c97b22577a103e110eb72c4b912d24887e9a64fed201f195bc3b79715b154e40

Analysis

max time kernel
118s
max time network
70s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 08:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

86f6141baaf887beab06ff9af9e78840N.exe
Size

1.2MB
MD5

86f6141baaf887beab06ff9af9e78840
SHA1

c0020b1b24b5c9c2f0f193ee50d6650ba98d9f51
SHA256

c97b22577a103e110eb72c4b912d24887e9a64fed201f195bc3b79715b154e40
SHA512

2339e11c38a33ab51367b8ce313c6dbe29f18ebc6fd0aec33deca84af99588b3a228606d0f44e76f261015db009f03b06bee2a1cf4b2b023dee013eeeba88af9
SSDEEP

24576:2wLSWpERIR/BsXFgFKbVruk9oxUMaj4tOUUPLRwoATe4CT+udu1rvA0vb2sQgB:h5KRIt41bIrxUMa2+dwoAESudu1r40y2

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 7 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation	86f6141baaf887beab06ff9af9e78840N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation	86f6141baaf887beab06ff9af9e78840N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation	86f6141baaf887beab06ff9af9e78840N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation	86f6141baaf887beab06ff9af9e78840N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation	86f6141baaf887beab06ff9af9e78840N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation	86f6141baaf887beab06ff9af9e78840N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-701583114-2636601053-947405450-1000\Control Panel\International\Geo\Nation	86f6141baaf887beab06ff9af9e78840N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	86f6141baaf887beab06ff9af9e78840N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\L:	86f6141baaf887beab06ff9af9e78840N.exe
File opened (read-only)	\??\O:	86f6141baaf887beab06ff9af9e78840N.exe
File opened (read-only)	\??\Q:	86f6141baaf887beab06ff9af9e78840N.exe
File opened (read-only)	\??\T:	86f6141baaf887beab06ff9af9e78840N.exe
File opened (read-only)	\??\I:	86f6141baaf887beab06ff9af9e78840N.exe
File opened (read-only)	\??\M:	86f6141baaf887beab06ff9af9e78840N.exe
File opened (read-only)	\??\R:	86f6141baaf887beab06ff9af9e78840N.exe
File opened (read-only)	\??\Y:	86f6141baaf887beab06ff9af9e78840N.exe
File opened (read-only)	\??\Z:	86f6141baaf887beab06ff9af9e78840N.exe
File opened (read-only)	\??\H:	86f6141baaf887beab06ff9af9e78840N.exe
File opened (read-only)	\??\G:	86f6141baaf887beab06ff9af9e78840N.exe
File opened (read-only)	\??\J:	86f6141baaf887beab06ff9af9e78840N.exe
File opened (read-only)	\??\K:	86f6141baaf887beab06ff9af9e78840N.exe
File opened (read-only)	\??\S:	86f6141baaf887beab06ff9af9e78840N.exe
File opened (read-only)	\??\V:	86f6141baaf887beab06ff9af9e78840N.exe
File opened (read-only)	\??\W:	86f6141baaf887beab06ff9af9e78840N.exe
File opened (read-only)	\??\X:	86f6141baaf887beab06ff9af9e78840N.exe
File opened (read-only)	\??\E:	86f6141baaf887beab06ff9af9e78840N.exe
File opened (read-only)	\??\B:	86f6141baaf887beab06ff9af9e78840N.exe
File opened (read-only)	\??\N:	86f6141baaf887beab06ff9af9e78840N.exe
File opened (read-only)	\??\P:	86f6141baaf887beab06ff9af9e78840N.exe
File opened (read-only)	\??\U:	86f6141baaf887beab06ff9af9e78840N.exe
File opened (read-only)	\??\A:	86f6141baaf887beab06ff9af9e78840N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\canadian sperm [milf] .zip.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\SysWOW64\FxsTmp\french kicking animal [free] .avi.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\japanese animal bukkake voyeur 40+ .mpg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\tyrkish trambling porn full movie (Karin).rar.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\SysWOW64\FxsTmp\lesbian full movie stockings (Sonja,Janette).mpg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\british nude beastiality [bangbus] (Janette,Karin).rar.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\american beast trambling full movie ash .mpeg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\japanese cumshot voyeur .rar.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\System32\DriverStore\Temp\malaysia cum animal [free] titts mistress (Anniston).rar.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\british lesbian [free] .zip.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\horse blowjob masturbation leather .avi.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\fetish fucking [milf] .mpeg.exe	86f6141baaf887beab06ff9af9e78840N.exe

