e5b9822ca2cb324485913117f423989d82ecb0bab3d11ffb1d6f1d37bf1b9ae4

Analysis

max time kernel
12s
max time network
5s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2024, 04:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7cd75ba54d4a223c79c9f540b5b6f260N.exe
Size

805KB
MD5

7cd75ba54d4a223c79c9f540b5b6f260
SHA1

afa0bf027ec195f5d0e842ccdac70b68dd5a4e39
SHA256

e5b9822ca2cb324485913117f423989d82ecb0bab3d11ffb1d6f1d37bf1b9ae4
SHA512

aab18cb9eb0c22ca7ba14d7adeb33d74810e05d8f771385ec33e688dc33c7dd0cb7feabe892cc164dd87030e17ea4c06b8a0300a01ed145103b6cb7a2de7c004
SSDEEP

12288:dXCNi9BrgYYjRBAFA2NohnqB4d/t2VqCkp1dtt/yQtKe0DcHRe0lLgKS0s:oWUEA2NohqB49t2kxtObDuHbSR

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 14 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation	7cd75ba54d4a223c79c9f540b5b6f260N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation	7cd75ba54d4a223c79c9f540b5b6f260N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation	7cd75ba54d4a223c79c9f540b5b6f260N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation	7cd75ba54d4a223c79c9f540b5b6f260N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation	7cd75ba54d4a223c79c9f540b5b6f260N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation	7cd75ba54d4a223c79c9f540b5b6f260N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation	7cd75ba54d4a223c79c9f540b5b6f260N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation	7cd75ba54d4a223c79c9f540b5b6f260N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation	7cd75ba54d4a223c79c9f540b5b6f260N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation	7cd75ba54d4a223c79c9f540b5b6f260N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation	7cd75ba54d4a223c79c9f540b5b6f260N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation	7cd75ba54d4a223c79c9f540b5b6f260N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation	7cd75ba54d4a223c79c9f540b5b6f260N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation	7cd75ba54d4a223c79c9f540b5b6f260N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	7cd75ba54d4a223c79c9f540b5b6f260N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File opened (read-only)	\??\J:	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File opened (read-only)	\??\T:	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File opened (read-only)	\??\W:	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File opened (read-only)	\??\K:	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File opened (read-only)	\??\L:	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File opened (read-only)	\??\N:	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File opened (read-only)	\??\O:	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File opened (read-only)	\??\B:	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File opened (read-only)	\??\G:	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File opened (read-only)	\??\H:	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File opened (read-only)	\??\I:	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File opened (read-only)	\??\P:	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File opened (read-only)	\??\U:	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File opened (read-only)	\??\Z:	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File opened (read-only)	\??\Q:	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File opened (read-only)	\??\S:	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File opened (read-only)	\??\V:	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File opened (read-only)	\??\X:	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File opened (read-only)	\??\E:	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File opened (read-only)	\??\M:	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File opened (read-only)	\??\R:	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File opened (read-only)	\??\Y:	7cd75ba54d4a223c79c9f540b5b6f260N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\Temp\fucking cumshot licking ash mistress .rar.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\SysWOW64\FxsTmp\kicking voyeur boobs .avi.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\action blowjob hot (!) glans femdom (Liz,Ashley).rar.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\italian fetish porn masturbation traffic .mpeg.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\african trambling hot (!) ¼ë (Jenna).rar.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\french gay fucking hidden wifey .mpeg.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\canadian kicking gay masturbation feet shower .rar.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\brasilian fetish uncut balls .zip.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\german hardcore [free] .mpg.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\indian gay hot (!) titts beautyfull .mpg.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\SysWOW64\FxsTmp\malaysia gay horse [milf] hairy (Ashley).rar.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\black handjob full movie .mpeg.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe

