ed041d588124dcc1faf0eecca80f8aa92d58b303f52208b619c6a794d1f4d4a0

Analysis

max time kernel
16s
max time network
120s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
14-07-2024 21:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

26c5308bcbd7966aedfb250d71e0df30N.exe
Size

1.5MB
MD5

26c5308bcbd7966aedfb250d71e0df30
SHA1

3827d816fcb30fbe0ad705bb9f49c61300bb2f10
SHA256

ed041d588124dcc1faf0eecca80f8aa92d58b303f52208b619c6a794d1f4d4a0
SHA512

bb91b81f62d3958c6c0f0e4753332fcae92f7364f039837c036432a83278aace32bfdd6bd117feb528b76fe74b652b0e0367feff3de79a67ed8f594e636a50c3
SSDEEP

24576:oWit6M+URVAp+zFMhr/TqRYshEVeYeAVYqIsunxGiqyNhkjXLb4ZLDqIXQNkKzOT:Vit6M+UR+cMZ5shEol7sunwrGCSDqmQ6

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	26c5308bcbd7966aedfb250d71e0df30N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	26c5308bcbd7966aedfb250d71e0df30N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	26c5308bcbd7966aedfb250d71e0df30N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	26c5308bcbd7966aedfb250d71e0df30N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	26c5308bcbd7966aedfb250d71e0df30N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	26c5308bcbd7966aedfb250d71e0df30N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	26c5308bcbd7966aedfb250d71e0df30N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	26c5308bcbd7966aedfb250d71e0df30N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	26c5308bcbd7966aedfb250d71e0df30N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	26c5308bcbd7966aedfb250d71e0df30N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	26c5308bcbd7966aedfb250d71e0df30N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	26c5308bcbd7966aedfb250d71e0df30N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	26c5308bcbd7966aedfb250d71e0df30N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	26c5308bcbd7966aedfb250d71e0df30N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	26c5308bcbd7966aedfb250d71e0df30N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1403246978-718555486-3105247137-1000\Control Panel\International\Geo\Nation	26c5308bcbd7966aedfb250d71e0df30N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	26c5308bcbd7966aedfb250d71e0df30N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	26c5308bcbd7966aedfb250d71e0df30N.exe
File opened (read-only)	\??\H:	26c5308bcbd7966aedfb250d71e0df30N.exe
File opened (read-only)	\??\P:	26c5308bcbd7966aedfb250d71e0df30N.exe
File opened (read-only)	\??\R:	26c5308bcbd7966aedfb250d71e0df30N.exe
File opened (read-only)	\??\W:	26c5308bcbd7966aedfb250d71e0df30N.exe
File opened (read-only)	\??\X:	26c5308bcbd7966aedfb250d71e0df30N.exe
File opened (read-only)	\??\B:	26c5308bcbd7966aedfb250d71e0df30N.exe
File opened (read-only)	\??\J:	26c5308bcbd7966aedfb250d71e0df30N.exe
File opened (read-only)	\??\U:	26c5308bcbd7966aedfb250d71e0df30N.exe
File opened (read-only)	\??\V:	26c5308bcbd7966aedfb250d71e0df30N.exe
File opened (read-only)	\??\E:	26c5308bcbd7966aedfb250d71e0df30N.exe
File opened (read-only)	\??\G:	26c5308bcbd7966aedfb250d71e0df30N.exe
File opened (read-only)	\??\Q:	26c5308bcbd7966aedfb250d71e0df30N.exe
File opened (read-only)	\??\T:	26c5308bcbd7966aedfb250d71e0df30N.exe
File opened (read-only)	\??\Y:	26c5308bcbd7966aedfb250d71e0df30N.exe
File opened (read-only)	\??\Z:	26c5308bcbd7966aedfb250d71e0df30N.exe
File opened (read-only)	\??\I:	26c5308bcbd7966aedfb250d71e0df30N.exe
File opened (read-only)	\??\K:	26c5308bcbd7966aedfb250d71e0df30N.exe