Drops file in Program Files directory 17 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\Updates\Download\tyrkish gang bang handjob voyeur black hairunshaved .avi.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\chinese beastiality porn several models leather .rar.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\german beast masturbation glans castration .avi.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\nude girls .zip.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Program Files\Microsoft Office\root\Templates\danish cumshot hot (!) bedroom (Tatjana,Anniston).mpg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\horse [milf] ash .avi.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\gay fetish public pregnant .mpeg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\german horse fetish big nipples .mpg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Program Files\Common Files\microsoft shared\italian blowjob [milf] young (Sonja,Sonja).mpg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Program Files\dotnet\shared\norwegian fetish cum uncut boobs black hairunshaved .avi.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\handjob lesbian voyeur feet .rar.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\italian handjob sperm lesbian .mpeg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\asian animal cumshot big feet gorgeoushorny .mpg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Program Files (x86)\Google\Update\Download\fetish horse [milf] sweet .rar.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\chinese cumshot masturbation hairy .zip.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\tyrkish nude girls legs hairy .zip.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Program Files (x86)\Google\Temp\xxx action [bangbus] wifey (Curtney).rar.exe	86f6141baaf887beab06ff9af9e78840N.exe

Drops file in Windows directory 28 IoCs

description	ioc	Process
File created	C:\Windows\mssrv.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\assembly\temp\african handjob [milf] .mpg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\SoftwareDistribution\Download\black porn voyeur .rar.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\indian lingerie catfight boobs ash .avi.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\lesbian several models cock .mpg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\kicking kicking licking .mpg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\xxx blowjob girls .avi.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\fetish gang bang licking blondie .mpeg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\beast full movie wifey .rar.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\CbsTemp\brasilian porn girls .mpg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\french trambling licking .mpg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\indian cumshot nude [bangbus] (Jade).avi.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\german cumshot [bangbus] hotel .zip.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\french lingerie girls .avi.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\indian horse cum masturbation legs .avi.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\brasilian porn cumshot licking ejaculation .avi.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\brasilian bukkake sleeping legs hairy (Sylvia,Sandy).avi.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\horse gang bang [milf] (Samantha).mpeg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\assembly\tmp\animal gang bang uncut ash .avi.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\Downloaded Program Files\russian gang bang trambling hidden young .mpeg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\InputMethod\SHARED\german nude masturbation (Liz).avi.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\PLA\Templates\bukkake full movie black hairunshaved .rar.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\security\templates\hardcore trambling public beautyfull .rar.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\brasilian trambling horse several models lady .avi.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\gay gang bang [milf] swallow (Sandy).avi.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\japanese fucking catfight gorgeoushorny .mpg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\malaysia nude fetish [milf] glans .mpg.exe	86f6141baaf887beab06ff9af9e78840N.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\african lesbian cum licking nipples (Curtney).mpeg.exe	86f6141baaf887beab06ff9af9e78840N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 30 IoCs

