ffc9c7c42257085bfc357166af588afe87210dc1da64490832db27919bdc7504

Analysis

max time kernel
115s
max time network
64s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 07:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

87703ea84056a117f07ce15aab3bda00N.exe
Size

91KB
MD5

87703ea84056a117f07ce15aab3bda00
SHA1

30dba80dcf19bb99e635bfb455996671890d026b
SHA256

ffc9c7c42257085bfc357166af588afe87210dc1da64490832db27919bdc7504
SHA512

99e987040b9d9f7bedc84459ee0a66238001c03a9ab00ed78291b86f5805395205e0a83ed3df0ed074838de034cb31f7065e4173256132f4ba8f8591d4a9afe7
SSDEEP

1536:dS2vOUHVOKZWwrgdGPiiv9vgmh7vfaOe/pwFquLFUTQnN3R9M5WLiVwt3B7H:djzhZWxivgmhbI/pqqsFUCN3R9MI+QB

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	87703ea84056a117f07ce15aab3bda00N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	87703ea84056a117f07ce15aab3bda00N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	87703ea84056a117f07ce15aab3bda00N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	87703ea84056a117f07ce15aab3bda00N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	87703ea84056a117f07ce15aab3bda00N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	87703ea84056a117f07ce15aab3bda00N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	87703ea84056a117f07ce15aab3bda00N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	87703ea84056a117f07ce15aab3bda00N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	87703ea84056a117f07ce15aab3bda00N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	87703ea84056a117f07ce15aab3bda00N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	87703ea84056a117f07ce15aab3bda00N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	87703ea84056a117f07ce15aab3bda00N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	87703ea84056a117f07ce15aab3bda00N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	87703ea84056a117f07ce15aab3bda00N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	87703ea84056a117f07ce15aab3bda00N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	87703ea84056a117f07ce15aab3bda00N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	87703ea84056a117f07ce15aab3bda00N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\N:	87703ea84056a117f07ce15aab3bda00N.exe
File opened (read-only)	\??\O:	87703ea84056a117f07ce15aab3bda00N.exe
File opened (read-only)	\??\R:	87703ea84056a117f07ce15aab3bda00N.exe
File opened (read-only)	\??\U:	87703ea84056a117f07ce15aab3bda00N.exe
File opened (read-only)	\??\W:	87703ea84056a117f07ce15aab3bda00N.exe
File opened (read-only)	\??\H:	87703ea84056a117f07ce15aab3bda00N.exe
File opened (read-only)	\??\J:	87703ea84056a117f07ce15aab3bda00N.exe
File opened (read-only)	\??\P:	87703ea84056a117f07ce15aab3bda00N.exe
File opened (read-only)	\??\Q:	87703ea84056a117f07ce15aab3bda00N.exe
File opened (read-only)	\??\S:	87703ea84056a117f07ce15aab3bda00N.exe
File opened (read-only)	\??\Z:	87703ea84056a117f07ce15aab3bda00N.exe
File opened (read-only)	\??\A:	87703ea84056a117f07ce15aab3bda00N.exe
File opened (read-only)	\??\G:	87703ea84056a117f07ce15aab3bda00N.exe
File opened (read-only)	\??\K:	87703ea84056a117f07ce15aab3bda00N.exe
File opened (read-only)	\??\L:	87703ea84056a117f07ce15aab3bda00N.exe
File opened (read-only)	\??\M:	87703ea84056a117f07ce15aab3bda00N.exe
File opened (read-only)	\??\T:	87703ea84056a117f07ce15aab3bda00N.exe
File opened (read-only)	\??\X:	87703ea84056a117f07ce15aab3bda00N.exe
File opened (read-only)	\??\B:	87703ea84056a117f07ce15aab3bda00N.exe
File opened (read-only)	\??\I:	87703ea84056a117f07ce15aab3bda00N.exe
File opened (read-only)	\??\V:	87703ea84056a117f07ce15aab3bda00N.exe
File opened (read-only)	\??\Y:	87703ea84056a117f07ce15aab3bda00N.exe
File opened (read-only)	\??\E:	87703ea84056a117f07ce15aab3bda00N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\russian cumshot lesbian licking swallow .rar.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\SysWOW64\FxsTmp\action bukkake public penetration .mpg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\russian cumshot hardcore voyeur glans ash (Tatjana).rar.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\italian animal gay lesbian feet shower (Jade).rar.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\black beastiality hardcore big titts ¼ë .mpg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\blowjob lesbian (Sylvia).rar.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\indian gang bang lingerie full movie (Liz).avi.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\fucking catfight feet black hairunshaved .rar.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\System32\DriverStore\Temp\russian action sperm [free] titts wifey .mpg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\lingerie [free] mature .mpg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\horse [bangbus] titts (Sonja,Sarah).mpeg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\SysWOW64\FxsTmp\cumshot xxx masturbation hole (Sonja,Curtney).rar.exe	87703ea84056a117f07ce15aab3bda00N.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\american nude trambling masturbation titts .mpg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Program Files (x86)\Google\Temp\indian kicking bukkake big titts (Sonja,Karin).mpg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Program Files (x86)\Google\Update\Download\black nude hardcore [bangbus] swallow .avi.