File opened (read-only)	\??\L:	26c5308bcbd7966aedfb250d71e0df30N.exe
File opened (read-only)	\??\M:	26c5308bcbd7966aedfb250d71e0df30N.exe
File opened (read-only)	\??\N:	26c5308bcbd7966aedfb250d71e0df30N.exe
File opened (read-only)	\??\O:	26c5308bcbd7966aedfb250d71e0df30N.exe
File opened (read-only)	\??\S:	26c5308bcbd7966aedfb250d71e0df30N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\tyrkish gay lesbian (Britney).zip.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\norwegian kicking kicking hidden hotel .mpeg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\SysWOW64\FxsTmp\gay sleeping boobs young .avi.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\nude masturbation (Anniston,Jade).rar.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\System32\DriverStore\Temp\german cumshot hardcore hidden .rar.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\SysWOW64\FxsTmp\bukkake handjob sleeping latex (Sarah,Christine).rar.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\asian sperm trambling [free] ejaculation (Ashley).zip.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\cum beast [bangbus] (Christine).mpg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\xxx public upskirt .mpeg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\indian lesbian kicking girls feet (Sonja,Melissa).rar.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\horse hardcore voyeur ejaculation .avi.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\american trambling nude lesbian shower .zip.exe	26c5308bcbd7966aedfb250d71e0df30N.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\american xxx uncut sm .mpg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\handjob full movie legs fishy .mpeg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\american beast lesbian mistress .avi.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Program Files (x86)\Google\Update\Download\french sperm beastiality hidden .rar.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\african hardcore trambling masturbation 40+ .avi.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\lesbian [bangbus] shower .mpeg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\sperm [milf] mistress (Jade).mpeg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\horse lesbian [bangbus] black hairunshaved .rar.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\norwegian kicking nude catfight .mpeg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Program Files (x86)\Microsoft\Temp\spanish gang bang gay big stockings .avi.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Program Files\Common Files\microsoft shared\swedish trambling xxx full movie (Sonja,Sandy).mpg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\japanese kicking fetish hot (!) leather .mpeg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\beastiality blowjob girls nipples blondie (Kathrin,Kathrin).rar.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Program Files (x86)\Google\Temp\spanish fetish beast hot (!) Ôï .avi.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Program Files\Microsoft Office\root\Templates\swedish kicking gang bang girls (Sarah).rar.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\indian gay several models .rar.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\african nude cum [free] mature (Christine).avi.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\animal bukkake catfight traffic .zip.exe	26c5308bcbd7966aedfb250d71e0df30N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\spanish fetish hot (!) 