0b82d816aaf6d0a08b34517fa3eb561490f48d283187cc321b0f367f24ed173d

Analysis

max time kernel
13s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
13/07/2024, 07:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

676f5189cda27c25fe617c84fb7162c0N.exe
Size

1.6MB
MD5

676f5189cda27c25fe617c84fb7162c0
SHA1

7968430512c4f14369c30bd0bbb47da075351cf1
SHA256

0b82d816aaf6d0a08b34517fa3eb561490f48d283187cc321b0f367f24ed173d
SHA512

374e239df9dae649af26ab91cd4717db55e17099542247a8dead41b93930f4179f79a94e4dfc2552ea087338eaa925cc2b6f79e94c670e804180aa45ee50ed18
SSDEEP

49152:VFjEfiCcvDSkawjapIzdNxDLCUHxZqS6RCU:HrEjRIzHxPBRZqS6RCU

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 22 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	676f5189cda27c25fe617c84fb7162c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	676f5189cda27c25fe617c84fb7162c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	676f5189cda27c25fe617c84fb7162c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	676f5189cda27c25fe617c84fb7162c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	676f5189cda27c25fe617c84fb7162c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	676f5189cda27c25fe617c84fb7162c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	676f5189cda27c25fe617c84fb7162c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	676f5189cda27c25fe617c84fb7162c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	676f5189cda27c25fe617c84fb7162c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	676f5189cda27c25fe617c84fb7162c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	676f5189cda27c25fe617c84fb7162c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	676f5189cda27c25fe617c84fb7162c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	676f5189cda27c25fe617c84fb7162c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	676f5189cda27c25fe617c84fb7162c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	676f5189cda27c25fe617c84fb7162c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	676f5189cda27c25fe617c84fb7162c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	676f5189cda27c25fe617c84fb7162c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	676f5189cda27c25fe617c84fb7162c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	676f5189cda27c25fe617c84fb7162c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	676f5189cda27c25fe617c84fb7162c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	676f5189cda27c25fe617c84fb7162c0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	676f5189cda27c25fe617c84fb7162c0N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	676f5189cda27c25fe617c84fb7162c0N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\X:	676f5189cda27c25fe617c84fb7162c0N.exe
File opened (read-only)	\??\G:	676f5189cda27c25fe617c84fb7162c0N.exe
File opened (read-only)	\??\I:	676f5189cda27c25fe617c84fb7162c0N.exe
File opened (read-only)	\??\J:	676f5189cda27c25fe617c84fb7162c0N.exe
File opened (read-only)	\??\O:	676f5189cda27c25fe617c84fb7162c0N.exe
File opened (read-only)	\??\S:	676f5189cda27c25fe617c84fb7162c0N.exe
File opened (read-only)	\??\T:	676f5189cda27c25fe617c84fb7162c0N.exe
File opened (read-only)	\??\U:	676f5189cda27c25fe617c84fb7162c0N.exe
File opened (read-only)	\??\Z:	676f5189cda27c25fe617c84fb7162c0N.exe
File opened (read-only)	\??\A:	676f5189cda27c25fe617c84fb7162c0N.exe
File opened (read-only)	\??\L:	676f5189cda27c25fe617c84fb7162c0N.exe
File opened (read-only)	\??\M:	676f5189cda27c25fe617c84fb7162c0N.exe
File opened (read-only)	\??\N:	676f5189cda27c25fe617c84fb7162c0N.exe
File opened (read-only)	\??\Q:	676f5189cda27c25fe617c84fb7162c0N.exe
File opened (read-only)	\??\R:	676f5189cda27c25fe617c84fb7162c0N.exe
File opened (read-only)	\??\Y:	676f5189cda27c25fe617c84fb7162c0N.exe
File opened (read-only)	\??\B:	676f5189cda27c25fe617c84fb7162c0N.exe
File opened (read-only)	\??\H:	676f5189cda27c25fe617c84fb7162c0N.exe
File opened (read-only)	\??\K:	676f5189cda27c25fe617c84fb7162c0N.exe
File opened (read-only)	\??\E:	676f5189cda27c25fe617c84fb7162c0N.exe
File opened (read-only)	\??\P:	676f5189cda27c25fe617c84fb7162c0N.exe
File opened (read-only)	\??\V:	676f5189cda27c25fe617c84fb7162c0N.exe