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\american action bukkake public penetration .rar.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\horse several models beautyfull .zip.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Program Files\dotnet\shared\horse several models .rar.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Program Files\Microsoft Office\root\Templates\japanese gang bang hardcore uncut feet ejaculation .zip.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\xxx big hole hairy (Curtney).zip.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\italian animal trambling full movie stockings .rar.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Program Files (x86)\Microsoft\Temp\hardcore licking cock stockings .rar.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Program Files\Common Files\microsoft shared\blowjob uncut femdom .mpeg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\american horse beast full movie titts bedroom (Jade).avi.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\spanish gay [bangbus] .mpeg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\fucking several models cock blondie .avi.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\hardcore full movie feet femdom (Janette).rar.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\lingerie masturbation (Curtney).mpg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\blowjob girls glans mature .mpg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\italian fetish bukkake several models .mpg.exe	87703ea84056a117f07ce15aab3bda00N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\british blowjob several models cock girly .avi.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\nude lingerie [free] (Karin).mpeg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\norwegian sperm voyeur (Liz).rar.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\british lesbian full movie cock .mpg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\german gay public feet leather .avi.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\swedish beastiality horse [bangbus] Ôï .mpeg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\lesbian uncut feet mature .zip.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\asian trambling catfight .mpeg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\cum sperm licking titts .zip.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\swedish horse blowjob licking stockings (Kathrin,Melissa).avi.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\danish handjob sperm [milf] high heels .avi.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\british hardcore masturbation black hairunshaved .avi.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\danish nude lingerie masturbation glans hotel .zip.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\american beastiality lesbian hidden titts .mpeg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\black gang bang trambling catfight titts beautyfull .rar.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\gay lesbian glans (Christine,Tatjana).rar.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\indian horse trambling voyeur upskirt .avi.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\black horse gay hidden .mpeg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\german sperm voyeur hole .mpeg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\norwegian xxx [free] feet .mpeg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\fetish sperm [free] .rar.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\russian animal hardcore masturbation titts pregnant .rar.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\SoftwareDistribution\Download\american nude hardcore hidden cock shower (Jade).mpg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\animal bukkake hidden feet blondie .mpg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\canadian hardcore voyeur cock femdom .mpg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\hardcore hidden shower .mpg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\black kicking hardcore several models redhair .avi.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_it-it_72a319bf8ee74a9b\cum hardcore girls hole 50+ .mpeg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\black kicking lingerie public feet .avi.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\horse hardcore lesbian upskirt .mpg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\danish action gay hot (!) fishy .mpeg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\blowjob big hotel (Sandy,Tatjana).avi.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\xxx uncut traffic .zip.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\lesbian voyeur penetration .mpeg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\black gang bang xxx [free] .mpeg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\spanish lingerie lesbian cock circumcision .zip.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\american porn bukkake full movie young .avi.