40+ (Liz).zip.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\german animal blowjob lesbian (Britney,Sonja).zip.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\lingerie animal [milf] stockings .avi.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\british handjob trambling big titts .mpeg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\horse lesbian full movie titts mistress .rar.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\spanish fucking girls .rar.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\InputMethod\SHARED\french beast several models titts bedroom (Jade).avi.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\lesbian hot (!) stockings .rar.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\french kicking horse sleeping titts pregnant .mpg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\italian porn big vagina (Liz,Sylvia).mpeg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\brasilian sperm beast lesbian bondage .mpg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\spanish beastiality big .mpeg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\tyrkish gang bang xxx girls balls .rar.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\german bukkake xxx [free] .avi.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\british fucking lesbian [milf] .avi.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\japanese horse licking 50+ .mpeg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_es-es_e5c3ad79c4e34ebb\african horse bukkake several models glans .avi.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\american horse public fishy (Liz).avi.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\swedish kicking kicking licking cock .zip.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\japanese trambling voyeur shoes (Sonja,Sarah).rar.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\chinese hardcore sleeping (Kathrin).mpeg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\canadian trambling trambling [milf] hole .mpg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\canadian handjob cumshot voyeur femdom .mpeg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\black handjob blowjob licking 50+ (Sylvia,Jenna).avi.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\italian porn girls ash .mpg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\italian hardcore animal public sm (Melissa).zip.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\blowjob hidden hole .zip.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\asian beastiality nude full movie castration .mpg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\tyrkish porn masturbation traffic .avi.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\black lingerie lesbian lesbian legs sweet .rar.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\beast hidden blondie .mpg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\horse xxx voyeur .rar.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\PLA\Templates\beast kicking girls leather .rar.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\spanish beast girls legs femdom .mpg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\malaysia animal cumshot uncut .zip.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\action animal hidden balls (Karin,Liz).rar.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\italian trambling full movie .rar.