File opened (read-only)	\??\W:	676f5189cda27c25fe617c84fb7162c0N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\IME\SHARED\indian kicking lesbian catfight (Janette).zip.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\american nude hardcore [free] lady .avi.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\bukkake masturbation cock traffic (Tatjana).rar.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\lingerie uncut glans wifey (Curtney).avi.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\blowjob sleeping .mpg.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\italian action xxx voyeur (Curtney).zip.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\indian animal blowjob several models (Liz).mpeg.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\System32\DriverStore\Temp\blowjob [milf] glans ejaculation .mpeg.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\french hardcore uncut leather .zip.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\japanese gang bang sperm full movie hole gorgeoushorny (Sarah).zip.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\gay masturbation .mpg.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\fucking sleeping hole stockings (Sarah).mpeg.exe	676f5189cda27c25fe617c84fb7162c0N.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Google\Update\Download\xxx uncut shower .avi.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Program Files (x86)\Microsoft\Temp\bukkake uncut (Sylvia).mpg.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Program Files (x86)\Google\Temp\tyrkish fetish gay public (Samantha).zip.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Program Files\dotnet\shared\xxx several models leather (Kathrin,Jade).mpg.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\gay big sweet .zip.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\danish handjob gay hidden cock granny (Melissa).avi.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\bukkake uncut hole .mpeg.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\russian horse lesbian big titts blondie (Liz).avi.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\black gang bang lingerie masturbation girly .zip.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\xxx hot (!) cock black hairunshaved .zip.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\danish cumshot blowjob several models cock blondie .avi.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\asian horse hidden .mpeg.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Program Files\Common Files\microsoft shared\tyrkish kicking hardcore sleeping 40+ (Kathrin,Curtney).mpeg.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Program Files\Microsoft Office\root\Templates\swedish cumshot sperm public .zip.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\sperm catfight .rar.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\horse full movie .mpg.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\gay licking .zip.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\bukkake full movie femdom .avi.exe	676f5189cda27c25fe617c84fb7162c0N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\swedish cum fucking several models .mpeg.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\action bukkake lesbian hotel .avi.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\cum blowjob hidden hairy .mpeg.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\nude blowjob hidden sweet .rar.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\assembly\temp\horse [free] shoes .mpeg.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\canadian blowjob several models bedroom (Sonja,Janette).rar.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\danish action gay [free] redhair .mpeg.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\american nude lesbian lesbian sm .zip.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\PLA\Templates\indian handjob trambling [bangbus] hole beautyfull (Karin).avi.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\hardcore masturbation cock lady .zip.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\french lingerie catfight shower .avi.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\japanese cum lesbian [free] redhair .avi.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\fetish xxx uncut .avi.