0d25e2dfeab68a2fa2f0765d54ef176492eb13bda7eab9ceb8e8606651edc910

Analysis

max time kernel
118s
max time network
68s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 10:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

9f936c0aa6b63f71e332e3d3e5740160N.exe
Size

154KB
MD5

9f936c0aa6b63f71e332e3d3e5740160
SHA1

f54e4b57af0b86553bdf518ddc1284426018bb0e
SHA256

0d25e2dfeab68a2fa2f0765d54ef176492eb13bda7eab9ceb8e8606651edc910
SHA512

52cc6297365e655357c7b3453b561afd32bc51a7bb7901e255f2fd9b052d293ae67e0272d51a88f0730edea6771d02fe96f8b27de4d51be58567f6e5c02a0ca4
SSDEEP

3072:djzhZWxivgmhbI/pqqsFUCN3R9MI+Qcj667A2Tu0odN6ncjmHA1gcNaX4Hj:dXC4vgmhbIxs3NBR/6k2aN6ncjmH6EQ

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 9 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	9f936c0aa6b63f71e332e3d3e5740160N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	9f936c0aa6b63f71e332e3d3e5740160N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	9f936c0aa6b63f71e332e3d3e5740160N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	9f936c0aa6b63f71e332e3d3e5740160N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	9f936c0aa6b63f71e332e3d3e5740160N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	9f936c0aa6b63f71e332e3d3e5740160N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	9f936c0aa6b63f71e332e3d3e5740160N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	9f936c0aa6b63f71e332e3d3e5740160N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	9f936c0aa6b63f71e332e3d3e5740160N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	9f936c0aa6b63f71e332e3d3e5740160N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	9f936c0aa6b63f71e332e3d3e5740160N.exe
File opened (read-only)	\??\K:	9f936c0aa6b63f71e332e3d3e5740160N.exe
File opened (read-only)	\??\N:	9f936c0aa6b63f71e332e3d3e5740160N.exe
File opened (read-only)	\??\O:	9f936c0aa6b63f71e332e3d3e5740160N.exe
File opened (read-only)	\??\R:	9f936c0aa6b63f71e332e3d3e5740160N.exe
File opened (read-only)	\??\U:	9f936c0aa6b63f71e332e3d3e5740160N.exe
File opened (read-only)	\??\W:	9f936c0aa6b63f71e332e3d3e5740160N.exe
File opened (read-only)	\??\I:	9f936c0aa6b63f71e332e3d3e5740160N.exe
File opened (read-only)	\??\Q:	9f936c0aa6b63f71e332e3d3e5740160N.exe
File opened (read-only)	\??\S:	9f936c0aa6b63f71e332e3d3e5740160N.exe
File opened (read-only)	\??\X:	9f936c0aa6b63f71e332e3d3e5740160N.exe
File opened (read-only)	\??\Z:	9f936c0aa6b63f71e332e3d3e5740160N.exe
File opened (read-only)	\??\G:	9f936c0aa6b63f71e332e3d3e5740160N.exe
File opened (read-only)	\??\T:	9f936c0aa6b63f71e332e3d3e5740160N.exe
File opened (read-only)	\??\V:	9f936c0aa6b63f71e332e3d3e5740160N.exe
File opened (read-only)	\??\A:	9f936c0aa6b63f71e332e3d3e5740160N.exe
File opened (read-only)	\??\B:	9f936c0aa6b63f71e332e3d3e5740160N.exe
File opened (read-only)	\??\E:	9f936c0aa6b63f71e332e3d3e5740160N.exe
File opened (read-only)	\??\H:	9f936c0aa6b63f71e332e3d3e5740160N.exe
File opened (read-only)	\??\L:	9f936c0aa6b63f71e332e3d3e5740160N.exe
File opened (read-only)	\??\M:	9f936c0aa6b63f71e332e3d3e5740160N.exe
File opened (read-only)	\??\P:	9f936c0aa6b63f71e332e3d3e5740160N.exe
File opened (read-only)	\??\Y:	9f936c0aa6b63f71e332e3d3e5740160N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\gay catfight 40+ .mpg.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\SysWOW64\FxsTmp\black cum blowjob hot (!) Ôï .rar.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\gay sleeping mistress .avi.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\danish nude bukkake [free] (Sylvia).rar.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\System32\DriverStore\Temp\black cumshot lingerie girls titts femdom (Karin).rar.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\japanese beastiality trambling sleeping .zip.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\russian nude bukkake big .mpeg.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\danish gang bang lesbian girls (Curtney).mpeg.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\lesbian licking titts young .zip.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\american gang bang gay lesbian glans girly .zip.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\SysWOW64\FxsTmp\cum bukkake big penetration .rar.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\american animal fucking [free] mistress .mpg.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Google\Update\Download\danish fetish beast catfight feet ejaculation (Karin).zip.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Program Files\Microsoft Office\root\Templates\beast big cock traffic (Samantha).zip.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\lesbian several models (Sarah).rar.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\tyrkish cumshot beast girls circumcision .mpg.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\brasilian handjob blowjob voyeur sm .mpg.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\lesbian public cock .mpeg.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Program Files (x86)\Google\Temp\lingerie several models penetration .mpg.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\italian gang bang trambling masturbation girly (Kathrin,Curtney).zip.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\bukkake licking YEâPSè& (Sandy,Sylvia).mpeg.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Program Files\Common Files\microsoft shared\brasilian porn lingerie licking (Jade).avi.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\tyrkish cum xxx lesbian titts girly .zip.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\handjob xxx hidden (Tatjana).mpg.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Program Files (x86)\Microsoft\Temp\lingerie public .mpg.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Program Files\dotnet\shared\indian cumshot horse big shoes .avi.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\indian handjob lingerie uncut .mpg.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\tyrkish cumshot horse uncut .avi.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\fucking girls feet shoes (Sylvia).zip.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\sperm girls young .mpg.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe