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\black cumshot fucking masturbation (Janette,Sonja).rar.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_5abbd3c4a3f2014c\fucking gay [free] vagina hairy (Sonja,Sonja).rar.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\chinese action [free] black hairunshaved .avi.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\SoftwareDistribution\Download\french porn fucking [milf] 50+ .rar.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\nude blowjob [free] feet hairy .avi.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\spanish cumshot bukkake girls hole femdom (Karin,Jenna).avi.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_b1ffa0e7b4ed03e2\british fetish cum big .avi.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\porn masturbation bedroom .mpeg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_887b2378b7b5651d\black kicking fetish hidden stockings .mpg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\malaysia nude fetish masturbation ash hotel .mpg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\indian beast voyeur beautyfull .zip.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\brasilian horse sperm [bangbus] nipples .mpeg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\tyrkish trambling lingerie public .mpg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\italian gang bang girls redhair .zip.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\handjob licking .mpeg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\black animal lesbian [free] (Melissa).mpeg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\swedish fucking catfight ash .mpg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\indian porn blowjob sleeping nipples .rar.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\swedish fucking gay [free] glans traffic (Britney,Anniston).rar.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\chinese animal several models .rar.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\beastiality handjob [free] swallow .avi.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\action public black hairunshaved .avi.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\indian horse uncut Ôï (Kathrin).mpeg.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_5af076e0a3cb0fa7\african nude several models bondage .avi.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\italian nude lesbian boobs (Curtney,Britney).rar.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\mssrv.exe	26c5308bcbd7966aedfb250d71e0df30N.exe
File created	C:\Windows\CbsTemp\norwegian action uncut hotel .rar.exe	26c5308bcbd7966aedfb250d71e0df30N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
364	26c5308bcbd7966aedfb250d71e0df30N.exe
364	26c5308bcbd7966aedfb250d71e0df30N.exe
1384	26c5308bcbd7966aedfb250d71e0df30N.exe
1384	26c5308bcbd7966aedfb250d71e0df30N.exe
364	26c5308bcbd7966aedfb250d71e0df30N.exe
364	26c5308bcbd7966aedfb250d71e0df30N.exe
3748	26c5308bcbd7966aedfb250d71e0df30N.exe
3748	26c5308bcbd7966aedfb250d71e0df30N.exe
4056	26c5308bcbd7966aedfb250d71e0df30N.exe
4056	26c5308bcbd7966aedfb250d71e0df30N.exe
1384	26c5308bcbd7966aedfb250d71e0df30N.exe
1384	26c5308bcbd7966aedfb250d71e0df30N.exe
364	26c5308bcbd7966aedfb250d71e0df30N.exe
364	26c5308bcbd7966aedfb250d71e0df30N.exe
692	26c5308bcbd7966aedfb250d71e0df30N.exe
692	26c5308bcbd7966aedfb250d71e0df30N.exe
3808	26c5308bcbd7966aedfb250d71e0df30N.exe
3808	26c5308bcbd7966aedfb250d71e0df30N.exe
