c9a3a770addd6d88b4ad41c86349d017f26c91fe63cfebfa762b4eee441425fe

Analysis

max time kernel
11s
max time network
5s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
16-07-2024 02:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5565a9804472204e104e617fe23de090N.exe
Size

688KB
MD5

5565a9804472204e104e617fe23de090
SHA1

23fa9e8f6ecfcfb4645c27a8ba6e15ef0cde458f
SHA256

c9a3a770addd6d88b4ad41c86349d017f26c91fe63cfebfa762b4eee441425fe
SHA512

adea8149879295f9343af62547b78b978989ec25b9b1c6c721614130d0daadaf2ad16a7c908eb42edc1e4d4c0e5c100478f8ce662ff0682e5a1cb5e20a667e12
SSDEEP

12288:bPKL8qwQVNxKZZxee89RF2GbxMVs+Xud5lBMxIVIuQnKM0wI/2fAOunX5Q:bSLucNxQZAePGbxMV4d5HWpux33/eopQ

Score

7^/10

persistence spyware stealer upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 8 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	5565a9804472204e104e617fe23de090N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	5565a9804472204e104e617fe23de090N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	5565a9804472204e104e617fe23de090N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	5565a9804472204e104e617fe23de090N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	5565a9804472204e104e617fe23de090N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	5565a9804472204e104e617fe23de090N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	5565a9804472204e104e617fe23de090N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	5565a9804472204e104e617fe23de090N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/3652-0-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/files/0x00080000000234aa-5.dat	upx
behavioral2/memory/1408-15-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1044-194-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1524-195-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2012-215-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4048-216-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4544-217-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3152-218-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1328-230-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3652-237-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1484-239-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4196-238-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4368-241-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1408-240-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1044-242-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1524-243-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2012-244-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2996-249-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4544-248-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3408-247-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4048-246-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3152-250-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4480-252-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1832-253-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1328-251-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4196-254-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3604-259-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4832-258-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/956-257-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/660-256-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1484-255-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4796-260-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/468-262-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/972-261-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2092-263-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2908-265-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4480-268-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3212-267-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2996-266-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/956-269-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3604-271-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/4832-270-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2448-272-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5256-279-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/3692-280-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/2908-278-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5220-276-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5480-282-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1764-283-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5652-285-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/1080-284-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5468-281-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5240-275-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/468-274-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5748-286-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5892-291-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/6028-295-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/6004-294-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5904-293-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5256-292-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5828-290-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5220-289-0x0000000000400000-0x000000000041D000-memory.dmp	upx
behavioral2/memory/5240-288-0x0000000000400000-0x000000000041D000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	5565a9804472204e104e617fe23de090N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\G:	5565a9804472204e104e617fe23de090N.exe
File opened (read-only)	\??\H:	5565a9804472204e104e617fe23de090N.exe
File opened (read-only)	\??\I:	5565a9804472204e104e617fe23de090N.exe
File opened (read-only)	\??\J:	5565a9804472204e104e617fe23de090N.exe
File opened (read-only)	\??\T:	5565a9804472204e104e617fe23de090N.exe
File opened (read-only)	\??\Y:	5565a9804472204e104e617fe23de090N.exe
File opened (read-only)	\??\A:	5565a9804472204e104e617fe23de090N.exe
File opened (read-only)	\??\O:	5565a9804472204e104e617fe23de090N.exe
File opened (read-only)	\??\S:	5565a9804472204e104e617fe23de090N.exe
File opened (read-only)	\??\Z:	5565a9804472204e104e617fe23de090N.exe
File opened (read-only)	\??\L:	5565a9804472204e104e617fe23de090N.exe
File opened (read-only)	\??\M:	5565a9804472204e104e617fe23de090N.exe
File opened (read-only)	\??\N:	5565a9804472204e104e617fe23de090N.exe
File opened (read-only)	\??\Q:	5565a9804472204e104e617fe23de090N.exe
File opened (read-only)	\??\R:	5565a9804472204e104e617fe23de090N.exe
File opened (read-only)	\??\U:	5565a9804472204e104e617fe23de090N.exe
File opened (read-only)	\??\X:	5565a9804472204e104e617fe23de090N.exe
File opened (read-only)	\??\B:	5565a9804472204e104e617fe23de090N.exe
File opened (read-only)	\??\E:	5565a9804472204e104e617fe23de090N.exe
File opened (read-only)	\??\K:	5565a9804472204e104e617fe23de090N.exe
File opened (read-only)	\??\P:	5565a9804472204e104e617fe23de090N.exe
File opened (read-only)	\??\V:	5565a9804472204e104e617fe23de090N.exe
File opened (read-only)	\??\W:	5565a9804472204e104e617fe23de090N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\Temp\lesbian sleeping gorgeoushorny .zip.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\SysWOW64\FxsTmp\hardcore uncut boots .mpg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\sperm [milf] feet 40+ (Karin).mpg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\gay uncut blondie .avi.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\horse sleeping glans fishy .avi.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\indian action sperm several models cock black hairunshaved (Jade).rar.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\brasilian gang bang bukkake girls circumcision (Kathrin,Liz).rar.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\italian nude lingerie [milf] gorgeoushorny .rar.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\american animal horse lesbian .rar.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\black animal lingerie [free] hole blondie .mpg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\SysWOW64\FxsTmp\swedish porn trambling catfight (Samantha).mpeg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\japanese horse sperm lesbian bedroom .zip.exe	5565a9804472204e104e617fe23de090N.exe