pid	Process
552	86f6141baaf887beab06ff9af9e78840N.exe
552	86f6141baaf887beab06ff9af9e78840N.exe
4388	86f6141baaf887beab06ff9af9e78840N.exe
4388	86f6141baaf887beab06ff9af9e78840N.exe
552	86f6141baaf887beab06ff9af9e78840N.exe
552	86f6141baaf887beab06ff9af9e78840N.exe
3540	86f6141baaf887beab06ff9af9e78840N.exe
3540	86f6141baaf887beab06ff9af9e78840N.exe
2340	86f6141baaf887beab06ff9af9e78840N.exe
2340	86f6141baaf887beab06ff9af9e78840N.exe
4388	86f6141baaf887beab06ff9af9e78840N.exe
552	86f6141baaf887beab06ff9af9e78840N.exe
552	86f6141baaf887beab06ff9af9e78840N.exe
4388	86f6141baaf887beab06ff9af9e78840N.exe
4384	86f6141baaf887beab06ff9af9e78840N.exe
4384	86f6141baaf887beab06ff9af9e78840N.exe
5048	86f6141baaf887beab06ff9af9e78840N.exe
5048	86f6141baaf887beab06ff9af9e78840N.exe
552	86f6141baaf887beab06ff9af9e78840N.exe
552	86f6141baaf887beab06ff9af9e78840N.exe
4436	86f6141baaf887beab06ff9af9e78840N.exe
4436	86f6141baaf887beab06ff9af9e78840N.exe
2564	86f6141baaf887beab06ff9af9e78840N.exe
2564	86f6141baaf887beab06ff9af9e78840N.exe
3540	86f6141baaf887beab06ff9af9e78840N.exe
3540	86f6141baaf887beab06ff9af9e78840N.exe
4388	86f6141baaf887beab06ff9af9e78840N.exe
4388	86f6141baaf887beab06ff9af9e78840N.exe
2340	86f6141baaf887beab06ff9af9e78840N.exe
2340	86f6141baaf887beab06ff9af9e78840N.exe

Suspicious use of WriteProcessMemory 39 IoCs

description	pid	Process	procid_target
PID 552 wrote to memory of 4388	552	86f6141baaf887beab06ff9af9e78840N.exe	87
PID 552 wrote to memory of 4388	552	86f6141baaf887beab06ff9af9e78840N.exe	87
PID 552 wrote to memory of 4388	552	86f6141baaf887beab06ff9af9e78840N.exe	87
PID 4388 wrote to memory of 3540	4388	86f6141baaf887beab06ff9af9e78840N.exe	88
PID 4388 wrote to memory of 3540	4388	86f6141baaf887beab06ff9af9e78840N.exe	88
PID 4388 wrote to memory of 3540	4388	86f6141baaf887beab06ff9af9e78840N.exe	88
PID 552 wrote to memory of 2340	552	86f6141baaf887beab06ff9af9e78840N.exe	89
PID 552 wrote to memory of 2340	552	86f6141baaf887beab06ff9af9e78840N.exe	89
PID 552 wrote to memory of 2340	552	86f6141baaf887beab06ff9af9e78840N.exe	89
PID 552 wrote to memory of 4384	552	86f6141baaf887beab06ff9af9e78840N.exe	92
PID 552 wrote to memory of 4384	552	86f6141baaf887beab06ff9af9e78840N.exe	92
PID 552 wrote to memory of 4384	552	86f6141baaf887beab06ff9af9e78840N.exe	92
PID 4388 wrote to memory of 5048	4388	86f6141baaf887beab06ff9af9e78840N.exe	93
PID 4388 wrote to memory of 5048	4388	86f6141baaf887beab06ff9af9e78840N.exe	93
PID 4388 wrote to memory of 5048	4388	86f6141baaf887beab06ff9af9e78840N.exe	93
PID 3540 wrote to memory of 4436	3540	86f6141baaf887beab06ff9af9e78840N.exe	94
PID 3540 wrote to memory of 4436	3540	86f6141baaf887beab06ff9af9e78840N.exe	94
PID 3540 wrote to memory of 4436	3540	86f6141baaf887beab06ff9af9e78840N.exe	94
PID 2340 wrote to memory of 2564	2340	86f6141baaf887beab06ff9af9e78840N.exe	95
PID 2340 wrote to memory of 2564	2340	86f6141baaf887beab06ff9af9e78840N.exe	95
PID 2340 wrote to memory of 2564	2340	86f6141baaf887beab06ff9af9e78840N.exe	95
PID 552 wrote to memory of 1952	552	86f6141baaf887beab06ff9af9e78840N.exe	98
PID 552 wrote to memory of 1952	552	86f6141baaf887beab06ff9af9e78840N.exe	98
PID 552 wrote to memory of 1952	552	86f6141baaf887beab06ff9af9e78840N.exe	98
PID 4388 wrote to memory of 4128	4388	86f6141baaf887beab06ff9af9e78840N.exe	99
PID 4388 wrote to memory of 4128	4388	86f6141baaf887beab06ff9af9e78840N.exe	99
PID 4388 wrote to memory of 4128	4388	86f6141baaf887beab06ff9af9e78840N.exe	99
PID 3540 wrote to memory of 2056	3540	86f6141baaf887beab06ff9af9e78840N.exe	100
PID 3540 wrote to memory of 2056	3540	86f6141baaf887beab06ff9af9e78840N.exe	100
PID 3540 wrote to memory of 2056	3540	86f6141baaf887beab06ff9af9e78840N.exe	100
PID 2340 wrote to memory of 4800	2340	86f6141baaf887beab06ff9af9e78840N.exe	101
PID 2340 wrote to memory of 4800	2340	86f6141baaf887beab06ff9af9e78840N.exe	101
PID 2340 wrote to memory of 4800	2340	86f6141baaf887beab06ff9af9e78840N.exe	101
PID 4384 wrote to memory of 4760	4384	86f6141baaf887beab06ff9af9e78840N.exe	102
PID 4384 wrote to memory of 4760	4384	86f6141baaf887beab06ff9af9e78840N.exe	102
PID 4384 wrote to memory of 4760	4384	86f6141baaf887beab06ff9af9e78840N.exe	102
PID 5048 wrote to memory of 2424	5048	86f6141baaf887beab06ff9af9e78840N.exe	103
PID 5048 wrote to memory of 2424	5048	86f6141baaf887beab06ff9af9e78840N.exe	103
PID 5048 wrote to memory of 2424	5048	86f6141baaf887beab06ff9af9e78840N.exe	103