Drops file in Windows directory 50 IoCs

description	ioc	Process
File created	C:\Windows\SoftwareDistribution\Download\blowjob sleeping fishy .rar.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\horse girls young .avi.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\assembly\tmp\brasilian beastiality hardcore catfight pregnant .mpeg.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\indian fetish beast masturbation feet bedroom (Janette).mpg.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\xxx lesbian hole .mpg.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\sperm public feet (Sonja,Sarah).avi.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\brasilian animal gay [free] .avi.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\gang bang hardcore sleeping shower .mpg.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\blowjob masturbation femdom .mpeg.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\black nude gay sleeping mistress .rar.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\Downloaded Program Files\lingerie full movie .mpg.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\security\templates\tyrkish cumshot beast several models mistress .zip.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\african fucking girls upskirt .zip.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\fucking catfight glans .mpg.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\lingerie public latex .rar.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\black nude gay hidden .rar.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\InputMethod\SHARED\indian animal blowjob big glans beautyfull .mpeg.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\tyrkish action bukkake girls bedroom .rar.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\russian handjob sperm uncut cock bondage (Karin).mpg.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\fucking public titts .mpeg.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\swedish porn trambling [free] (Liz).avi.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\japanese nude lesbian voyeur cock .mpeg.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\tyrkish cumshot horse uncut cock .avi.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\japanese porn lesbian licking .zip.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\beastiality hardcore several models (Jade).mpg.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\spanish hardcore [free] swallow .rar.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\mssrv.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\lesbian hidden hairy .zip.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\japanese kicking gay full movie boots .zip.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\british gay [bangbus] cock .mpeg.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\indian nude sperm [bangbus] leather .mpg.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\italian nude fucking catfight hole sweet .avi.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\japanese animal xxx licking .zip.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\french xxx licking blondie .avi.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\swedish animal sperm hot (!) glans .mpeg.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\russian nude hardcore licking cock .mpeg.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\hardcore licking (Jade).mpg.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\malaysia bukkake girls Ôï (Britney,Samantha).mpeg.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\porn beast big (Karin).mpg.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\horse hot (!) .avi.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\trambling uncut feet (Kathrin,Karin).rar.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\CbsTemp\horse [free] granny .mpg.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\fucking lesbian high heels .mpeg.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\PLA\Templates\trambling big .zip.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\brasilian cumshot lesbian [bangbus] sweet (Christine,Liz).avi.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\italian horse xxx masturbation ejaculation .mpeg.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\danish kicking xxx [bangbus] .zip.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\blowjob lesbian .mpeg.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\chinese fucking [free] .rar.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe
File created	C:\Windows\assembly\temp\italian porn horse uncut (Samantha).mpeg.exe	9f936c0aa6b63f71e332e3d3e5740160N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 34 IoCs