Drops file in Program Files directory 19 IoCs

description	ioc	Process
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\french lingerie hardcore [milf] cock castration (Sylvia,Anniston).avi.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\malaysia fucking hardcore catfight granny (Sonja).zip.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\brasilian xxx lingerie catfight shower (Melissa).rar.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\norwegian kicking lingerie voyeur nipples circumcision .zip.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\swedish gang bang big nipples (Christine,Tatjana).mpg.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\italian trambling xxx lesbian 50+ .avi.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\danish bukkake lesbian several models .rar.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\trambling girls vagina .mpeg.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\danish gay action lesbian .zip.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Program Files (x86)\Google\Temp\norwegian gay sleeping boobs girly .avi.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Program Files (x86)\Microsoft\Temp\cum hot (!) (Sandy,Sarah).mpg.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Program Files\Common Files\microsoft shared\lesbian sperm hidden wifey .zip.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\japanese handjob several models .mpg.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\american sperm hidden latex (Karin,Sonja).mpeg.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\african porn kicking hidden boots .zip.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Program Files (x86)\Google\Update\Download\malaysia blowjob xxx hot (!) .mpeg.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU7A02.tmp\beastiality lingerie uncut titts mistress .mpg.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Program Files\dotnet\shared\malaysia trambling horse [bangbus] titts latex (Gina).mpeg.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Program Files\Microsoft Office\root\Templates\french blowjob sperm catfight vagina mistress .mpg.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\lesbian lesbian titts stockings .avi.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\PLA\Templates\xxx bukkake [free] swallow .zip.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\german fucking [milf] ¼ë .avi.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\SoftwareDistribution\Download\action public boobs mistress (Melissa,Tatjana).mpeg.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\xxx fucking hot (!) beautyfull .mpg.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\french horse voyeur lady .avi.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\tyrkish porn cum catfight shower .mpeg.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\asian hardcore full movie hairy .zip.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\spanish blowjob [free] circumcision .zip.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\mssrv.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\horse handjob [free] hole shower .mpg.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\Downloaded Program Files\indian action [free] .mpg.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\german beastiality lesbian feet fishy .rar.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\german horse xxx masturbation .rar.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\fetish cum girls .mpg.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\canadian horse [bangbus] vagina (Gina).rar.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\lingerie fucking masturbation legs circumcision .rar.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\japanese blowjob cum public .zip.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\chinese nude xxx sleeping swallow .mpeg.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\norwegian sperm cumshot [milf] feet lady (Kathrin,Gina).avi.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\italian trambling sperm [bangbus] black hairunshaved .mpg.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\german sperm blowjob big blondie (Ashley,Anniston).mpeg.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\german lesbian beastiality girls (Karin).mpeg.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\italian cumshot cumshot uncut glans (Liz).avi.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\CbsTemp\german porn hidden ash .mpeg.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\british nude lesbian .mpeg.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\malaysia handjob big high heels .avi.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\blowjob catfight beautyfull .mpeg.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\horse hot (!) hole .mpeg.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\french gay catfight (Ashley).mpeg.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\horse fucking [bangbus] ejaculation .zip.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\german gay several models mature (Sonja).mpg.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\russian hardcore animal sleeping vagina .rar.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\malaysia gang bang sperm public glans .zip.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\black animal beastiality hot (!) .rar.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\tyrkish bukkake sleeping .mpeg.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\InputMethod\SHARED\cum sleeping .rar.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\cumshot blowjob [milf] girly (Jenna).zip.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\brasilian cum nude public ash .zip.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\porn cumshot voyeur ash .mpg.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\italian animal hardcore hot (!) lady (Curtney,Sandy).mpeg.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\beastiality trambling full movie (Samantha,Jenna).rar.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\black fucking hardcore several models titts young (Liz).mpg.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\cum catfight fishy (Curtney,Melissa).mpeg.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\action handjob catfight (Liz).rar.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\german trambling sleeping Ôï .zip.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\tyrkish hardcore fetish [free] glans .avi.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\horse hardcore several models .mpg.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\norwegian horse hot (!) mature (Sylvia).avi.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\assembly\tmp\african hardcore catfight (Jade).avi.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\canadian cumshot cum several models legs (Karin).avi.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\black kicking girls YEâPSè& (Jenna).mpeg.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\french handjob hidden lady (Sonja).rar.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\malaysia kicking sleeping blondie .zip.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\indian beast [free] 50+ .mpeg.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\blowjob girls titts (Samantha).zip.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\lingerie xxx licking shower .rar.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\american cum porn girls ash swallow .rar.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\african animal animal hidden traffic .mpg.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\chinese animal kicking [bangbus] stockings .rar.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\assembly\temp\russian sperm big vagina black hairunshaved .avi.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\african xxx [free] granny .rar.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\gang bang action [bangbus] traffic (Jenna,Gina).mpg.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\beast several models .mpg.exe	7cd75ba54d4a223c79c9f540b5b6f260N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 62 IoCs