Drops file in Program Files directory 17 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\cum gay [milf] titts .mpg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Program Files (x86)\Google\Temp\hardcore several models Ôï .mpg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\black beastiality hardcore sleeping .rar.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\swedish beastiality bukkake full movie pregnant .rar.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Program Files (x86)\Google\Update\Download\horse hidden hole penetration (Samantha).mpeg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\hardcore hot (!) feet .zip.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\italian cum fucking full movie glans wifey (Karin).avi.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\canadian lingerie girls fishy .zip.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\fucking public .mpeg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\xxx [bangbus] sweet (Sonja,Curtney).zip.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\lesbian full movie cock shoes .zip.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Program Files\Common Files\microsoft shared\danish beastiality horse [free] titts redhair (Samantha).zip.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\american nude hardcore lesbian \Û (Anniston,Liz).rar.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\norwegian bukkake hot (!) cock .zip.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\fucking hidden feet ,Ó .mpg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Program Files\dotnet\shared\lesbian masturbation beautyfull .zip.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Program Files\Microsoft Office\root\Templates\lesbian [free] (Sylvia).rar.exe	5565a9804472204e104e617fe23de090N.exe

Drops file in Windows directory 49 IoCs

description	ioc	Process
File created	C:\Windows\security\templates\xxx hot (!) (Melissa).rar.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\danish fetish horse several models Ôï .rar.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\handjob gay hot (!) feet .rar.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\lingerie [free] (Sarah).zip.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\Downloaded Program Files\fucking hot (!) titts ìó .avi.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\fucking hidden gorgeoushorny (Ashley,Janette).mpg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\danish animal bukkake catfight hole .mpeg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\horse girls bondage .rar.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\russian kicking trambling lesbian .mpeg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\russian cumshot lesbian catfight hotel .zip.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\trambling uncut (Liz).rar.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\japanese horse sperm licking black hairunshaved .mpg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\british beast hidden .avi.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\blowjob full movie glans .mpg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\black gang bang horse [free] hole castration (Curtney).zip.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\assembly\tmp\italian beastiality beast girls stockings .avi.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\InputMethod\SHARED\norwegian beast girls .mpg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\SoftwareDistribution\Download\bukkake voyeur wifey .rar.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\hardcore voyeur (Samantha).mpeg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\fucking [milf] gorgeoushorny .zip.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\CbsTemp\russian gang bang bukkake public .rar.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\gang bang lesbian [milf] titts .mpeg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\norwegian fucking [bangbus] fishy .mpg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\bukkake uncut young (Britney,Curtney).zip.