pid	Process
4080	9f936c0aa6b63f71e332e3d3e5740160N.exe
4080	9f936c0aa6b63f71e332e3d3e5740160N.exe
1196	9f936c0aa6b63f71e332e3d3e5740160N.exe
1196	9f936c0aa6b63f71e332e3d3e5740160N.exe
4080	9f936c0aa6b63f71e332e3d3e5740160N.exe
4080	9f936c0aa6b63f71e332e3d3e5740160N.exe
4800	9f936c0aa6b63f71e332e3d3e5740160N.exe
4800	9f936c0aa6b63f71e332e3d3e5740160N.exe
4080	9f936c0aa6b63f71e332e3d3e5740160N.exe
4080	9f936c0aa6b63f71e332e3d3e5740160N.exe
1036	9f936c0aa6b63f71e332e3d3e5740160N.exe
1036	9f936c0aa6b63f71e332e3d3e5740160N.exe
1196	9f936c0aa6b63f71e332e3d3e5740160N.exe
1196	9f936c0aa6b63f71e332e3d3e5740160N.exe
3160	9f936c0aa6b63f71e332e3d3e5740160N.exe
3160	9f936c0aa6b63f71e332e3d3e5740160N.exe
4080	9f936c0aa6b63f71e332e3d3e5740160N.exe
4080	9f936c0aa6b63f71e332e3d3e5740160N.exe
4440	9f936c0aa6b63f71e332e3d3e5740160N.exe
4440	9f936c0aa6b63f71e332e3d3e5740160N.exe
4800	9f936c0aa6b63f71e332e3d3e5740160N.exe
4876	9f936c0aa6b63f71e332e3d3e5740160N.exe
4800	9f936c0aa6b63f71e332e3d3e5740160N.exe
4876	9f936c0aa6b63f71e332e3d3e5740160N.exe
1196	9f936c0aa6b63f71e332e3d3e5740160N.exe
1196	9f936c0aa6b63f71e332e3d3e5740160N.exe
1036	9f936c0aa6b63f71e332e3d3e5740160N.exe
1036	9f936c0aa6b63f71e332e3d3e5740160N.exe
4580	9f936c0aa6b63f71e332e3d3e5740160N.exe
4580	9f936c0aa6b63f71e332e3d3e5740160N.exe
4080	9f936c0aa6b63f71e332e3d3e5740160N.exe
4080	9f936c0aa6b63f71e332e3d3e5740160N.exe
1700	9f936c0aa6b63f71e332e3d3e5740160N.exe
1700	9f936c0aa6b63f71e332e3d3e5740160N.exe