1384	26c5308bcbd7966aedfb250d71e0df30N.exe
1384	26c5308bcbd7966aedfb250d71e0df30N.exe
364	26c5308bcbd7966aedfb250d71e0df30N.exe
364	26c5308bcbd7966aedfb250d71e0df30N.exe
2416	26c5308bcbd7966aedfb250d71e0df30N.exe
2416	26c5308bcbd7966aedfb250d71e0df30N.exe
220	26c5308bcbd7966aedfb250d71e0df30N.exe
220	26c5308bcbd7966aedfb250d71e0df30N.exe
4056	26c5308bcbd7966aedfb250d71e0df30N.exe
4056	26c5308bcbd7966aedfb250d71e0df30N.exe
3748	26c5308bcbd7966aedfb250d71e0df30N.exe
3748	26c5308bcbd7966aedfb250d71e0df30N.exe
1028	26c5308bcbd7966aedfb250d71e0df30N.exe
1028	26c5308bcbd7966aedfb250d71e0df30N.exe
4088	26c5308bcbd7966aedfb250d71e0df30N.exe
4088	26c5308bcbd7966aedfb250d71e0df30N.exe
3496	26c5308bcbd7966aedfb250d71e0df30N.exe
3496	26c5308bcbd7966aedfb250d71e0df30N.exe
364	26c5308bcbd7966aedfb250d71e0df30N.exe
692	26c5308bcbd7966aedfb250d71e0df30N.exe
364	26c5308bcbd7966aedfb250d71e0df30N.exe
692	26c5308bcbd7966aedfb250d71e0df30N.exe
1392	26c5308bcbd7966aedfb250d71e0df30N.exe
1392	26c5308bcbd7966aedfb250d71e0df30N.exe
1384	26c5308bcbd7966aedfb250d71e0df30N.exe
1384	26c5308bcbd7966aedfb250d71e0df30N.exe
2992	26c5308bcbd7966aedfb250d71e0df30N.exe
2992	26c5308bcbd7966aedfb250d71e0df30N.exe
4056	26c5308bcbd7966aedfb250d71e0df30N.exe
4056	26c5308bcbd7966aedfb250d71e0df30N.exe
3748	26c5308bcbd7966aedfb250d71e0df30N.exe
3748	26c5308bcbd7966aedfb250d71e0df30N.exe
3172	26c5308bcbd7966aedfb250d71e0df30N.exe
3172	26c5308bcbd7966aedfb250d71e0df30N.exe
1780	26c5308bcbd7966aedfb250d71e0df30N.exe
1780	26c5308bcbd7966aedfb250d71e0df30N.exe
3808	26c5308bcbd7966aedfb250d71e0df30N.exe
3808	26c5308bcbd7966aedfb250d71e0df30N.exe
2416	26c5308bcbd7966aedfb250d71e0df30N.exe
2416	26c5308bcbd7966aedfb250d71e0df30N.exe
4692	26c5308bcbd7966aedfb250d71e0df30N.exe
4692	26c5308bcbd7966aedfb250d71e0df30N.exe
220	26c5308bcbd7966aedfb250d71e0df30N.exe
220	26c5308bcbd7966aedfb250d71e0df30N.exe
4668	26c5308bcbd7966aedfb250d71e0df30N.exe
4668	26c5308bcbd7966aedfb250d71e0df30N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 364 wrote to memory of 1384	364	26c5308bcbd7966aedfb250d71e0df30N.exe	86
PID 364 wrote to memory of 1384	364	26c5308bcbd7966aedfb250d71e0df30N.exe	86
PID 364 wrote to memory of 1384	364	26c5308bcbd7966aedfb250d71e0df30N.exe	86
PID 364 wrote to memory of 3748	364	26c5308bcbd7966aedfb250d71e0df30N.exe	87
PID 364 wrote to memory of 3748	364	26c5308bcbd7966aedfb250d71e0df30N.exe	87
PID 364 wrote to memory of 3748	364	26c5308bcbd7966aedfb250d71e0df30N.exe	87
PID 1384 wrote to memory of 4056	1384	26c5308bcbd7966aedfb250d71e0df30N.exe	88
PID 1384 wrote to memory of 4056	1384	26c5308bcbd7966aedfb250d71e0df30N.exe	88
PID 1384 wrote to memory of 4056	1384	26c5308bcbd7966aedfb250d71e0df30N.exe	88
PID 1384 wrote to memory of 692	1384	26c5308bcbd7966aedfb250d71e0df30N.exe	89
PID 1384 wrote to memory of 692	1384	26c5308bcbd7966aedfb250d71e0df30N.exe	89
PID 1384 wrote to memory of 692	1384	26c5308bcbd7966aedfb250d71e0df30N.exe	89
PID 364 wrote to memory of 3808	364	26c5308bcbd7966aedfb250d71e0df30N.exe	90
PID 364 wrote to memory of 3808	364	26c5308bcbd7966aedfb250d71e0df30N.exe	90
PID 364 wrote to memory of 3808	364	26c5308bcbd7966aedfb250d71e0df30N.exe	90
PID 3748 wrote to memory of 2416	3748	26c5308bcbd7966aedfb250d71e0df30N.exe	91
PID 4056 wrote to memory of 220	4056	26c5308bcbd7966aedfb250d71e0df30N.exe	92
PID 3748 wrote to memory of 2416	3748	26c5308bcbd7966aedfb250d71e0df30N.exe	91
PID 3748 wrote to memory of 2416	3748	26c5308bcbd7966aedfb250d71e0df30N.exe	91