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\cum beast several models girly .rar.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\beastiality bukkake masturbation feet .mpeg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_de-de_3d077a9cd5de5151\american beastiality sperm voyeur (Melissa).zip.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\CbsTemp\italian action hardcore public glans penetration .rar.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\sperm masturbation (Karin).mpg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\italian beastiality fucking girls glans .mpeg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\spanish beast catfight (Melissa).mpeg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\bukkake public boots (Sonja,Karin).avi.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\indian horse gay several models stockings (Sonja,Tatjana).mpeg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\danish cumshot trambling hot (!) swallow .mpg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\Downloaded Program Files\gay uncut (Karin).avi.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\xxx girls shower .avi.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\action beast lesbian upskirt .rar.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\blowjob full movie .mpg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\chinese fucking [free] .zip.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\tyrkish horse xxx catfight (Melissa).rar.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\japanese kicking lingerie [milf] hole (Christine,Curtney).rar.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\african horse licking hole .mpg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\asian trambling [milf] .avi.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\xxx hidden circumcision .avi.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\horse beast lesbian titts .avi.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\danish fetish beast hidden titts redhair (Liz).mpeg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\sperm [milf] .mpg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\PLA\Templates\tyrkish horse lingerie hot (!) .mpeg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\cumshot beast sleeping .mpg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\danish fetish blowjob catfight mature .mpg.exe	87703ea84056a117f07ce15aab3bda00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\beast several models glans shoes .zip.exe	87703ea84056a117f07ce15aab3bda00N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2928	87703ea84056a117f07ce15aab3bda00N.exe
2928	87703ea84056a117f07ce15aab3bda00N.exe
3692	87703ea84056a117f07ce15aab3bda00N.exe
3692	87703ea84056a117f07ce15aab3bda00N.exe
2928	87703ea84056a117f07ce15aab3bda00N.exe
2928	87703ea84056a117f07ce15aab3bda00N.exe
1104	87703ea84056a117f07ce15aab3bda00N.exe
1104	87703ea84056a117f07ce15aab3bda00N.exe
2760	87703ea84056a117f07ce15aab3bda00N.exe
2760	87703ea84056a117f07ce15aab3bda00N.exe
2928	87703ea84056a117f07ce15aab3bda00N.exe
2928	87703ea84056a117f07ce15aab3bda00N.exe
3692	87703ea84056a117f07ce15aab3bda00N.exe
3692	87703ea84056a117f07ce15aab3bda00N.exe
4316	87703ea84056a117f07ce15aab3bda00N.exe
4316	87703ea84056a117f07ce15aab3bda00N.exe
1104	87703ea84056a117f07ce15aab3bda00N.exe
1104	87703ea84056a117f07ce15aab3bda00N.exe
2928	87703ea84056a117f07ce15aab3bda00N.exe
2928	87703ea84056a117f07ce15aab3bda00N.exe
2376	87703ea84056a117f07ce15aab3bda00N.exe
2376	87703ea84056a117f07ce15aab3bda00N.exe
4928	87703ea84056a117f07ce15aab3bda00N.exe
4928	87703ea84056a117f07ce15aab3bda00N.exe
3692	87703ea84056a117f07ce15aab3bda00N.exe
3692	87703ea84056a117f07ce15aab3bda00N.exe
2760	87703ea84056a117f07ce15aab3bda00N.exe
2760	87703ea84056a117f07ce15aab3bda00N.exe
3236	87703ea84056a117f07ce15aab3bda00N.exe
3236	87703ea84056a117f07ce15aab3bda00N.exe
1444	87703ea84056a117f07ce15aab3bda00N.exe
1444	87703ea84056a117f07ce15aab3bda00N.exe
2928	87703ea84056a117f07ce15aab3bda00N.exe
2928	87703ea84056a117f07ce15aab3bda00N.exe
1104	87703ea84056a117f07ce15aab3bda00N.exe
1104	87703ea84056a117f07ce15aab3bda00N.exe
3508	87703ea84056a117f07ce15aab3bda00N.exe
3508	87703ea84056a117f07ce15aab3bda00N.exe
3796	87703ea84056a117f07ce15aab3bda00N.exe
3796	87703ea84056a117f07ce15aab3bda00N.exe
4316	87703ea84056a117f07ce15aab3bda00N.exe
4316	87703ea84056a117f07ce15aab3bda00N.exe
3692	87703ea84056a117f07ce15aab3bda00N.exe
3692	87703ea84056a117f07ce15aab3bda00N.exe
3288	87703ea84056a117f07ce15aab3bda00N.exe
3288	87703ea84056a117f07ce15aab3bda00N.exe
2760	87703ea84056a117f07ce15aab3bda00N.exe
2760	87703ea84056a117f07ce15aab3bda00N.exe
1544	87703ea84056a117f07ce15aab3bda00N.exe
1544	87703ea84056a117f07ce15aab3bda00N.exe
4648	87703ea84056a117f07ce15aab3bda00N.exe
4648	87703ea84056a117f07ce15aab3bda00N.exe
1856	87703ea84056a117f07ce15aab3bda00N.exe
1856	87703ea84056a117f07ce15aab3bda00N.exe
2376	87703ea84056a117f07ce15aab3bda00N.exe
2376	87703ea84056a117f07ce15aab3bda00N.exe
4928	87703ea84056a117f07ce15aab3bda00N.exe
4928	87703ea84056a117f07ce15aab3bda00N.exe
1220	87703ea84056a117f07ce15aab3bda00N.exe
1220	87703ea84056a117f07ce15aab3bda00N.exe
2912	87703ea84056a117f07ce15aab3bda00N.exe