Suspicious use of WriteProcessMemory 48 IoCs

description	pid	Process	procid_target
PID 4080 wrote to memory of 1196	4080	9f936c0aa6b63f71e332e3d3e5740160N.exe	87
PID 4080 wrote to memory of 1196	4080	9f936c0aa6b63f71e332e3d3e5740160N.exe	87
PID 4080 wrote to memory of 1196	4080	9f936c0aa6b63f71e332e3d3e5740160N.exe	87
PID 4080 wrote to memory of 4800	4080	9f936c0aa6b63f71e332e3d3e5740160N.exe	92
PID 4080 wrote to memory of 4800	4080	9f936c0aa6b63f71e332e3d3e5740160N.exe	92
PID 4080 wrote to memory of 4800	4080	9f936c0aa6b63f71e332e3d3e5740160N.exe	92
PID 1196 wrote to memory of 1036	1196	9f936c0aa6b63f71e332e3d3e5740160N.exe	93
PID 1196 wrote to memory of 1036	1196	9f936c0aa6b63f71e332e3d3e5740160N.exe	93
PID 1196 wrote to memory of 1036	1196	9f936c0aa6b63f71e332e3d3e5740160N.exe	93
PID 4080 wrote to memory of 3160	4080	9f936c0aa6b63f71e332e3d3e5740160N.exe	94
PID 4080 wrote to memory of 3160	4080	9f936c0aa6b63f71e332e3d3e5740160N.exe	94
PID 4080 wrote to memory of 3160	4080	9f936c0aa6b63f71e332e3d3e5740160N.exe	94
PID 4800 wrote to memory of 3176	4800	9f936c0aa6b63f71e332e3d3e5740160N.exe	95
PID 4800 wrote to memory of 3176	4800	9f936c0aa6b63f71e332e3d3e5740160N.exe	95
PID 4800 wrote to memory of 3176	4800	9f936c0aa6b63f71e332e3d3e5740160N.exe	95
PID 1196 wrote to memory of 4440	1196	9f936c0aa6b63f71e332e3d3e5740160N.exe	96
PID 1196 wrote to memory of 4440	1196	9f936c0aa6b63f71e332e3d3e5740160N.exe	96
PID 1196 wrote to memory of 4440	1196	9f936c0aa6b63f71e332e3d3e5740160N.exe	96
PID 1036 wrote to memory of 4876	1036	9f936c0aa6b63f71e332e3d3e5740160N.exe	97
PID 1036 wrote to memory of 4876	1036	9f936c0aa6b63f71e332e3d3e5740160N.exe	97
PID 1036 wrote to memory of 4876	1036	9f936c0aa6b63f71e332e3d3e5740160N.exe	97
PID 4080 wrote to memory of 4580	4080	9f936c0aa6b63f71e332e3d3e5740160N.exe	99
PID 4080 wrote to memory of 4580	4080	9f936c0aa6b63f71e332e3d3e5740160N.exe	99
PID 4080 wrote to memory of 4580	4080	9f936c0aa6b63f71e332e3d3e5740160N.exe	99
PID 3160 wrote to memory of 1700	3160	9f936c0aa6b63f71e332e3d3e5740160N.exe	100
PID 3160 wrote to memory of 1700	3160	9f936c0aa6b63f71e332e3d3e5740160N.exe	100
PID 3160 wrote to memory of 1700	3160	9f936c0aa6b63f71e332e3d3e5740160N.exe	100
PID 4800 wrote to memory of 2800	4800	9f936c0aa6b63f71e332e3d3e5740160N.exe	101
PID 4800 wrote to memory of 2800	4800	9f936c0aa6b63f71e332e3d3e5740160N.exe	101
PID 4800 wrote to memory of 2800	4800	9f936c0aa6b63f71e332e3d3e5740160N.exe	101
PID 1196 wrote to memory of 1548	1196	9f936c0aa6b63f71e332e3d3e5740160N.exe	102
PID 1196 wrote to memory of 1548	1196	9f936c0aa6b63f71e332e3d3e5740160N.exe	102
PID 1196 wrote to memory of 1548	1196	9f936c0aa6b63f71e332e3d3e5740160N.exe	102
PID 1036 wrote to memory of 1360	1036	9f936c0aa6b63f71e332e3d3e5740160N.exe	103
PID 1036 wrote to memory of 1360	1036	9f936c0aa6b63f71e332e3d3e5740160N.exe	103
PID 1036 wrote to memory of 1360	1036	9f936c0aa6b63f71e332e3d3e5740160N.exe	103
PID 4440 wrote to memory of 3588	4440	9f936c0aa6b63f71e332e3d3e5740160N.exe	105
PID 4440 wrote to memory of 3588	4440	9f936c0aa6b63f71e332e3d3e5740160N.exe	105
PID 4440 wrote to memory of 3588	4440	9f936c0aa6b63f71e332e3d3e5740160N.exe	105
PID 4876 wrote to memory of 616	4876	9f936c0aa6b63f71e332e3d3e5740160N.exe	106
PID 4876 wrote to memory of 616	4876	9f936c0aa6b63f71e332e3d3e5740160N.exe	106
PID 4876 wrote to memory of 616	4876	9f936c0aa6b63f71e332e3d3e5740160N.exe	106
PID 4080 wrote to memory of 2544	4080	9f936c0aa6b63f71e332e3d3e5740160N.exe	108
PID 4080 wrote to memory of 2544	4080	9f936c0aa6b63f71e332e3d3e5740160N.exe	108
PID 4080 wrote to memory of 2544	4080	9f936c0aa6b63f71e332e3d3e5740160N.exe	108
PID 4580 wrote to memory of 2716	4580	9f936c0aa6b63f71e332e3d3e5740160N.exe	109
PID 4580 wrote to memory of 2716	4580	9f936c0aa6b63f71e332e3d3e5740160N.exe	109
PID 4580 wrote to memory of 2716	4580	9f936c0aa6b63f71e332e3d3e5740160N.exe	109

C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
"C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4080
- C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
  "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1196
- - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
    "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1036
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:4876
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:616
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:1400
        
        C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        7⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        8⤵
        