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\hardcore [milf] cock .avi.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\asian lesbian catfight circumcision .avi.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\swedish cum horse [bangbus] .zip.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\indian handjob sperm catfight hole fishy (Jade).mpeg.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\cumshot sperm big hole hairy .rar.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\kicking lingerie [free] black hairunshaved .avi.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\japanese cum lingerie girls glans pregnant .mpeg.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\japanese porn lingerie [milf] .mpeg.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\indian gang bang lingerie [free] upskirt .rar.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\trambling voyeur cock mature (Janette).mpeg.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\swedish fetish gay [free] hotel .mpeg.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\malaysia blowjob licking titts (Ashley,Tatjana).rar.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\african gay hot (!) feet upskirt .zip.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\indian kicking bukkake hot (!) feet (Ashley,Tatjana).rar.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\american handjob horse full movie .avi.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\trambling big (Liz).rar.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\tyrkish horse gay big bondage .mpeg.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\norwegian horse several models YEâPSè& .mpg.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\beastiality bukkake masturbation fishy (Kathrin,Melissa).mpeg.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\malaysia gay public fishy .mpeg.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\swedish handjob trambling [milf] hole hairy .mpeg.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\lesbian hot (!) .rar.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\german gay uncut .mpeg.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\japanese porn sperm voyeur cock (Sonja,Sarah).rar.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\norwegian horse masturbation titts .mpeg.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\indian action sperm girls femdom (Sonja,Tatjana).mpeg.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\japanese porn beast big hole castration (Tatjana).avi.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\french lesbian [bangbus] feet (Sonja,Karin).mpeg.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\american kicking horse uncut .rar.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\american action hardcore hidden .avi.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\japanese action lesbian sleeping cock boots (Sarah).mpeg.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\security\templates\danish animal hardcore girls .mpeg.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\danish gang bang hardcore [bangbus] cock beautyfull (Samantha).mpg.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\italian kicking blowjob several models .mpg.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\japanese handjob hardcore catfight (Janette).mpeg.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\beast full movie mistress .mpeg.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\animal gay voyeur upskirt .rar.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\lesbian uncut bedroom .rar.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\blowjob full movie .avi.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\tyrkish fetish fucking public shoes .mpg.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\SoftwareDistribution\Download\tyrkish nude lesbian sleeping (Curtney).mpeg.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\lesbian several models feet beautyfull (Melissa).mpeg.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\Downloaded Program Files\indian horse blowjob catfight feet castration (Melissa).rar.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\tyrkish nude fucking hot (!) hole balls .rar.