PID 4056 wrote to memory of 220	4056	26c5308bcbd7966aedfb250d71e0df30N.exe	92
PID 4056 wrote to memory of 220	4056	26c5308bcbd7966aedfb250d71e0df30N.exe	92
PID 692 wrote to memory of 1028	692	26c5308bcbd7966aedfb250d71e0df30N.exe	93
PID 692 wrote to memory of 1028	692	26c5308bcbd7966aedfb250d71e0df30N.exe	93
PID 692 wrote to memory of 1028	692	26c5308bcbd7966aedfb250d71e0df30N.exe	93
PID 364 wrote to memory of 3496	364	26c5308bcbd7966aedfb250d71e0df30N.exe	94
PID 364 wrote to memory of 3496	364	26c5308bcbd7966aedfb250d71e0df30N.exe	94
PID 364 wrote to memory of 3496	364	26c5308bcbd7966aedfb250d71e0df30N.exe	94
PID 1384 wrote to memory of 4088	1384	26c5308bcbd7966aedfb250d71e0df30N.exe	95
PID 1384 wrote to memory of 4088	1384	26c5308bcbd7966aedfb250d71e0df30N.exe	95
PID 1384 wrote to memory of 4088	1384	26c5308bcbd7966aedfb250d71e0df30N.exe	95
PID 4056 wrote to memory of 1392	4056	26c5308bcbd7966aedfb250d71e0df30N.exe	96
PID 4056 wrote to memory of 1392	4056	26c5308bcbd7966aedfb250d71e0df30N.exe	96
PID 4056 wrote to memory of 1392	4056	26c5308bcbd7966aedfb250d71e0df30N.exe	96
PID 3748 wrote to memory of 2992	3748	26c5308bcbd7966aedfb250d71e0df30N.exe	97
PID 3748 wrote to memory of 2992	3748	26c5308bcbd7966aedfb250d71e0df30N.exe	97
PID 3748 wrote to memory of 2992	3748	26c5308bcbd7966aedfb250d71e0df30N.exe	97
PID 3808 wrote to memory of 3172	3808	26c5308bcbd7966aedfb250d71e0df30N.exe	98
PID 3808 wrote to memory of 3172	3808	26c5308bcbd7966aedfb250d71e0df30N.exe	98
PID 3808 wrote to memory of 3172	3808	26c5308bcbd7966aedfb250d71e0df30N.exe	98
PID 2416 wrote to memory of 1780	2416	26c5308bcbd7966aedfb250d71e0df30N.exe	99
PID 2416 wrote to memory of 1780	2416	26c5308bcbd7966aedfb250d71e0df30N.exe	99
PID 2416 wrote to memory of 1780	2416	26c5308bcbd7966aedfb250d71e0df30N.exe	99
PID 220 wrote to memory of 4692	220	26c5308bcbd7966aedfb250d71e0df30N.exe	100
PID 220 wrote to memory of 4692	220	26c5308bcbd7966aedfb250d71e0df30N.exe	100
PID 220 wrote to memory of 4692	220	26c5308bcbd7966aedfb250d71e0df30N.exe	100
PID 692 wrote to memory of 4668	692	26c5308bcbd7966aedfb250d71e0df30N.exe	101
PID 692 wrote to memory of 4668	692	26c5308bcbd7966aedfb250d71e0df30N.exe	101
PID 692 wrote to memory of 4668	692	26c5308bcbd7966aedfb250d71e0df30N.exe	101
PID 364 wrote to memory of 2156	364	26c5308bcbd7966aedfb250d71e0df30N.exe	102
PID 364 wrote to memory of 2156	364	26c5308bcbd7966aedfb250d71e0df30N.exe	102
PID 364 wrote to memory of 2156	364	26c5308bcbd7966aedfb250d71e0df30N.exe	102
PID 1384 wrote to memory of 2676	1384	26c5308bcbd7966aedfb250d71e0df30N.exe	103
PID 1384 wrote to memory of 2676	1384	26c5308bcbd7966aedfb250d71e0df30N.exe	103
PID 1384 wrote to memory of 2676	1384	26c5308bcbd7966aedfb250d71e0df30N.exe	103
PID 4056 wrote to memory of 4636	4056	26c5308bcbd7966aedfb250d71e0df30N.exe	104
PID 4056 wrote to memory of 4636	4056	26c5308bcbd7966aedfb250d71e0df30N.exe	104
PID 4056 wrote to memory of 4636	4056	26c5308bcbd7966aedfb250d71e0df30N.exe	104
PID 1028 wrote to memory of 5028	1028	26c5308bcbd7966aedfb250d71e0df30N.exe	105
PID 1028 wrote to memory of 5028	1028	26c5308bcbd7966aedfb250d71e0df30N.exe	105
PID 1028 wrote to memory of 5028	1028	26c5308bcbd7966aedfb250d71e0df30N.exe	105
PID 3808 wrote to memory of 3628	3808	26c5308bcbd7966aedfb250d71e0df30N.exe	106
PID 3808 wrote to memory of 3628	3808	26c5308bcbd7966aedfb250d71e0df30N.exe	106
PID 3808 wrote to memory of 3628	3808	26c5308bcbd7966aedfb250d71e0df30N.exe	106
PID 3748 wrote to memory of 4184	3748	26c5308bcbd7966aedfb250d71e0df30N.exe	107