        PID:9852
        
        C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        9⤵
        
        PID:20408
        
        C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        8⤵
        
        PID:13700
        
        C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        8⤵
        
        PID:10976
        
        C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        7⤵
        
        PID:7824
        
        C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        8⤵
        
        PID:16460
        
        C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        7⤵
        
        PID:10656
        
        C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        7⤵
        
        PID:14780
        
        C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        7⤵
        
        PID:20380
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:5728
        
        C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        7⤵
        
        PID:8672
        
        C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        8⤵
        
        PID:7664
        
        C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        7⤵
        
        PID:11972
        
        C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        7⤵
        
        PID:16764
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:7156
        
        C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        7⤵
        
        PID:15212
        
        C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        7⤵
        
        PID:20612
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:9688
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:13432
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:10952
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:5004
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:6096
        
        C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        7⤵
        
        PID:10040
        
        C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        7⤵
        
        PID:13896
        
        C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        7⤵
        
        PID:19036
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        7⤵
        
        PID:16984
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:10448
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:2740
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:20072
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:5492
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:8444
        
        C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        7⤵
        
        PID:6900
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:11336
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:16040
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:6792
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:844
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:17972
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:6432
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:18624
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:12816
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:7764
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:1360
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:3688
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        7⤵
        
        PID:10664
        
        C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        7⤵
        
        PID:14788
        
        C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        7⤵
        
        PID:20388
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:7616
        
        C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        7⤵
        
        PID:15072
        
        C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        7⤵
        
        PID:20564
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:10308
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:14268
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:19652
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:5720
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:8656
        
        C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        7⤵
        
        PID:18532
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:11992
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:16976
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:7044
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:14016
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:13244
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:9680
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:13456
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:18460
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:1588
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:6024
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:8944
        
        C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        7⤵
        
        PID:11760
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:9720
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:17040
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:7320
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:14952
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:9336
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:10220
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:14048
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:19460
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:5284
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:8376
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:6416
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:11344
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:16048
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:6644
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:13192
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:17660
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:9140
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:19216
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:12716
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:7560
- - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
    "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4440
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:3588
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:3140
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:6212
        
        C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        7⤵
        
        PID:9828
        
        C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        7⤵
        
        PID:13672
        
        C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        7⤵
        
        PID:10932
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:7912
        
        C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        7⤵
        
        PID:16468
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:10828
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:14932
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:20416
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:5708
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:8664
        
        C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        7⤵
        
        PID:7076
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:11964
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:16772
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:7036
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:13992
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:19420
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:9520
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:19140
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:13316
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:18076
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:408
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:6152
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:10128
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:13956
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:19392
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:7904
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:16788
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:10980
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:15184
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:9276
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:5540
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:8640
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:6592
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:11956
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:16780
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:6696
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:12784
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:7512
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:9224
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:20264
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:12988
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:8460
- - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
    "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
    3⤵
    PID:1548
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:3676
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:6252
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:10692
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:14768
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:20396
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:7896
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:16452
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:10676
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:14644
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:20336
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:5328
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:8412
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:6916
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:11352
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:16108
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:6684
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:12960
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:4372
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:9192
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:18912
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:12892
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:8148
- - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
    "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
    3⤵
    PID:4916
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:5916
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:8732
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:6544
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:12156
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:17032
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:7224
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:15056
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:9148
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:9544
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:20620
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:13356
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:18192
- - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
    "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
    3⤵
    PID:5276
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:8352
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:6400
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:11328
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:16080
- - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
    "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
    3⤵
    PID:6460
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:12488
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:1424
- - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
    "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
    3⤵
    PID:8592
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:6956
- - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
    "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
    3⤵
    PID:11528
- - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
    "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
    3⤵
    PID:16100
- C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
  "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4800
- - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
    "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
    3⤵
    - Checks computer location settings
    PID:3176
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:4700
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:1624
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:6140
        
        C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        7⤵
        
        PID:10152
        
        C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        7⤵
        
        PID:14000
        
        C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        7⤵
        
        PID:19428
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        7⤵
        
        PID:17096
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:10836
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:14940
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:20424
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:5824
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:8916
        
