- - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
    3⤵
    PID:12388
- - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
    3⤵
    PID:17208
- C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
  "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
  2⤵
  PID:4924
- - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
    3⤵
    PID:2924
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:6240
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:10112
      - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        6⤵
        
        PID:20152
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:14048
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:18644
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:7848
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:15876
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:11024
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:15972
- - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
    3⤵
    PID:5648
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:9152
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:19124
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:12680
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:18164
- - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
    3⤵
    PID:7004
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:13412
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:9076
- - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
    3⤵
    PID:9276
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:20064
- - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
    3⤵
    PID:13396
- - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
    3⤵
    PID:8784
- C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
  "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
  2⤵
  PID:1952
- - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
    3⤵
    PID:5300
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:7372
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:15412
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:20576
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:10356
    - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
        5⤵
        
        PID:20088
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:14392
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:19184
- - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
    3⤵
    PID:6624
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:12176
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:17056
- - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
    3⤵
    PID:8828
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:12500
- - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
    3⤵
    PID:12072
- - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
    3⤵
    PID:16780
- C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
  "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
  2⤵
  PID:5184
- - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
    3⤵
    PID:6656
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:12448
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:1576
- - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
    3⤵
    PID:8924
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:18600
- - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
    3⤵
    PID:12196
- - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
    3⤵
    PID:17196
- C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
  "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
  2⤵
  PID:6500
- - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
    3⤵
    PID:10104
  - - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
      "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
      4⤵
      PID:20160
- - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
    3⤵
    PID:13996
- - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
    3⤵
    PID:13172
- C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
  "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
  2⤵
  PID:8512
- - C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
    "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
    3⤵
    PID:18224
- C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
  "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
  2⤵
  PID:11748
- C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe
  "C:\Users\Admin\AppData\Local\Temp\3c8c6a27294a013666ca0997458f3980N.exe"
  2⤵
  PID:16568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\trambling hidden titts mistress .rar.exe

Filesize
282KB

MD5
0f01d47a88a39e6435a9bdee8202c52c

SHA1
9d4f36e2f6d2ad9d5622ecce39d582b01883f04f

SHA256
1d3ff931d190fb06b31504cafba58e37afd9a97a71ef4a6320c9116ec690394c

SHA512
d40150f1df035096ba7e496b7e18f9b3c9b40175480172fa62e680b587cc825f8c89ce338103a4860005b311601cb885ae28d9b6a070a1117ce9d9d872b29dad

Download Submit