2912	87703ea84056a117f07ce15aab3bda00N.exe
3236	87703ea84056a117f07ce15aab3bda00N.exe
1412	87703ea84056a117f07ce15aab3bda00N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2928 wrote to memory of 3692	2928	87703ea84056a117f07ce15aab3bda00N.exe	87
PID 2928 wrote to memory of 3692	2928	87703ea84056a117f07ce15aab3bda00N.exe	87
PID 2928 wrote to memory of 3692	2928	87703ea84056a117f07ce15aab3bda00N.exe	87
PID 2928 wrote to memory of 1104	2928	87703ea84056a117f07ce15aab3bda00N.exe	91
PID 2928 wrote to memory of 1104	2928	87703ea84056a117f07ce15aab3bda00N.exe	91
PID 2928 wrote to memory of 1104	2928	87703ea84056a117f07ce15aab3bda00N.exe	91
PID 3692 wrote to memory of 2760	3692	87703ea84056a117f07ce15aab3bda00N.exe	92
PID 3692 wrote to memory of 2760	3692	87703ea84056a117f07ce15aab3bda00N.exe	92
PID 3692 wrote to memory of 2760	3692	87703ea84056a117f07ce15aab3bda00N.exe	92
PID 1104 wrote to memory of 1660	1104	87703ea84056a117f07ce15aab3bda00N.exe	94
PID 1104 wrote to memory of 1660	1104	87703ea84056a117f07ce15aab3bda00N.exe	94
PID 1104 wrote to memory of 1660	1104	87703ea84056a117f07ce15aab3bda00N.exe	94
PID 2928 wrote to memory of 4316	2928	87703ea84056a117f07ce15aab3bda00N.exe	95
PID 2928 wrote to memory of 4316	2928	87703ea84056a117f07ce15aab3bda00N.exe	95
PID 2928 wrote to memory of 4316	2928	87703ea84056a117f07ce15aab3bda00N.exe	95
PID 3692 wrote to memory of 2376	3692	87703ea84056a117f07ce15aab3bda00N.exe	96
PID 3692 wrote to memory of 2376	3692	87703ea84056a117f07ce15aab3bda00N.exe	96
PID 3692 wrote to memory of 2376	3692	87703ea84056a117f07ce15aab3bda00N.exe	96
PID 2760 wrote to memory of 4928	2760	87703ea84056a117f07ce15aab3bda00N.exe	97
PID 2760 wrote to memory of 4928	2760	87703ea84056a117f07ce15aab3bda00N.exe	97
PID 2760 wrote to memory of 4928	2760	87703ea84056a117f07ce15aab3bda00N.exe	97
PID 2928 wrote to memory of 1444	2928	87703ea84056a117f07ce15aab3bda00N.exe	99
PID 2928 wrote to memory of 1444	2928	87703ea84056a117f07ce15aab3bda00N.exe	99
PID 2928 wrote to memory of 1444	2928	87703ea84056a117f07ce15aab3bda00N.exe	99
PID 1104 wrote to memory of 3236	1104	87703ea84056a117f07ce15aab3bda00N.exe	100
PID 1104 wrote to memory of 3236	1104	87703ea84056a117f07ce15aab3bda00N.exe	100
PID 1104 wrote to memory of 3236	1104	87703ea84056a117f07ce15aab3bda00N.exe	100
PID 4316 wrote to memory of 3508	4316	87703ea84056a117f07ce15aab3bda00N.exe	101
PID 4316 wrote to memory of 3508	4316	87703ea84056a117f07ce15aab3bda00N.exe	101
PID 4316 wrote to memory of 3508	4316	87703ea84056a117f07ce15aab3bda00N.exe	101
PID 3692 wrote to memory of 3796	3692	87703ea84056a117f07ce15aab3bda00N.exe	102
PID 3692 wrote to memory of 3796	3692	87703ea84056a117f07ce15aab3bda00N.exe	102
PID 3692 wrote to memory of 3796	3692	87703ea84056a117f07ce15aab3bda00N.exe	102
PID 2760 wrote to memory of 1544	2760	87703ea84056a117f07ce15aab3bda00N.exe	103
PID 2760 wrote to memory of 1544	2760	87703ea84056a117f07ce15aab3bda00N.exe	103
PID 2760 wrote to memory of 1544	2760	87703ea84056a117f07ce15aab3bda00N.exe	103
PID 2376 wrote to memory of 4648	2376	87703ea84056a117f07ce15aab3bda00N.exe	105
PID 2376 wrote to memory of 4648	2376	87703ea84056a117f07ce15aab3bda00N.exe	105
PID 2376 wrote to memory of 4648	2376	87703ea84056a117f07ce15aab3bda00N.exe	105
PID 4928 wrote to memory of 1856	4928	87703ea84056a117f07ce15aab3bda00N.exe	106
PID 4928 wrote to memory of 1856	4928	87703ea84056a117f07ce15aab3bda00N.exe	106
PID 4928 wrote to memory of 1856	4928	87703ea84056a117f07ce15aab3bda00N.exe	106
PID 3236 wrote to memory of 1220	3236	87703ea84056a117f07ce15aab3bda00N.exe	108
PID 3236 wrote to memory of 1220	3236	87703ea84056a117f07ce15aab3bda00N.exe	108
PID 3236 wrote to memory of 1220	3236	87703ea84056a117f07ce15aab3bda00N.exe	108
PID 2928 wrote to memory of 2912	2928	87703ea84056a117f07ce15aab3bda00N.exe	109
PID 2928 wrote to memory of 2912	2928	87703ea84056a117f07ce15aab3bda00N.exe	109
PID 2928 wrote to memory of 2912	2928	87703ea84056a117f07ce15aab3bda00N.exe	109
PID 4316 wrote to memory of 1596	4316	87703ea84056a117f07ce15aab3bda00N.exe	110
PID 4316 wrote to memory of 1596	4316	87703ea84056a117f07ce15aab3bda00N.exe	110
PID 4316 wrote to memory of 1596	4316	87703ea84056a117f07ce15aab3bda00N.exe	110
PID 1104 wrote to memory of 1412	1104	87703ea84056a117f07ce15aab3bda00N.exe	111
PID 1104 wrote to memory of 1412	1104	87703ea84056a117f07ce15aab3bda00N.exe	111
PID 1104 wrote to memory of 1412	1104	87703ea84056a117f07ce15aab3bda00N.exe	111
PID 1444 wrote to memory of 3752	1444	87703ea84056a117f07ce15aab3bda00N.exe	112
PID 1444 wrote to memory of 3752	1444	87703ea84056a117f07ce15aab3bda00N.exe	112
PID 1444 wrote to memory of 3752	1444	87703ea84056a117f07ce15aab3bda00N.exe	112
PID 3692 wrote to memory of 544	3692	87703ea84056a117f07ce15aab3bda00N.exe	113
PID 3692 wrote to memory of 544	3692	87703ea84056a117f07ce15aab3bda00N.exe	113
PID 3692 wrote to memory of 544	3692	87703ea84056a117f07ce15aab3bda00N.exe	113
PID 2760 wrote to memory of 2720	2760	87703ea84056a117f07ce15aab3bda00N.exe	114
PID 2760 wrote to memory of 2720	2760	87703ea84056a117f07ce15aab3bda00N.exe	114
PID 2760 wrote to memory of 2720	2760	87703ea84056a117f07ce15aab3bda00N.exe	114
PID 3508 wrote to memory of 2412	3508	87703ea84056a117f07ce15aab3bda00N.exe	116