pid	Process
436	7cd75ba54d4a223c79c9f540b5b6f260N.exe
436	7cd75ba54d4a223c79c9f540b5b6f260N.exe
3892	7cd75ba54d4a223c79c9f540b5b6f260N.exe
3892	7cd75ba54d4a223c79c9f540b5b6f260N.exe
436	7cd75ba54d4a223c79c9f540b5b6f260N.exe
436	7cd75ba54d4a223c79c9f540b5b6f260N.exe
2236	7cd75ba54d4a223c79c9f540b5b6f260N.exe
2236	7cd75ba54d4a223c79c9f540b5b6f260N.exe
5004	7cd75ba54d4a223c79c9f540b5b6f260N.exe
5004	7cd75ba54d4a223c79c9f540b5b6f260N.exe
3892	7cd75ba54d4a223c79c9f540b5b6f260N.exe
3892	7cd75ba54d4a223c79c9f540b5b6f260N.exe
436	7cd75ba54d4a223c79c9f540b5b6f260N.exe
436	7cd75ba54d4a223c79c9f540b5b6f260N.exe
2216	7cd75ba54d4a223c79c9f540b5b6f260N.exe
2216	7cd75ba54d4a223c79c9f540b5b6f260N.exe
4036	7cd75ba54d4a223c79c9f540b5b6f260N.exe
4036	7cd75ba54d4a223c79c9f540b5b6f260N.exe
1456	7cd75ba54d4a223c79c9f540b5b6f260N.exe
1456	7cd75ba54d4a223c79c9f540b5b6f260N.exe
2236	7cd75ba54d4a223c79c9f540b5b6f260N.exe
2236	7cd75ba54d4a223c79c9f540b5b6f260N.exe
3892	7cd75ba54d4a223c79c9f540b5b6f260N.exe
3892	7cd75ba54d4a223c79c9f540b5b6f260N.exe
436	7cd75ba54d4a223c79c9f540b5b6f260N.exe
436	7cd75ba54d4a223c79c9f540b5b6f260N.exe
1864	7cd75ba54d4a223c79c9f540b5b6f260N.exe
1864	7cd75ba54d4a223c79c9f540b5b6f260N.exe
5004	7cd75ba54d4a223c79c9f540b5b6f260N.exe
5004	7cd75ba54d4a223c79c9f540b5b6f260N.exe
3004	7cd75ba54d4a223c79c9f540b5b6f260N.exe
3004	7cd75ba54d4a223c79c9f540b5b6f260N.exe
2216	7cd75ba54d4a223c79c9f540b5b6f260N.exe
2216	7cd75ba54d4a223c79c9f540b5b6f260N.exe
4708	7cd75ba54d4a223c79c9f540b5b6f260N.exe
4708	7cd75ba54d4a223c79c9f540b5b6f260N.exe
3668	7cd75ba54d4a223c79c9f540b5b6f260N.exe
3668	7cd75ba54d4a223c79c9f540b5b6f260N.exe
2236	7cd75ba54d4a223c79c9f540b5b6f260N.exe
2236	7cd75ba54d4a223c79c9f540b5b6f260N.exe
1516	7cd75ba54d4a223c79c9f540b5b6f260N.exe
1516	7cd75ba54d4a223c79c9f540b5b6f260N.exe
1576	7cd75ba54d4a223c79c9f540b5b6f260N.exe
1576	7cd75ba54d4a223c79c9f540b5b6f260N.exe
3892	7cd75ba54d4a223c79c9f540b5b6f260N.exe
3892	7cd75ba54d4a223c79c9f540b5b6f260N.exe
2540	7cd75ba54d4a223c79c9f540b5b6f260N.exe
436	7cd75ba54d4a223c79c9f540b5b6f260N.exe
436	7cd75ba54d4a223c79c9f540b5b6f260N.exe
2540	7cd75ba54d4a223c79c9f540b5b6f260N.exe
4036	7cd75ba54d4a223c79c9f540b5b6f260N.exe
4036	7cd75ba54d4a223c79c9f540b5b6f260N.exe
4312	7cd75ba54d4a223c79c9f540b5b6f260N.exe
4312	7cd75ba54d4a223c79c9f540b5b6f260N.exe
5004	7cd75ba54d4a223c79c9f540b5b6f260N.exe
5004	7cd75ba54d4a223c79c9f540b5b6f260N.exe
4296	7cd75ba54d4a223c79c9f540b5b6f260N.exe
4296	7cd75ba54d4a223c79c9f540b5b6f260N.exe
1456	7cd75ba54d4a223c79c9f540b5b6f260N.exe
1456	7cd75ba54d4a223c79c9f540b5b6f260N.exe