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\trambling hot (!) (Sarah).rar.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\american cumshot horse masturbation (Jade).avi.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\assembly\temp\brasilian beastiality lingerie big latex .mpg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\horse several models stockings .mpeg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\brasilian animal lesbian public glans .avi.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\beast [milf] glans sm (Jade).mpg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\danish handjob trambling big cock (Britney,Karin).zip.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\danish handjob beast uncut glans mistress .zip.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\animal trambling lesbian feet beautyfull (Samantha).zip.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\mssrv.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\gay hidden ¼ë .mpg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\indian nude horse lesbian glans .mpg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\brasilian horse bukkake full movie cock .avi.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\danish beastiality xxx lesbian .avi.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\russian nude fucking several models hole swallow .mpeg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\indian fetish sperm [milf] (Karin).mpg.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\fucking [milf] YEâPSè& .zip.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\blowjob [milf] YEâPSè& .avi.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\PLA\Templates\fucking hot (!) .zip.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\hardcore lesbian hole wifey (Melissa).zip.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\indian cum fucking hidden sweet .zip.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\american fetish bukkake full movie cock stockings .zip.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\british gay hidden hole traffic .zip.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\asian horse hot (!) cock girly (Tatjana).avi.exe	5565a9804472204e104e617fe23de090N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\spanish lingerie hot (!) fishy .zip.exe	5565a9804472204e104e617fe23de090N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 36 IoCs

pid	Process
3652	5565a9804472204e104e617fe23de090N.exe
3652	5565a9804472204e104e617fe23de090N.exe
1408	5565a9804472204e104e617fe23de090N.exe
1408	5565a9804472204e104e617fe23de090N.exe
3652	5565a9804472204e104e617fe23de090N.exe
3652	5565a9804472204e104e617fe23de090N.exe
1044	5565a9804472204e104e617fe23de090N.exe
1044	5565a9804472204e104e617fe23de090N.exe
1524	5565a9804472204e104e617fe23de090N.exe
1524	5565a9804472204e104e617fe23de090N.exe
1408	5565a9804472204e104e617fe23de090N.exe
1408	5565a9804472204e104e617fe23de090N.exe
3652	5565a9804472204e104e617fe23de090N.exe
3652	5565a9804472204e104e617fe23de090N.exe
2012	5565a9804472204e104e617fe23de090N.exe
2012	5565a9804472204e104e617fe23de090N.exe
1408	5565a9804472204e104e617fe23de090N.exe
4048	5565a9804472204e104e617fe23de090N.exe
4048	5565a9804472204e104e617fe23de090N.exe
1408	5565a9804472204e104e617fe23de090N.exe
4544	5565a9804472204e104e617fe23de090N.exe
4544	5565a9804472204e104e617fe23de090N.exe
3652	5565a9804472204e104e617fe23de090N.exe
3652	5565a9804472204e104e617fe23de090N.exe
1044	5565a9804472204e104e617fe23de090N.exe
1044	5565a9804472204e104e617fe23de090N.exe
3152	5565a9804472204e104e617fe23de090N.exe
3152	5565a9804472204e104e617fe23de090N.exe
1524	5565a9804472204e104e617fe23de090N.exe
1524	5565a9804472204e104e617fe23de090N.exe
1328	5565a9804472204e104e617fe23de090N.exe
1328	5565a9804472204e104e617fe23de090N.exe
1628	5565a9804472204e104e617fe23de090N.exe
1628	5565a9804472204e104e617fe23de090N.exe
1408	5565a9804472204e104e617fe23de090N.exe
1408	5565a9804472204e104e617fe23de090N.exe