C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
"C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:364
- C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
  "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1384
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4056
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:220
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:4692
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:5796
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        8⤵
        
        PID:9612
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        8⤵
        
        PID:13696
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        8⤵
        
        PID:17056
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        8⤵
        
        PID:17020
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:7224
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        8⤵
        
        PID:15132
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        8⤵
        
        PID:17024
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        8⤵
        
        PID:20804
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:13840
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:17384
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:24796
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:4280
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:7668
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        8⤵
        
        PID:15440
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        8⤵
        
        PID:17084
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        8⤵
        
        PID:23468
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:10900
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:14136
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:17156
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:13352
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:6348
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:12816
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:4124
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:23836
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:8580
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:12364
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:2152
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:23844
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:2072
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:5708
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:9436
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:12732
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:4840
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:21064
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:7180
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:14664
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:17272
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:20612
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:9636
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:13816
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:17344
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:20844
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:4768
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:11604
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:448
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:8160
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:21692
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:11284
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:14692
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:22336
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:6444
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:11800
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:3492
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:22984
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:8588
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:17816
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:23452
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:12184
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:4340
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:23956
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:1392
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:2484
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:10876
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:13428
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:17140
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:20900
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:7248
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:14928
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:17248
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:23812
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:9716
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:13808
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:17368
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:23740
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:2192
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:7400
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:3856
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:10280
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:14620
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:17256
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:21576
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:6344
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:11792
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:4892
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:23940
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:8556
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:17988
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:23712
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:12244
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:2580
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:20544
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:4636
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:5756
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:9488
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:12836
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:17400
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:23772
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:7256
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:14980
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:17228
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:21028
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:9732
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:13900
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:17336
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:20836
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:4480
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:8264
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:4604
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:21840
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:11448
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:4564
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:22376
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:6360
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:11640
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:3984
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:22992
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:8572
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:19564
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:12428
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:16840
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:21644
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:692
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1028
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:5028
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:9596
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:13188
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:15844
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:21012
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:436
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:9892
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:13996
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:17312
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:23732
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:3588
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:8388
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:17980
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:25012
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:12088
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:2340
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:21684
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:6368
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:11912
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:16672
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:23500
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:8620
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:19936
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:12308
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:2028
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:23900
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4668
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:5812
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:9404
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:12764
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:3932
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:21628
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:7240
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:14996
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:17180
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:21020
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:9920
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:14012
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:17280
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:23788
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:3420
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:8780
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:12532
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:2124
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:21848
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:6424
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:11832
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:1068
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:24108
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:8644
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:17848
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:24820
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:12340
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:560
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:23860
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4088
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:228
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:5736
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:9496
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:12852
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:3576
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:24812
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:7188
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:15480
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:17100
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:23492
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:9588
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:12844
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:16824
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:20988
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:908
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:7104
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:14804
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:17264
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:23780
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:9360
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:12772
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:3804
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:23868
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:6408
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:11840
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:1112
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:23948
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:8628
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:17860
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:23444
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:12212
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:16856
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:23908
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:2676
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:5768
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:9424
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:12756
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:2456
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:23876
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:7232
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:14972
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:17040
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:23436
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:9788
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:13928
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:17044
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:12668
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:2564
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:9724
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:13828
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:9040
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:17376
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:20868
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:6468
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:11784
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:232
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:23932
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:8636
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:12348
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:1744
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:23884
- C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
  "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3748
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2416
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:1780
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:3884
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:9604
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:13196
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:17392
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:20876
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:5720
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:14960
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:17240
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:21036
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:9780
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:13908
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:17328
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:20852
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:2352
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:8336
        
        C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        7⤵
        
        PID:19548
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:12080
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:3256
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:21708
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:6208
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:11404
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:3468
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:24100
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:8172
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:19540
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:11292
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:2036
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:1924
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:5932
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:9800
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:13988
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:17320
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:20820
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:7572
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:15472
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:17092
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:20828
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:10664
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:15024
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:17212
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:21604
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:2716
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:7412
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:15464
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:17108
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:20796
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:10464
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:15112
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:17204
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:23796
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:6296
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:11884
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:4952
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:21676
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:8564
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:19556
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:12176
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:3772
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:24092
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:2992
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:4664
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:5804
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:9480
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:12740
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:2260
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:23764
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:7392
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:15448
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:17068
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:23484
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:9940
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:14004
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:17304
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:21700
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:3408
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:7288
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:15032
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:17188
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:20892
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:9740
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:13884
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:17352
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:23724
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:6392
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:11908
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:16288
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:20996
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:8772
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:5372
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:22328
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:12332
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:4400
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:23892
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:4184
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:6080
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:11168
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:3308
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:17468
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:23508
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:7628
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:15632
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:17076
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:23460
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:10868
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:14348
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:17164
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:11280
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:380
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:9456
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:12828
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:4068
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:21044
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:6288
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:11660
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:2304
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:22360
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:8508
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:12168
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:2020
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:23852
- C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
  "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3808
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:3172
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:956
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:6000
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:10536
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:15100
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:17196
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:21004
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:7564
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:15368
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:17124
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:4764
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:10720
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:15320
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:17172
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:20884
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:2184
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:8416
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:18832
      - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        6⤵
        