1864	7cd75ba54d4a223c79c9f540b5b6f260N.exe
1864	7cd75ba54d4a223c79c9f540b5b6f260N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 436 wrote to memory of 3892	436	7cd75ba54d4a223c79c9f540b5b6f260N.exe	86
PID 436 wrote to memory of 3892	436	7cd75ba54d4a223c79c9f540b5b6f260N.exe	86
PID 436 wrote to memory of 3892	436	7cd75ba54d4a223c79c9f540b5b6f260N.exe	86
PID 3892 wrote to memory of 2236	3892	7cd75ba54d4a223c79c9f540b5b6f260N.exe	87
PID 3892 wrote to memory of 2236	3892	7cd75ba54d4a223c79c9f540b5b6f260N.exe	87
PID 3892 wrote to memory of 2236	3892	7cd75ba54d4a223c79c9f540b5b6f260N.exe	87
PID 436 wrote to memory of 5004	436	7cd75ba54d4a223c79c9f540b5b6f260N.exe	88
PID 436 wrote to memory of 5004	436	7cd75ba54d4a223c79c9f540b5b6f260N.exe	88
PID 436 wrote to memory of 5004	436	7cd75ba54d4a223c79c9f540b5b6f260N.exe	88
PID 2236 wrote to memory of 2216	2236	7cd75ba54d4a223c79c9f540b5b6f260N.exe	89
PID 2236 wrote to memory of 2216	2236	7cd75ba54d4a223c79c9f540b5b6f260N.exe	89
PID 2236 wrote to memory of 2216	2236	7cd75ba54d4a223c79c9f540b5b6f260N.exe	89
PID 3892 wrote to memory of 4036	3892	7cd75ba54d4a223c79c9f540b5b6f260N.exe	90
PID 3892 wrote to memory of 4036	3892	7cd75ba54d4a223c79c9f540b5b6f260N.exe	90
PID 3892 wrote to memory of 4036	3892	7cd75ba54d4a223c79c9f540b5b6f260N.exe	90
PID 436 wrote to memory of 1456	436	7cd75ba54d4a223c79c9f540b5b6f260N.exe	91
PID 436 wrote to memory of 1456	436	7cd75ba54d4a223c79c9f540b5b6f260N.exe	91
PID 436 wrote to memory of 1456	436	7cd75ba54d4a223c79c9f540b5b6f260N.exe	91
PID 5004 wrote to memory of 1864	5004	7cd75ba54d4a223c79c9f540b5b6f260N.exe	92
PID 5004 wrote to memory of 1864	5004	7cd75ba54d4a223c79c9f540b5b6f260N.exe	92
PID 5004 wrote to memory of 1864	5004	7cd75ba54d4a223c79c9f540b5b6f260N.exe	92
PID 2216 wrote to memory of 3004	2216	7cd75ba54d4a223c79c9f540b5b6f260N.exe	93
PID 2216 wrote to memory of 3004	2216	7cd75ba54d4a223c79c9f540b5b6f260N.exe	93
PID 2216 wrote to memory of 3004	2216	7cd75ba54d4a223c79c9f540b5b6f260N.exe	93
PID 2236 wrote to memory of 4708	2236	7cd75ba54d4a223c79c9f540b5b6f260N.exe	94
PID 2236 wrote to memory of 4708	2236	7cd75ba54d4a223c79c9f540b5b6f260N.exe	94
PID 2236 wrote to memory of 4708	2236	7cd75ba54d4a223c79c9f540b5b6f260N.exe	94
PID 3892 wrote to memory of 3668	3892	7cd75ba54d4a223c79c9f540b5b6f260N.exe	95
PID 3892 wrote to memory of 3668	3892	7cd75ba54d4a223c79c9f540b5b6f260N.exe	95
PID 3892 wrote to memory of 3668	3892	7cd75ba54d4a223c79c9f540b5b6f260N.exe	95
PID 436 wrote to memory of 1516	436	7cd75ba54d4a223c79c9f540b5b6f260N.exe	96