        C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        7⤵
        
        PID:8772
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:12192
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:17104
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:7132
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:14972
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:15180
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:9748
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:20572
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:13464
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:11748
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:5052
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:6064
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:9904
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:13724
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:3280
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:7416
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:14760
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:20368
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:10288
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:14260
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:19612
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:5376
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:8344
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:6884
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:11288
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:16032
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:6752
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:13168
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:17512
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:9200
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:10904
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:12800
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:7556
- - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
    "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
    3⤵
    PID:2800
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:2748
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:6108
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:9844
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:13692
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:18452
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:7812
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:16496
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:10624
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:14560
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:20296
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:5568
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:8368
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:15512
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:11360
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:16056
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:6852
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:13928
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:19208
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:9316
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:19200
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:13104
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:17496
- - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
    "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
    3⤵
    PID:4456
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:5772
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:9208
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:18920
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:12808
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:7780
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:7140
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:14388
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:20188
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:9672
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:20628
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:13440
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:18416
- - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
    "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
    3⤵
    PID:5296
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:8116
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:4452
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:11244
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:15924
- - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
    "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
    3⤵
    PID:6548
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:5064
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:17352
- - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
    "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
    3⤵
    PID:8648
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:6564
- - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
    "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
    3⤵
    PID:11540
- - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
    "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
    3⤵
    PID:16348
- C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
  "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3160
- - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
    "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1700
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:1164
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:6116
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:10228
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:14056
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:19468
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:7752
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:3076
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:10536
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:14364
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:20080
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:5500
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:8608
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:17488
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:11764
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:16504
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:6712
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:13348
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:18184
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:9184
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:18632
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:12968
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:8240
- - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
    "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
    3⤵
    PID:2016
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:8576
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:6524
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:11772
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:16476
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:6636
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:13184
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:17668
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:9096
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:18524
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:12636
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:7496
- - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
    "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
    3⤵
    PID:5176
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:7232
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:15048
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:15304
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:10108
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:13936
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:19336
- - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
    "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
    3⤵
    PID:6436
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:12092
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:17244
- - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
    "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
    3⤵
    PID:8436
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:8680
- - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
    "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
    3⤵
    PID:11376
- - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
    "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
    3⤵
    PID:16120
- C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
  "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4580
- - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
    "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
    3⤵
    PID:2716
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:5224
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:7100
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:14036
      - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        6⤵
        
        PID:13492
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:9664
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:13448
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:18408
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:6452
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:12504
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:2768
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:8584
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:7328
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:11692
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:4780
- - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
    "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
    3⤵
    PID:5036
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:7728
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:16708
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:10600
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:14432
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:20256
- - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
    "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
    3⤵
    PID:6352
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:10440
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:14380
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:20172
- - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
    "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
    3⤵
    PID:8108
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:17336
- - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
    "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
    3⤵
    PID:11168
- - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
    "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
    3⤵
    PID:15592
- C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
  "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
  2⤵
  PID:2544
- - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
    "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
    3⤵
    PID:5164
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:7888
    - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
        5⤵
        
        PID:16912
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:10684
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:14680
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:20456
- - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
    "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
    3⤵
    PID:6388
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:10856
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:15064
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:9368
- - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
    "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
    3⤵
    PID:8100
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:3392
- - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
    "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
    3⤵
    PID:11128
- - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
    "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
    3⤵
    PID:15748
- C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
  "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
  2⤵
  PID:3276
- - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
    "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
    3⤵
    PID:7408
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:15280
  - - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
      "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
      4⤵
      PID:20636
- - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
    "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
    3⤵
    PID:10244
- - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
    "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
    3⤵
    PID:14064
- - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
    "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
    3⤵
    PID:19556
- C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
  "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
  2⤵
  PID:6360
- - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
    "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
    3⤵
    PID:11368
- - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
    "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
    3⤵
    PID:16328
- C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
  "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
  2⤵
  PID:8092
- - C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
    "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
    3⤵
    PID:7304
- C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
  "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
  2⤵
  PID:11180
- C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe
  "C:\Users\Admin\AppData\Local\Temp\9f936c0aa6b63f71e332e3d3e5740160N.exe"
  2⤵
  PID:15688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\fucking girls feet shoes (Sylvia).zip.exe

Filesize
1.2MB

MD5
290f4d19b00022919efd98af03f31173

SHA1
256d35cdfd5c866781568456f8570a8427d3f29f

SHA256
65add3725dc6fa8d306b2718744a3c3d9a36f71498831bf67ae84e3cbf3f19f1

SHA512
09848b3dc0995b7c4ad3c407bf6592be7fbc04bcd584c284c4fd250c0a7c93d5e3cddc69d6470d0c39c9773ac1efa71a18e5783f32afdaa604915718a3317fc0

Download Submit