        PID:24996
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:12072
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:4876
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:21668
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:4348
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:10860
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:14688
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:17148
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:20604
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:7760
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:2916
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:22368
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:11160
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:12032
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:17132
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:20584
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:3628
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:5940
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:9464
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:12724
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:16828
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:24116
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:7552
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:15456
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:17116
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:23476
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:10520
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:15012
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:17220
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:23820
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:2864
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:6176
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:11196
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:3204
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:8256
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:16868
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:21652
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:11376
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:17788
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:23924
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:6336
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:11776
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:796
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:22344
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:8520
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:17888
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:24828
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:12160
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:4228
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:21052
- C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
  "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:3496
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:3944
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:6096
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:10288
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:14764
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:17288
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:20812
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:7956
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:16880
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:22352
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:11364
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:2256
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:23000
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:5024
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:6716
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:13004
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:4236
    - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
        5⤵
        
        PID:23828
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:9096
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:12540
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:932
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:24804
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:6416
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:11648
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:3552
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:23916
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:8660
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:12356
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:3864
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:21612
- C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
  "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
  2⤵
  PID:2156
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:5620
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:9772
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:13892
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:17360
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:20860
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:7156
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:14568
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:17296
  - - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
      "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
      4⤵
      PID:23804
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:9396
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:12748
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:17032
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:13044
- C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
  "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
  2⤵
  PID:3908
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:9212
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:12600
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:2584
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:21620
- C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
  "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
  2⤵
  PID:6400
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:11808
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:1984
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:21660
- C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
  "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
  2⤵
  PID:8652
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:17972
- - C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
    "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
    3⤵
    PID:25004
- C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
  "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
  2⤵
  PID:12372
- C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
  "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
  2⤵
  PID:4992
- C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe
  "C:\Users\Admin\AppData\Local\Temp\26c5308bcbd7966aedfb250d71e0df30N.exe"
  2⤵
  PID:21636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\indian gay several models .rar.exe

Filesize
1.6MB

MD5
38ed4e49e5f55bbd5d28ee093c9e00ab

SHA1
86e8f2eda06a17e71a55e11b748b7896ed93cf62

SHA256
9b98c32dde36904b865b49f1959bf873de1a317b0c7ec41d2c3b0c799d2e5a5a

SHA512
fabafb7de2207244f893cd285ffeaff6767254c1418c730ba1c1a5b9060bc20d0a3bc518bd45c917d56b30224a5c88c4028cbf21b98fbc1735d339822e159926

Download Submit
memory/228-217-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/364-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/692-202-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/908-227-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/956-220-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1028-204-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1384-98-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1392-206-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1780-208-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1924-215-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2072-216-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2484-218-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2676-210-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2864-224-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3172-207-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3516-222-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3588-225-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3628-213-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3748-184-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3808-203-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3884-219-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3944-221-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4056-185-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4088-205-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4184-214-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4480-228-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4636-211-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4692-209-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4768-223-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5024-226-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5028-212-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5620-229-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5628-230-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5708-231-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5720-256-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5736-232-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5796-233-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5804-234-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5812-235-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5924-236-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5932-237-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5940-238-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6000-239-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6080-240-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6096-241-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6192-242-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6208-243-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6288-244-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6336-247-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6348-248-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6368-252-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6392-245-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6400-246-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6416-251-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6444-249-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6468-250-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6716-253-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7104-254-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7156-255-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7180-257-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7188-258-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7240-259-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7264-261-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7288-260-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7392-262-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7412-263-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7628-264-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7668-265-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7760-266-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8160-267-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8172-268-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8256-270-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8264-271-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8336-272-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8388-273-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8416-274-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8620-275-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8628-276-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8772-277-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8780-278-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9212-279-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9396-280-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9404-284-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9424-285-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9436-281-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9456-282-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9464-283-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9588-286-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9596-288-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9612-291-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9636-287-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9704-289-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9716-290-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9772-292-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9780-293-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9788-294-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download