C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
"C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2928
- C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
  "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3692
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2760
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:4928
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:1856
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:5140
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:9468
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        9⤵
        
        PID:5176
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:13408
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:19324
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:7780
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:15832
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:10700
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:22568
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:16872
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:23332
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:5224
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:6548
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:12008
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:17968
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:17380
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:24072
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:10400
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:21512
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:14172
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:21016
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:6588
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:10424
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:16788
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:15024
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:21064
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:7672
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:17492
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:10308
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:16704
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:14188
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:21024
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:2036
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:6124
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:10092
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:20724
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:13704
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:20324
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:17356
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:10732
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:16396
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:22136
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:5240
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:7344
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:15824
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:10816
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:8940
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:18600
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:13200
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:17740
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:24096
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:6616
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:10468
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:20740
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:16324
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:13924
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:7624
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:15876
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:13188
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:11284
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:16484
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:16880
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:23136
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:1544
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:2020
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:6252
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:13760
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:21160
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:16160
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:1936
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:10316
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:22544
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:14152
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:20960
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:5232
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:7000
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:10540
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:16720
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:16308
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:14232
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:7544
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:15868
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:11276
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:10300
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:22584
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:14372
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:21032
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:6624
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:10452
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:17016
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:16316
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:22464
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:7640
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:16128
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:10136
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:10268
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:14048
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:14136
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:21008
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:6224
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:12132
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:18224
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:7812
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:14460
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:18408
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:11864
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:17500
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:5288
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:9344
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:4540
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:13416
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:19408
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:6844
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:11976
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:17732
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:7552
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:17664
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:10176
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:22480
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:13768
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:20696
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2376
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4648
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:6060
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:9536
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        8⤵
        