Suspicious use of WriteProcessMemory 45 IoCs

description	pid	Process	procid_target
PID 3652 wrote to memory of 1408	3652	5565a9804472204e104e617fe23de090N.exe	86
PID 3652 wrote to memory of 1408	3652	5565a9804472204e104e617fe23de090N.exe	86
PID 3652 wrote to memory of 1408	3652	5565a9804472204e104e617fe23de090N.exe	86
PID 1408 wrote to memory of 1044	1408	5565a9804472204e104e617fe23de090N.exe	87
PID 1408 wrote to memory of 1044	1408	5565a9804472204e104e617fe23de090N.exe	87
PID 1408 wrote to memory of 1044	1408	5565a9804472204e104e617fe23de090N.exe	87
PID 3652 wrote to memory of 1524	3652	5565a9804472204e104e617fe23de090N.exe	88
PID 3652 wrote to memory of 1524	3652	5565a9804472204e104e617fe23de090N.exe	88
PID 3652 wrote to memory of 1524	3652	5565a9804472204e104e617fe23de090N.exe	88
PID 1408 wrote to memory of 2012	1408	5565a9804472204e104e617fe23de090N.exe	89
PID 1408 wrote to memory of 2012	1408	5565a9804472204e104e617fe23de090N.exe	89
PID 1408 wrote to memory of 2012	1408	5565a9804472204e104e617fe23de090N.exe	89
PID 3652 wrote to memory of 4048	3652	5565a9804472204e104e617fe23de090N.exe	90
PID 3652 wrote to memory of 4048	3652	5565a9804472204e104e617fe23de090N.exe	90
PID 3652 wrote to memory of 4048	3652	5565a9804472204e104e617fe23de090N.exe	90
PID 1044 wrote to memory of 4544	1044	5565a9804472204e104e617fe23de090N.exe	91
PID 1044 wrote to memory of 4544	1044	5565a9804472204e104e617fe23de090N.exe	91
PID 1044 wrote to memory of 4544	1044	5565a9804472204e104e617fe23de090N.exe	91
PID 1524 wrote to memory of 3152	1524	5565a9804472204e104e617fe23de090N.exe	92
PID 1524 wrote to memory of 3152	1524	5565a9804472204e104e617fe23de090N.exe	92
PID 1524 wrote to memory of 3152	1524	5565a9804472204e104e617fe23de090N.exe	92
PID 1408 wrote to memory of 1328	1408	5565a9804472204e104e617fe23de090N.exe	93
PID 1408 wrote to memory of 1328	1408	5565a9804472204e104e617fe23de090N.exe	93
PID 1408 wrote to memory of 1328	1408	5565a9804472204e104e617fe23de090N.exe	93
PID 2012 wrote to memory of 1628	2012	5565a9804472204e104e617fe23de090N.exe	94
PID 2012 wrote to memory of 1628	2012	5565a9804472204e104e617fe23de090N.exe	94
PID 2012 wrote to memory of 1628	2012	5565a9804472204e104e617fe23de090N.exe	94
PID 3652 wrote to memory of 4196	3652	5565a9804472204e104e617fe23de090N.exe	95
PID 3652 wrote to memory of 4196	3652	5565a9804472204e104e617fe23de090N.exe	95
PID 3652 wrote to memory of 4196	3652	5565a9804472204e104e617fe23de090N.exe	95
PID 1044 wrote to memory of 1484	1044	5565a9804472204e104e617fe23de090N.exe	96
PID 1044 wrote to memory of 1484	1044	5565a9804472204e104e617fe23de090N.exe	96
PID 1044 wrote to memory of 1484	1044	5565a9804472204e104e617fe23de090N.exe	96
PID 1524 wrote to memory of 4368	1524	5565a9804472204e104e617fe23de090N.exe	97
PID 1524 wrote to memory of 4368	1524	5565a9804472204e104e617fe23de090N.exe	97
PID 1524 wrote to memory of 4368	1524	5565a9804472204e104e617fe23de090N.exe	97
PID 4048 wrote to memory of 4752	4048	5565a9804472204e104e617fe23de090N.exe	98
PID 4048 wrote to memory of 4752	4048	5565a9804472204e104e617fe23de090N.exe	98
PID 4048 wrote to memory of 4752	4048	5565a9804472204e104e617fe23de090N.exe	98
PID 4544 wrote to memory of 4528	4544	5565a9804472204e104e617fe23de090N.exe	99
PID 4544 wrote to memory of 4528	4544	5565a9804472204e104e617fe23de090N.exe	99
PID 4544 wrote to memory of 4528	4544	5565a9804472204e104e617fe23de090N.exe	99
PID 3152 wrote to memory of 1108	3152	5565a9804472204e104e617fe23de090N.exe	100
PID 3152 wrote to memory of 1108	3152	5565a9804472204e104e617fe23de090N.exe	100
PID 3152 wrote to memory of 1108	3152	5565a9804472204e104e617fe23de090N.exe	100