C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
"C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:552
- C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
  "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4388
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3540
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4436
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:336
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:4492
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:6316
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        8⤵
        
        PID:12212
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        8⤵
        
        PID:16964
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:8144
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        8⤵
        
        PID:16356
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:10860
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:14660
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:20128
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:5860
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:9172
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        8⤵
        
        PID:12616
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:12864
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:5888
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:7364
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:15680
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:9940
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:13580
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:18884
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:216
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:6164
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:10176
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:14100
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:19920
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:15956
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:10408
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:14288
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:19984
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:5440
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:8440
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:17084
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:11640
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:16308
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:6808
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:12556
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:17904
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:9096
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:19300
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:12744
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:4036
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:1008
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:10416
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:14280
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:19960
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:1780
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:10560
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:14556
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:20112
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:5708
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:9104
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:14380
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:12736
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:18384
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:7216
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:14548
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:20104
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:9840
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:20400
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:13380
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:18820
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:2884
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:5964
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:9368
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:208
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:13160
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:18844
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:7452
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:15456
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:10036
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:13840
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:12524
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:5276
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:2160
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:15812
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:9732
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:7484
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:11340
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:18488
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:6532
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:12100
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:16680
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:8508
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:13280
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:11432
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:16184
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:5048
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:2424
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:2868
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:6244
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:11080
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:15268
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:20192
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:7872
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:15948
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:10544
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:14496
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:20000
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:5728
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:9164
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:19292
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:12900
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:5872
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:4540
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:13824
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:11880
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:9704
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:5016
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:18480
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:2996
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:6120
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:10764
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:14700
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:20120
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:7620
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:15716
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:10060
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:14056
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:19908
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:4416
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:16872
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:10908
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:15108
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:6652
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:12648
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:18040
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:8620
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:1696
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:11744
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:16336
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:4128
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:3368
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:6080
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:10076
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:14116
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:15756
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:7468
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:15804
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:10044
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:13912
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:15124
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:5284
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:8232
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:16880
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:11132
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:15388
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:6588
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:12476
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:17992
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:8612
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:17400
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:11752
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:16344
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:4348
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:5700
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:9764
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:14476
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:13320
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:18852
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:7172
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:15740
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:9812
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:14608
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:4832
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:18644
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:5252
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:8500
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:17392
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:11436
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:16176
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:6488
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:12468
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:17584
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:8420
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:16372
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:11228
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:15820
- C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
  "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2340
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2564
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:2012
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:3640
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:6264
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:12204
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:16756
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        7⤵
        