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\bukkake lesbian hole .zip.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\german fucking catfight cock 40+ .zip.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\fetish xxx hidden castration .mpeg.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\spanish bukkake hot (!) .rar.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\handjob blowjob sleeping glans .zip.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\sperm full movie circumcision .rar.exe	676f5189cda27c25fe617c84fb7162c0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\gay [milf] .mpeg.exe	676f5189cda27c25fe617c84fb7162c0N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1652	676f5189cda27c25fe617c84fb7162c0N.exe
1652	676f5189cda27c25fe617c84fb7162c0N.exe
2172	676f5189cda27c25fe617c84fb7162c0N.exe
2172	676f5189cda27c25fe617c84fb7162c0N.exe
1652	676f5189cda27c25fe617c84fb7162c0N.exe
1652	676f5189cda27c25fe617c84fb7162c0N.exe
516	676f5189cda27c25fe617c84fb7162c0N.exe
516	676f5189cda27c25fe617c84fb7162c0N.exe
4236	676f5189cda27c25fe617c84fb7162c0N.exe
4236	676f5189cda27c25fe617c84fb7162c0N.exe
2172	676f5189cda27c25fe617c84fb7162c0N.exe
2172	676f5189cda27c25fe617c84fb7162c0N.exe
1652	676f5189cda27c25fe617c84fb7162c0N.exe
1652	676f5189cda27c25fe617c84fb7162c0N.exe
3724	676f5189cda27c25fe617c84fb7162c0N.exe
3724	676f5189cda27c25fe617c84fb7162c0N.exe
4232	676f5189cda27c25fe617c84fb7162c0N.exe
4232	676f5189cda27c25fe617c84fb7162c0N.exe
4832	676f5189cda27c25fe617c84fb7162c0N.exe
4832	676f5189cda27c25fe617c84fb7162c0N.exe
2172	676f5189cda27c25fe617c84fb7162c0N.exe
2172	676f5189cda27c25fe617c84fb7162c0N.exe
4560	676f5189cda27c25fe617c84fb7162c0N.exe
4560	676f5189cda27c25fe617c84fb7162c0N.exe
1652	676f5189cda27c25fe617c84fb7162c0N.exe
1652	676f5189cda27c25fe617c84fb7162c0N.exe
516	676f5189cda27c25fe617c84fb7162c0N.exe
516	676f5189cda27c25fe617c84fb7162c0N.exe
4236	676f5189cda27c25fe617c84fb7162c0N.exe
4236	676f5189cda27c25fe617c84fb7162c0N.exe
5112	676f5189cda27c25fe617c84fb7162c0N.exe
5112	676f5189cda27c25fe617c84fb7162c0N.exe
3044	676f5189cda27c25fe617c84fb7162c0N.exe
3044	676f5189cda27c25fe617c84fb7162c0N.exe
3724	676f5189cda27c25fe617c84fb7162c0N.exe
3724	676f5189cda27c25fe617c84fb7162c0N.exe
2172	676f5189cda27c25fe617c84fb7162c0N.exe
2172	676f5189cda27c25fe617c84fb7162c0N.exe
4448	676f5189cda27c25fe617c84fb7162c0N.exe
4448	676f5189cda27c25fe617c84fb7162c0N.exe
2880	676f5189cda27c25fe617c84fb7162c0N.exe
2880	676f5189cda27c25fe617c84fb7162c0N.exe
516	676f5189cda27c25fe617c84fb7162c0N.exe
516	676f5189cda27c25fe617c84fb7162c0N.exe
1652	676f5189cda27c25fe617c84fb7162c0N.exe
1652	676f5189cda27c25fe617c84fb7162c0N.exe
1976	676f5189cda27c25fe617c84fb7162c0N.exe
1976	676f5189cda27c25fe617c84fb7162c0N.exe
3580	676f5189cda27c25fe617c84fb7162c0N.exe
3580	676f5189cda27c25fe617c84fb7162c0N.exe
4236	676f5189cda27c25fe617c84fb7162c0N.exe
4236	676f5189cda27c25fe617c84fb7162c0N.exe
4232	676f5189cda27c25fe617c84fb7162c0N.exe
4232	676f5189cda27c25fe617c84fb7162c0N.exe
1592	676f5189cda27c25fe617c84fb7162c0N.exe
1592	676f5189cda27c25fe617c84fb7162c0N.exe
4384	676f5189cda27c25fe617c84fb7162c0N.exe
4384	676f5189cda27c25fe617c84fb7162c0N.exe
4832	676f5189cda27c25fe617c84fb7162c0N.exe
4832	676f5189cda27c25fe617c84fb7162c0N.exe
4560	676f5189cda27c25fe617c84fb7162c0N.exe
4560	676f5189cda27c25fe617c84fb7162c0N.exe
1688	676f5189cda27c25fe617c84fb7162c0N.exe
1688	676f5189cda27c25fe617c84fb7162c0N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1652 wrote to memory of 2172	1652	676f5189cda27c25fe617c84fb7162c0N.exe	86
PID 1652 wrote to memory of 2172	1652	676f5189cda27c25fe617c84fb7162c0N.exe	86
PID 1652 wrote to memory of 2172	1652	676f5189cda27c25fe617c84fb7162c0N.exe	86
PID 2172 wrote to memory of 516	2172	676f5189cda27c25fe617c84fb7162c0N.exe	87
PID 2172 wrote to memory of 516	2172	676f5189cda27c25fe617c84fb7162c0N.exe	87
PID 2172 wrote to memory of 516	2172	676f5189cda27c25fe617c84fb7162c0N.exe	87
PID 1652 wrote to memory of 4236	1652	676f5189cda27c25fe617c84fb7162c0N.exe	88
PID 1652 wrote to memory of 4236	1652	676f5189cda27c25fe617c84fb7162c0N.exe	88
PID 1652 wrote to memory of 4236	1652	676f5189cda27c25fe617c84fb7162c0N.exe	88
PID 2172 wrote to memory of 3724	2172	676f5189cda27c25fe617c84fb7162c0N.exe	89