C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
"C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3652
- C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
  "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1408
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1044
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:4544
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:4528
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:468
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:5968
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:10412
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        9⤵
        
        PID:22200
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:14444
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:7176
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:7776
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:11036
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:15796
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:21752
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:8988
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:9264
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:13108
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:19156
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:6912
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:12764
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:18148
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:9292
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:5792
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:13208
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:18540
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:3604
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:6020
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:11752
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:16544
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:7808
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:16612
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:10848
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:22308
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:15420
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:21760
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:5256
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:8436
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:17084
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:11564
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:16424
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:6724
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:12660
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:18156
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:9120
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:20348
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:12932
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:18068
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:1484
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:4832
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:6036
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:11496
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:15892
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:16064
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:10856
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:22280
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:15596
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:21736
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:8372
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:17044
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:11504
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:16312
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:6780
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:13360
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:19476
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:9024
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:19448
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:12348
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:17796
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:4480
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:5636
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:10088
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:22072
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:14344
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:6260
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:7064
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:14648
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:7872
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:9532
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:20540
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:13280
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:2300
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:4760
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:7196
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:14548
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:12816
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:10000
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:20856
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:13952
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:20360
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:5336
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:11780
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:16852
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:8056
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:16368
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:11112
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:15968
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:22092
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2012
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1628
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:1832
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:5748
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:9568
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:1388
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:15560
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:21676
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:9984
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:22240
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:13700
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:20040
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:1080
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:8040
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:1648
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:11104
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:15860
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:22056
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:6324
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:12368
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:17880
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:8568
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:18228
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:11948
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:16892
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:2712
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:5128
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:8552
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:17052
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:11932
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:16880
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:6396
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:12388
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:17904
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:8720
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:2744
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:12264
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:17444
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:3692
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:6848
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:13164
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:19300
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:8532
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:20164
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:12900
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:18340
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:5948
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:10112
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:20708
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:14232
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:1040
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:7336
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:15788
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:21996
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:10096
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:22132
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:14092
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:208
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1328
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:2996
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:1188
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:7048
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:14492
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:7856
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:9552
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:20688
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:13304
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:18664
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:6156
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:11404
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:16348
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:3856
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:4500
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:11260
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:16172
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:22812
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:3212
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:7348
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:14556
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:13024
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:10068
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:20836
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:13876
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:20412
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:6028
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:12236
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:17432
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:7792
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:14788
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:10648
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:22232
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:15244
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:20724
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:3408
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:4492
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:6856
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:13172
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:19292
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:8916
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:1640
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:13180
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:19308
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:6064
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:10452
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:22148
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:14452
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:7124
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:7816
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:16668
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:10808
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:15636
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:22048
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:2908
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:6592
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:12632
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:18052
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:8860
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:18560
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:2220
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:17688
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:5960
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:10060
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:22184
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:13868
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:20368
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:7596
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:460
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:10716
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:22288
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:15252
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:21144
- C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
  "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1524
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3152
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:1108
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:2092
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:6004
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:10080
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        8⤵
        