        PID:16072
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:10824
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:15072
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:11884
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:5952
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:10184
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:14132
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:19936
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:7460
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:15876
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:10024
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:13884
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:14928
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:1168
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:6140
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:9820
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:13524
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:18872
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:7724
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:15524
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:10400
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:14344
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:19992
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:5536
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:8516
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:18168
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:11460
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:16200
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:6912
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:12548
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:17820
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:9112
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:14760
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:12752
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:3060
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:4800
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:2656
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:6236
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:10192
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:14124
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:19944
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:7880
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:16064
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:10552
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:14644
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:20056
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:5668
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:9188
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:12596
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:12844
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:5380
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:7116
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:14108
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:19928
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:9532
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:12676
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:13112
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:7344
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:3244
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:6032
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:9404
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:12656
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:12908
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:16292
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:7476
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:15732
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:10068
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:13920
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:14800
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:5236
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:7768
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:16080
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:10392
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:12620
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:19968
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:6440
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:12196
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:16692
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:4868
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:16900
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:10896
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:14728
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:20444
- C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
  "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4384
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:4760
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:4644
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:6172
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:10772
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:14636
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:20048
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:7888
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:15892
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:10636
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:14652
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:15848
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:5680
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:9360
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:19532
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:12984
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:5896
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:7160
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:15448
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:9644
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:13256
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:18472
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:3396
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:5716
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:9668
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:14432
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:13272
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:8784
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:7336
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:15748
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:9928
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:13552
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:18896
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:5244
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:7128
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:13876
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:13940
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:9524
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:12924
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:13036
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:6680
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:6576
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:12460
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:17576
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:8536
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:17272
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:11648
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:16324
- C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
  "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
  2⤵
  PID:1952
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:1948
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:7760
      - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        6⤵
        
        PID:15884
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:10384
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:3044
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:19976
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:6564
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:12392
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:17264
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:8492
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:4600
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:11448
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:16192
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:5188
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:7064
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:13748
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:19068
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:9352
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:14492
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:12992
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:5808
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:6368
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:11140
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:4624
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:5640
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:16056
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:10888
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:14708
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:20200
- C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
  "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
  2⤵
  PID:4040
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:888
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:7224
    - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
        5⤵
        
        PID:14668
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:9832
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:13388
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:18720
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:6292
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:10876
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:14776
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:15688
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:8092
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:16364
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:10780
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:14676
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:20008
- C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
  "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
  2⤵
  PID:4804
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:6800
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:12540
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:17692
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:9180
  - - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
      "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
      4⤵
      PID:14584
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:12856
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:5764
- C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
  "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
  2⤵
  PID:6328
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:11424
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:16168
- C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
  "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
  2⤵
  PID:8264
- - C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
    "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
    3⤵
    PID:15964
- C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
  "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
  2⤵
  PID:11220
- C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe
  "C:\Users\Admin\AppData\Local\Temp\86f6141baaf887beab06ff9af9e78840N.exe"
  2⤵
  PID:15868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\italian handjob sperm lesbian .mpeg.exe

Filesize
597KB

MD5
35422ca5352b5b0980fd12f8c67eea8e

SHA1
eb3b6491ef2a5da7cc55786f31e9cc0dc74a48cf

SHA256
7d7b4e672cd6ca32c40d449a54d1e6e77217828eb5e3c417a69024cdc2938148

SHA512
6d8e731a7fca7603cd3f63db2c64e86c9bae746d042128b20f15e88ae09c8d6666096aac061dce8a48aab5beff8e2e58d5c6e30b66e79141f3d224d066371b90

Download Submit