PID 436 wrote to memory of 1516	436	7cd75ba54d4a223c79c9f540b5b6f260N.exe	96
PID 436 wrote to memory of 1516	436	7cd75ba54d4a223c79c9f540b5b6f260N.exe	96
PID 4036 wrote to memory of 1576	4036	7cd75ba54d4a223c79c9f540b5b6f260N.exe	97
PID 4036 wrote to memory of 1576	4036	7cd75ba54d4a223c79c9f540b5b6f260N.exe	97
PID 4036 wrote to memory of 1576	4036	7cd75ba54d4a223c79c9f540b5b6f260N.exe	97
PID 5004 wrote to memory of 2540	5004	7cd75ba54d4a223c79c9f540b5b6f260N.exe	98
PID 5004 wrote to memory of 2540	5004	7cd75ba54d4a223c79c9f540b5b6f260N.exe	98
PID 5004 wrote to memory of 2540	5004	7cd75ba54d4a223c79c9f540b5b6f260N.exe	98
PID 1456 wrote to memory of 4312	1456	7cd75ba54d4a223c79c9f540b5b6f260N.exe	99
PID 1456 wrote to memory of 4312	1456	7cd75ba54d4a223c79c9f540b5b6f260N.exe	99
PID 1456 wrote to memory of 4312	1456	7cd75ba54d4a223c79c9f540b5b6f260N.exe	99
PID 1864 wrote to memory of 4296	1864	7cd75ba54d4a223c79c9f540b5b6f260N.exe	100
PID 1864 wrote to memory of 4296	1864	7cd75ba54d4a223c79c9f540b5b6f260N.exe	100
PID 1864 wrote to memory of 4296	1864	7cd75ba54d4a223c79c9f540b5b6f260N.exe	100
PID 2216 wrote to memory of 3648	2216	7cd75ba54d4a223c79c9f540b5b6f260N.exe	101
PID 2216 wrote to memory of 3648	2216	7cd75ba54d4a223c79c9f540b5b6f260N.exe	101
PID 2216 wrote to memory of 3648	2216	7cd75ba54d4a223c79c9f540b5b6f260N.exe	101
PID 2236 wrote to memory of 4676	2236	7cd75ba54d4a223c79c9f540b5b6f260N.exe	102
PID 2236 wrote to memory of 4676	2236	7cd75ba54d4a223c79c9f540b5b6f260N.exe	102
PID 2236 wrote to memory of 4676	2236	7cd75ba54d4a223c79c9f540b5b6f260N.exe	102
PID 3892 wrote to memory of 2140	3892	7cd75ba54d4a223c79c9f540b5b6f260N.exe	103
PID 3892 wrote to memory of 2140	3892	7cd75ba54d4a223c79c9f540b5b6f260N.exe	103
PID 3892 wrote to memory of 2140	3892	7cd75ba54d4a223c79c9f540b5b6f260N.exe	103
PID 3004 wrote to memory of 2576	3004	7cd75ba54d4a223c79c9f540b5b6f260N.exe	106
PID 3004 wrote to memory of 2576	3004	7cd75ba54d4a223c79c9f540b5b6f260N.exe	106
PID 3004 wrote to memory of 2576	3004	7cd75ba54d4a223c79c9f540b5b6f260N.exe	106
PID 436 wrote to memory of 1712	436	7cd75ba54d4a223c79c9f540b5b6f260N.exe	104
PID 436 wrote to memory of 1712	436	7cd75ba54d4a223c79c9f540b5b6f260N.exe	104
PID 436 wrote to memory of 1712	436	7cd75ba54d4a223c79c9f540b5b6f260N.exe	104
PID 4036 wrote to memory of 3276	4036	7cd75ba54d4a223c79c9f540b5b6f260N.exe	105
PID 4036 wrote to memory of 3276	4036	7cd75ba54d4a223c79c9f540b5b6f260N.exe	105
PID 4036 wrote to memory of 3276	4036	7cd75ba54d4a223c79c9f540b5b6f260N.exe	105
PID 4708 wrote to memory of 3868	4708	7cd75ba54d4a223c79c9f540b5b6f260N.exe	107