PID 2172 wrote to memory of 3724	2172	676f5189cda27c25fe617c84fb7162c0N.exe	89
PID 2172 wrote to memory of 3724	2172	676f5189cda27c25fe617c84fb7162c0N.exe	89
PID 1652 wrote to memory of 4232	1652	676f5189cda27c25fe617c84fb7162c0N.exe	90
PID 1652 wrote to memory of 4232	1652	676f5189cda27c25fe617c84fb7162c0N.exe	90
PID 1652 wrote to memory of 4232	1652	676f5189cda27c25fe617c84fb7162c0N.exe	90
PID 516 wrote to memory of 4832	516	676f5189cda27c25fe617c84fb7162c0N.exe	91
PID 516 wrote to memory of 4832	516	676f5189cda27c25fe617c84fb7162c0N.exe	91
PID 516 wrote to memory of 4832	516	676f5189cda27c25fe617c84fb7162c0N.exe	91
PID 4236 wrote to memory of 4560	4236	676f5189cda27c25fe617c84fb7162c0N.exe	92
PID 4236 wrote to memory of 4560	4236	676f5189cda27c25fe617c84fb7162c0N.exe	92
PID 4236 wrote to memory of 4560	4236	676f5189cda27c25fe617c84fb7162c0N.exe	92
PID 3724 wrote to memory of 5112	3724	676f5189cda27c25fe617c84fb7162c0N.exe	93
PID 3724 wrote to memory of 5112	3724	676f5189cda27c25fe617c84fb7162c0N.exe	93
PID 3724 wrote to memory of 5112	3724	676f5189cda27c25fe617c84fb7162c0N.exe	93
PID 2172 wrote to memory of 3044	2172	676f5189cda27c25fe617c84fb7162c0N.exe	94
PID 2172 wrote to memory of 3044	2172	676f5189cda27c25fe617c84fb7162c0N.exe	94
PID 2172 wrote to memory of 3044	2172	676f5189cda27c25fe617c84fb7162c0N.exe	94
PID 1652 wrote to memory of 2880	1652	676f5189cda27c25fe617c84fb7162c0N.exe	95
PID 1652 wrote to memory of 2880	1652	676f5189cda27c25fe617c84fb7162c0N.exe	95
PID 1652 wrote to memory of 2880	1652	676f5189cda27c25fe617c84fb7162c0N.exe	95
PID 516 wrote to memory of 4448	516	676f5189cda27c25fe617c84fb7162c0N.exe	96
PID 516 wrote to memory of 4448	516	676f5189cda27c25fe617c84fb7162c0N.exe	96
PID 516 wrote to memory of 4448	516	676f5189cda27c25fe617c84fb7162c0N.exe	96
PID 4236 wrote to memory of 1976	4236	676f5189cda27c25fe617c84fb7162c0N.exe	97
PID 4236 wrote to memory of 1976	4236	676f5189cda27c25fe617c84fb7162c0N.exe	97
PID 4236 wrote to memory of 1976	4236	676f5189cda27c25fe617c84fb7162c0N.exe	97
PID 4232 wrote to memory of 3580	4232	676f5189cda27c25fe617c84fb7162c0N.exe	98
PID 4232 wrote to memory of 3580	4232	676f5189cda27c25fe617c84fb7162c0N.exe	98
PID 4232 wrote to memory of 3580	4232	676f5189cda27c25fe617c84fb7162c0N.exe	98
PID 4832 wrote to memory of 1592	4832	676f5189cda27c25fe617c84fb7162c0N.exe	99
PID 4832 wrote to memory of 1592	4832	676f5189cda27c25fe617c84fb7162c0N.exe	99
PID 4832 wrote to memory of 1592	4832	676f5189cda27c25fe617c84fb7162c0N.exe	99
PID 4560 wrote to memory of 4384	4560	676f5189cda27c25fe617c84fb7162c0N.exe	100
PID 4560 wrote to memory of 4384	4560	676f5189cda27c25fe617c84fb7162c0N.exe	100
PID 4560 wrote to memory of 4384	4560	676f5189cda27c25fe617c84fb7162c0N.exe	100
PID 3044 wrote to memory of 2428	3044	676f5189cda27c25fe617c84fb7162c0N.exe	101
PID 3044 wrote to memory of 2428	3044	676f5189cda27c25fe617c84fb7162c0N.exe	101
PID 3044 wrote to memory of 2428	3044	676f5189cda27c25fe617c84fb7162c0N.exe	101
PID 5112 wrote to memory of 1688	5112	676f5189cda27c25fe617c84fb7162c0N.exe	102
PID 5112 wrote to memory of 1688	5112	676f5189cda27c25fe617c84fb7162c0N.exe	102
PID 5112 wrote to memory of 1688	5112	676f5189cda27c25fe617c84fb7162c0N.exe	102
PID 3724 wrote to memory of 2120	3724	676f5189cda27c25fe617c84fb7162c0N.exe	103
PID 3724 wrote to memory of 2120	3724	676f5189cda27c25fe617c84fb7162c0N.exe	103
PID 3724 wrote to memory of 2120	3724	676f5189cda27c25fe617c84fb7162c0N.exe	103
PID 2172 wrote to memory of 2572	2172	676f5189cda27c25fe617c84fb7162c0N.exe	104
PID 2172 wrote to memory of 2572	2172	676f5189cda27c25fe617c84fb7162c0N.exe	104
PID 2172 wrote to memory of 2572	2172	676f5189cda27c25fe617c84fb7162c0N.exe	104
PID 1652 wrote to memory of 700	1652	676f5189cda27c25fe617c84fb7162c0N.exe	105
PID 1652 wrote to memory of 700	1652	676f5189cda27c25fe617c84fb7162c0N.exe	105
PID 1652 wrote to memory of 700	1652	676f5189cda27c25fe617c84fb7162c0N.exe	105
PID 516 wrote to memory of 1412	516	676f5189cda27c25fe617c84fb7162c0N.exe	106
PID 516 wrote to memory of 1412	516	676f5189cda27c25fe617c84fb7162c0N.exe	106
PID 516 wrote to memory of 1412	516	676f5189cda27c25fe617c84fb7162c0N.exe	106
PID 4232 wrote to memory of 4004	4232	676f5189cda27c25fe617c84fb7162c0N.exe	107