        PID:20520
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:13480
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:19496
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:16152
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:20276
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:10692
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:14212
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:1632
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:22656
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:5216
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:7796
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:17572
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:10548
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:22712
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:16388
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:22616
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:6640
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:13120
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:18260
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:7632
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:17656
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:24088
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:10252
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:17008
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:13520
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:19520
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:3768
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:6076
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:10492
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:22592
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:16332
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:14316
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:7820
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:15892
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:10140
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:10984
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:16896
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:5264
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:7732
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:17556
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:10716
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:14080
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:16364
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:16644
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:6664
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:13276
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:18272
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:7560
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:15816
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:3332
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:10184
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:22152
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:13592
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:20592
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:3796
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:4532
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:6216
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:11992
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:17748
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:7804
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:17508
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:11424
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:16888
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:22988
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:5256
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:8036
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:17484
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:11344
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:16824
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:16736
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:22720
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:6656
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:12016
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:17956
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:7664
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:18484
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:10260
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:20612
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:13504
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:19528
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:544
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:6068
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:9492
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:5124
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:13448
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:19416
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:7748
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:16076
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:4428
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:10656
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:16920
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:16292
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:22440
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:5296
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:9524
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:3656
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:13472
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:19504
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:6648
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:15800
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:5728
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:7680
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:15908
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:21520
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:10324
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:22560
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:13680
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:20688
- C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
  "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1104
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    - Checks computer location settings
    PID:1660
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:3288
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:4896
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:6092
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:12000
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:17940
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:7772
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:24064
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:10640
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:14056
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:16300
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:22448
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:5248
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:9484
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:5132
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:13432
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:19392
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:6716
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:11200
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:16452
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:22640
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:7584
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:18444
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:10368
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:16856
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:14144
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:20952
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:640
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:6232
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:12144
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:17948
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:7844
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:17388
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:24080
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:10724
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:22200
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:16460
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:22624
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:5280
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:7740
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:17524
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:10648
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:14324
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:16380
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:22608
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:6688
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:10408
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:20748
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:14464
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:21056
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:7616
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:16136
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:10900
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:10376
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:17076
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:14164
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:20944
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3236
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1220
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:4828
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:9460
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:3208
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:13496
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:19488
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:7528
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:15900
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:808
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:10276
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:22600
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:14180
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:21040
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:5208
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:6736
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:10860
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:13864
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:16648
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:22632
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:7568
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:17648
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:10392
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:17052
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:13528
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:19540
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:6600
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:10416
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:22576
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:15476
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:21152
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:7656
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:17404
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:10284
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:17056
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:14280
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:21048
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1412
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:6244
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:10460
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:22704
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:16348
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:22456
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:7704
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:17580
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:24056
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:11432
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:22696
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:17412
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:23340
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:5320
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:7852
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:16144
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:1408
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:10740
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:16672
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:16436
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:22664
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:6680
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:15724
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:21356
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:7592
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:17396
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:18504
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:10432
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:16676
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:15040
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:21144
- C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
  "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4316
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3508
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:2412
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:6084
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:10084
        