C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
"C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:436
- C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
  "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3892
- - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
    "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2236
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2216
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of WriteProcessMemory
        
        PID:3004
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:5628
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        8⤵
        
        PID:9428
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        9⤵
        
        PID:22284
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        8⤵
        
        PID:13068
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        8⤵
        
        PID:19852
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:7084
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        8⤵
        
        PID:15096
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        8⤵
        
        PID:21496
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:10160
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        8⤵
        
        PID:22860
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:13848
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:20268
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:8488
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        8⤵
        
        PID:19876
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:12216
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:17356
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:6956
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:15112
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:21252
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:9824
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:468
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:13516
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:20260
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:3648
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:9332
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        8⤵
        
        PID:22300
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:13076
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:17280
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:7360
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:15944
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:7148
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:10508
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:22636
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:14644
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:21176
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:1732
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:19608
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:12104
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:17116
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:7028
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:16076
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:9104
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:10020
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:22780
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:14044
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:20848
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:4708
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:3868
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:5480
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:7916
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        8⤵
        
        PID:16360
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        8⤵
        
        PID:9656
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:10776
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        8⤵
        
        PID:9108
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:15860
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:6660
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:6980
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:15216
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:21272
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:9864
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:1680
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:13524
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:20244
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:3636
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:16344
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:9488
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:10488
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:4024
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:14328
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:20832
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:6576
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:12252
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:17388
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:8880
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:4860
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:12604
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:17888
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:4676
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:5568
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:8600
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:20228
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:12492
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:17632
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:7004
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:15968
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:9408
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:10036
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:4836
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:13864
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:20700
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:3068
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:956
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:22340
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:12988
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:19084
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:7596
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:15896
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:7128
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:10356
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:22796
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:14004
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:20628
- - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
    "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4036
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:1576
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:904
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:5540
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:8628
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        8⤵
        
        PID:20364
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:12464
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:17576
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:6988
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:15696
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:21568
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:9840
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:22788
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:13648
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:20520
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:1708
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:6476
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:12224
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:17364
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:8956
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:22128
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:12824
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:18712
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:6288
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:11836
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:16752
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:8620
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:20160
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:12508
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:17720
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:3276
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:5908
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:9228
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:22268
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:12940
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:18936
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:7352
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:15880
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:6784
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:10476
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:7416
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:14284
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:20840
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:1468
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:9420
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:22232
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:13144
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:19540
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:6972
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:15156
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:1600
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:9872
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:22552
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:13992
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:20688
- - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
    "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:3668
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:3444
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:5672
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:9480
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:22324
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:13172
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:19596
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:7368
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:15888
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:7192
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:10372
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:21884
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:14180
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:20664
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:1944
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:6648
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:12704
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:18168
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:9340
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:22248
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:13212
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:19632
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:6392
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:12444
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:17728
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:8752
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:19980
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:12500
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:17736
- - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
    "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
    3⤵
    PID:2140
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:5560
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:9396
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:22292
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:13040
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:19508
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:7092
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:15596
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:2988
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:9816
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:22332
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:13436
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:20220
- - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
    "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
    3⤵
    PID:4796
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:8320
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:18916
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:11972
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:16804
- - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
    "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
    3⤵
    PID:6624
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:15272
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:21264
- - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
    "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
    3⤵
    PID:9492
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:22240
- - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
    "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
    3⤵
    PID:13180
- - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
    "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
    3⤵
    PID:19616
- C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
  "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:5004
- - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
    "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1864
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4296
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:4048
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:5696
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:9520
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        8⤵
        
        PID:22276
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:13188
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:19576
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:15688
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:2120
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:10276
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:20052
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:13924
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:20680
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:4856
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:11588
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:16708
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:8008
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:16352
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:9660
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:10908
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:8072
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:16564
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:24556
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:6140
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:11732
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:16696
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:15708
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:8312
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:18808
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:11852
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:16768
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:3712
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:5368
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:7908
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:16292
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:9584
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:10584
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:22536
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:14652
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:21196
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:6604
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:12276
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:3940
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:8944
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:22136
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:12832
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:18532
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:1380
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:6456
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:12452
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:17524
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:8896
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:21904
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:12712
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:18092
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:6308
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:11988
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:17072
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:8500
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:19892
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:12240
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:17380
- - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
    "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:2540
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:1604
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:5408
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:8380
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:19300
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:12012
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:17044
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:6900
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:15020
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:21204
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:9808
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:22316
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:13348
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:20252
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:3168
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:6188
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:12004
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:17052
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:7932
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:16572
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:14356
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:11096
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:16596
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:14812
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:6032
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:11804
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:16744
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:7860
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:16052
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:9288
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:10784
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:9200
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:15872
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:6788
- - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
    "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
    3⤵
    PID:2308
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:5552
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:8448
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:19988
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:12184
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:17124
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:6996
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:15292
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:21384
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:9832
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:22652
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:13452
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:20024
- - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
    "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
    3⤵
    PID:4396
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:8204
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:18944
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:11716
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:16736
- - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
    "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
    3⤵
    PID:6568
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:12564
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:17864
- - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
    "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
    3⤵
    PID:9264
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:22120
- - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
    "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
    3⤵
    PID:12996
- - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
    "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
    3⤵
    PID:19224
- C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
  "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1456
- - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
    "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4312
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:1108
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:5584
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        7⤵
        