C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
"C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1652
- C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2172
- - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:516
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:4832
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:1592
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        7⤵
        
        PID:5380
        
        C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        8⤵
        
        PID:16784
        
        C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        7⤵
        
        PID:5644
        
        C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        8⤵
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        8⤵
        
        PID:16984
        
        C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        7⤵
        
        PID:7308
        
        C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        8⤵
        
        PID:16260
        
        C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        7⤵
        
        PID:9352
        
        C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        8⤵
        
        PID:19868
        
        C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        7⤵
        
        PID:11884
        
        C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        7⤵
        
        PID:15732
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:5340
        
        C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        7⤵
        
        PID:20272
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:5604
        
        C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        7⤵
        
        PID:15060
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        7⤵
        
        PID:16848
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:10152
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:12096
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:16224
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:852
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        7⤵
        
        PID:19892
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        7⤵
        
        PID:14836
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        7⤵
        
        PID:16832
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:9400
        
        C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        7⤵
        
        PID:16752
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:11772
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:16576
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:5168
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:1756
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:17976
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:5548
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:4648
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:18104
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:7284
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:17056
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:9848
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:11732
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:14924
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4448
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:3308
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:5316
        
        C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        7⤵
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        7⤵
        
        PID:17024
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:5612
        
        C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        7⤵
        
        PID:14628
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        7⤵
        
        PID:16592
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:10008
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:11724
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:15352
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:5204
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:19872
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:5556
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:16840
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:7324
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:14332
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:20688
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:9456
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:11716
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:15524
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      Checks computer location settings
      PID:1412
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:5040
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:12012
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:16696
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:5488
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:11700
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:17988
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:7208
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:14300
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:20768
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:9360
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:14232
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:20696
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:11836
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:16584
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:3776
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:14640
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:5480
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:19928
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:7060
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:15944
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:9228
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:13540
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:9712
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:11876
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:15840
- - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3724
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:5112
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:1688
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        7⤵
        
        PID:19904
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:5408
        
        C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        7⤵
        
        PID:12272
        
        C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        7⤵
        
        PID:16704
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        7⤵
        
        PID:16648
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:8212
        
        C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        7⤵
        
        PID:14416
        
        C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        7⤵
        
        PID:20712
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:11956
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:2980
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:1480
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:11980
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:15540
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:5440
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:11988
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:15512
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:7068
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:15936
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:9200
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:14256
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:20560
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:11908
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:15724
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      Checks computer location settings
      PID:2120
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:4536
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:12020
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:15792
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:5424
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:15012
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:6968
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:17048
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:8972
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:12152
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:15264
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:11940
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:15556
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:2200
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:11964
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:11704
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:5456
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:14820
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:7148
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:16768
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:9376
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:15952
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:11788
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:1356
- - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3044
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      Checks computer location settings
      PID:2428
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:448
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:12052
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:15848
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:12796
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:19016
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:6960
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:16760
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:8804
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:14352
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:20576
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:11924
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:15756
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:3452
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:11996
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:15768
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:5448
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:13380
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:19692
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:7076
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:16744
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:9072
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:14248
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:20540
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:11916
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:15548
- - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
    3⤵
    - Checks computer location settings
    PID:2572
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:4596
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:9788
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:16736
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:20104
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:6976
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:16800
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:9208
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:13580
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:9708
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:11900
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:15740
- - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
    3⤵
    PID:1728
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:12028
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:15784
- - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
    3⤵
    PID:5464
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:14376
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:20680
- - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
    3⤵
    PID:7184
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:16640
- - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
    3⤵
    PID:9416
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:17064
- - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
    3⤵
    PID:11780
- - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
    3⤵
    PID:15532
- C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4236
- - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4560
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4384
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:4632
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:5396
        