        C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        7⤵
        
        PID:20716
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:14092
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:20928
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:7764
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:17564
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:11832
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:17364
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:5272
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:7536
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:15792
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:1800
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:10288
      - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        6⤵
        
        PID:22144
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:14128
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:21168
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:6704
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:12172
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:18232
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:7608
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:16068
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:10836
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:10216
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:13896
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:20936
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:1596
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:6108
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:12116
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:18252
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:7788
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:15884
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:10920
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:10676
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:16924
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:16340
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:14196
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:5312
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:9452
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:20584
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:13424
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:19400
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:6696
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:10500
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:20756
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:16444
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:16616
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:7576
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:16060
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:10904
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:10244
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:16956
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:13488
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:19472
- C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
  "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1444
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:3752
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:6132
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:13288
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:18240
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:7836
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:18608
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:10708
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:21484
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:16356
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:22472
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:5304
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:9476
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:20528
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:13440
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:19480
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:6672
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:10684
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:22536
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:16372
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:22648
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:7600
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:17420
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:10224
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:22552
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:13740
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:20604
- C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
  "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2912
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:6116
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:10160
    - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
        5⤵
        
        PID:14072
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:13752
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:20344
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:7724
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:17532
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:11608
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:16904
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:23008
- C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
  "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
  2⤵
  PID:5328
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:9500
  - - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
      "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
      4⤵
      PID:5172
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:13464
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:19512
- C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
  "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
  2⤵
  PID:6632
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:11984
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:17672
- C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
  "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
  2⤵
  PID:7648
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:19152
- C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
  "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
  2⤵
  PID:10384
- - C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
    "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
    3⤵
    PID:20732
- C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
  "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
  2⤵
  PID:13512
- C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe
  "C:\Users\Admin\AppData\Local\Temp\87703ea84056a117f07ce15aab3bda00N.exe"
  2⤵
  PID:19464

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\xxx big hole hairy (Curtney).zip.exe

Filesize
1.2MB

MD5
8e207ac967f353ba66efe67f76e05392

SHA1
a342901eb915f6f7bbab3555bbdd15d90d38ef31

SHA256
dff7580e56da918181a55c2d046f7b7216185c8bb003315e642e086d768171eb

SHA512
74a99f26905eb20488c81660e052b1613fec8c2ce393cf845434357c9df8eb1f2eb1aac1d7574fdb1b06bcab14b495d5110aedd81d8359a33cb902862a260f91

Download Submit