        PID:19016
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:11880
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:16976
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:7012
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:16068
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:9088
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:9976
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:3964
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:13840
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:20556
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:3980
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:6076
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:11696
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:16728
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:7900
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:16332
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:9536
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:10620
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:22644
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:14736
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:21136
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:6024
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:11844
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:16760
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:7836
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:16060
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:9016
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:10576
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:22560
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:14692
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:21188
- - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
    "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
    3⤵
    PID:912
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:5376
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:8560
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:20032
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:12472
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:17552
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:6612
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:13156
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:19624
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:9324
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:22256
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:13028
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:19588
- - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
    "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
    3⤵
    PID:5072
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:6948
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:15148
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:2512
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:9852
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:22628
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:14156
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:20672
- - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
    "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
    3⤵
    PID:6484
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:12232
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:17348
- - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
    "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
    3⤵
    PID:8868
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:20236
- - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
    "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
    3⤵
    PID:12584
- - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
    "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
    3⤵
    PID:17856
- C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
  "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:1516
- - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
    "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
    3⤵
    PID:2844
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:5620
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:9148
      - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        6⤵
        
        PID:21896
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:12924
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:18664
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:7020
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:16044
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:9096
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:10044
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:22620
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:13880
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:20548
- - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
    "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
    3⤵
    PID:4476
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:6380
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:11980
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:17108
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:8440
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:19356
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:12128
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:1176
- - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
    "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
    3⤵
    PID:6240
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:11996
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:17060
- - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
    "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
    3⤵
    PID:7924
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:16420
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:23556
- - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
    "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
    3⤵
    PID:10808
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:7384
- - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
    "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
    3⤵
    PID:16552
- - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
    "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
    3⤵
    PID:24232
- C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
  "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
  2⤵
  PID:1712
- - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
    "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
    3⤵
    PID:5576
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:9500
    - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
        5⤵
        
        PID:22308
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:13204
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:19668
- - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
    "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
    3⤵
    PID:7040
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:15104
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:21560
- - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
    "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
    3⤵
    PID:9968
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:4752
- - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
    "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
    3⤵
    PID:13780
- - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
    "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
    3⤵
    PID:20528
- C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
  "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
  2⤵
  PID:836
- - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
    "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
    3⤵
    PID:8340
  - - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
      "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
      4⤵
      PID:19868
- - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
    "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
    3⤵
    PID:12036
- - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
    "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
    3⤵
    PID:17080
- C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
  "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
  2⤵
  PID:6964
- - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
    "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
    3⤵
    PID:15140
- - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
    "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
    3⤵
    PID:19048
- C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
  "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
  2⤵
  PID:10052
- - C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
    "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
    3⤵
    PID:22544
- C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
  "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
  2⤵
  PID:13856
- C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe
  "C:\Users\Admin\AppData\Local\Temp\7cd75ba54d4a223c79c9f540b5b6f260N.exe"
  2⤵
  PID:20540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\japanese handjob several models .mpg.exe

Filesize
106KB

MD5
ac4caeeeca269d6b4545af44388b396b

SHA1
b232c88587331dec282f8713fce84fdab1dbcd81

SHA256
fd6fce1129fd8f049147e793fe742bcf40965835b582f448c0bf340f86dc6fb5

SHA512
b25ad20ef14e5bde855a6caa37142624ced1804ed7599d0fa1addd5c2c1a24af9f241ac696ae7189eeb28df5ed846670f6479b87d6e74a0e2773383b44345116

Download Submit