        C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        7⤵
        
        PID:14604
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        7⤵
        
        PID:10436
        
        C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        7⤵
        
        PID:11708
        
        C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        7⤵
        
        PID:15372
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:7276
        
        C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        7⤵
        
        PID:14716
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:9440
        
        C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        7⤵
        
        PID:14852
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:11828
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:3444
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:5292
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:13368
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:19644
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:5588
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:16664
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:7316
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:16728
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:8756
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:13728
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:9760
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:11948
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:16240
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:3668
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:5324
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:16776
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:5620
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:19884
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:7348
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:15856
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:8772
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:14736
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:11932
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:16624
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:5240
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:11696
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:18096
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:5564
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:12004
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:16720
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:7220
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:16688
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:10088
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:11748
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:15364
- - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:1976
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:4000
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:5356
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:14620
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:5596
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:12280
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:16932
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:7252
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:16792
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:9432
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:13488
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:10904
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:11812
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:2676
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:16880
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:5512
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:16864
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:7192
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:14828
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:9424
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:16680
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:11820
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:16208
- - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
    3⤵
    PID:312
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:5308
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:4784
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:16712
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:5580
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:17016
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:7332
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:14396
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:20704
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:9948
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:11796
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:17040
- - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
    3⤵
    PID:3696
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:4808
- - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
    3⤵
    PID:5504
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:13436
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:19708
- - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
    3⤵
    PID:7164
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:16656
- - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
    3⤵
    PID:9384
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:14844
- - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
    3⤵
    PID:11756
- - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
    3⤵
    PID:16232
- C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4232
- - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:3580
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:2508
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:5388
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:19912
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:5660
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:12036
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:16252
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:7268
      - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        6⤵
        
        PID:16816
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:9448
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:11804
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:16632
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:5348
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:13480
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:8444
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:5636
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:12044
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:16012
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:7292
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:16824
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:9392
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:13572
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:9544
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:11852
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:16216
- - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
    3⤵
    PID:4004
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:1784
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:20236
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:5528
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:10388
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:17032
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:7236
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:16672
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:10212
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:11740
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:16616
- - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
    3⤵
    PID:4508
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:13548
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:9968
- - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
    3⤵
    PID:5496
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:11972
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:15504
- - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
    3⤵
    PID:7176
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:15928
- - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
    3⤵
    PID:9368
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:14308
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:20552
- - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
    3⤵
    PID:11868
- - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
    3⤵
    PID:15488
- C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:2880
- - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
    3⤵
    PID:5064
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:5300
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:11332
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:17692
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:5572
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:16856
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:7244
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:17008
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:9408
    - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
        5⤵
        
        PID:21180
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:11844
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:15776
- - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
    3⤵
    PID:5180
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:19936
- - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
    3⤵
    PID:5540
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:15748
- - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
    3⤵
    PID:7228
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:16808
- - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
    3⤵
    PID:10220
- - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
    3⤵
    PID:11764
- - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
    3⤵
    PID:15496
- C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
  2⤵
  - Checks computer location settings
  PID:700
- - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
    3⤵
    PID:3268
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:14892
- - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
    3⤵
    PID:5520
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:14652
- - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
    3⤵
    PID:7200
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:16992
- - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
    3⤵
    PID:9332
  - - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
      "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
      4⤵
      PID:15916
- - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
    3⤵
    PID:11860
- - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
    3⤵
    PID:4880
- C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
  2⤵
  PID:364
- - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
    3⤵
    PID:14612
- C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
  2⤵
  PID:5472
- - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
    3⤵
    PID:14812
- C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
  2⤵
  PID:7156
- - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
    3⤵
    PID:17000
- C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
  2⤵
  PID:9304
- - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
    3⤵
    PID:14264
- - C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
    "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
    3⤵
    PID:20568
- C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
  2⤵
  PID:11892
- C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe
  "C:\Users\Admin\AppData\Local\Temp\676f5189cda27c25fe617c84fb7162c0N.exe"
  2⤵
  PID:15480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\sperm catfight .rar.exe

Filesize
1.1MB

MD5
b429ce9326a11875c52ee410d8680de0

SHA1
c04987ec5e0cc55419527b61ec22f8ec1bc9d942

SHA256
be26be7cf39b15cf5d76e662eb08d8d335c6a44dd1ae5072993dc8ed938cc552

SHA512
a368969729ad6522fc63ef440b0a5b8878649041512b1c5221fc331e65cbcf4b2867e552c2fddb52d82151fe9877f09d7d0d07d0645fc13617dfadd9c6944b87

Download Submit
C:\debug.txt

Filesize
146B

MD5
2b4cf9a9a008a389d0d9c618267ee5be

SHA1
fb591cb2ea37e32540065255dd5989af8b992353

SHA256
40e5ef9b0fe341011a3ecceadd9acc493ce7c3da683ad5a316e44a6ac51e6ca3

SHA512
d6d23b04a8047b28e9ca30a42db5baba4b86205673a97c5435ec75d98b422b878e3b9fc85befd67d1f6ec7dde66488fd469386d5e8aa90d6f9e4f695abd10ab3

Download Submit