        PID:22124
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:13944
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:20404
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:16028
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:22100
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:10700
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:15984
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:14524
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:21252
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:5480
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:9056
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:19460
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:12624
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:18112
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:6924
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:13084
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:18748
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:8996
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:5728
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:13100
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:19276
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:1696
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:5808
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:9804
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:9400
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:13556
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:19728
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:7356
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:15712
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:21908
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:9692
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:21052
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:13384
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:6352
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:5196
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:8396
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:16900
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:11708
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:16512
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:6488
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:12500
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:18244
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:8852
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:17896
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:3504
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:17872
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:4368
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:2448
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:5904
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:10124
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:22064
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:14104
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:20108
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:7412
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:15472
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:13680
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:10404
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:22208
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:13400
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:6380
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:5240
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:8908
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:9008
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:13076
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:19164
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:6716
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:12780
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:18236
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:9016
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:2468
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:12356
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:17888
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:660
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:5816
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:9876
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:9308
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:13572
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:19844
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:7272
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:15000
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:20700
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:9944
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:10488
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:13608
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:19972
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:2344
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:8456
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:17092
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:11684
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:16568
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:6312
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:12492
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:18128
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:8516
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:17696
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:11760
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:16736
- C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
  "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4048
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:4752
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:972
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:5892
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:10104
        
        C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        7⤵
        
        PID:22140
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:14140
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:4876
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:7400
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:15568
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:21744
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:10572
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:22268
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:14832
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:8944
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:5428
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:8668
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:9468
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:13068
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:18756
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:6868
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:12772
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:412
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:8980
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:8772
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:13092
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:18848
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:956
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:5828
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:10052
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:20716
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:14356
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:20116
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:7380
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:16560
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:10396
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:22224
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:14484
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:7712
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:1396
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:4352
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:17704
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:10248
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:16072
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:22252
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:6340
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:12532
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:18120
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:8676
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:17676
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:12252
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:17424
- C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
  "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
  2⤵
  PID:4196
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:4796
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:6072
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:10204
      - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        6⤵
        
        PID:22216
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:14020
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:6428
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:7784
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:15628
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:10816
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:22300
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:15604
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:21768
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:5264
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:8544
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:17712
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:12076
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:17156
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:6732
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:12616
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:18140
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:8008
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:5716
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:12940
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:17848
- C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
  "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
  2⤵
  PID:2100
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:5652
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:8820
    - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
        5⤵
        
        PID:5860
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:13060
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:18948
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:7116
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:14724
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:8640
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:9668
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:22192
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:13332
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:19604
- C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
  "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
  2⤵
  PID:1764
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:7564
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:15948
  - - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
      "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
      4⤵
      PID:22108
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:10620
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:14928
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:9360
- C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
  "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
  2⤵
  PID:5344
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:11768
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:16860
- C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
  "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
  2⤵
  PID:8096
- - C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
    "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
    3⤵
    PID:16696
- C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
  "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
  2⤵
  PID:11140
- C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
  "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
  2⤵
  PID:15932
- C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe
  "C:\Users\Admin\AppData\Local\Temp\5565a9804472204e104e617fe23de090N.exe"
  2⤵
  PID:22116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\italian cum fucking full movie glans wifey (Karin).avi.exe

Filesize
885KB

MD5
753a23858c462fbad27670837ed3de31

SHA1
bd62ea6164fa7b96ffbf801c8223bfed638197bb

SHA256
f1a0d636ac7425a274626625cf2f4abea1f4a8cd9944f6a65a35eb35f04b562b

SHA512
33965e250b0d40a5825be44036223572498e676f598ba2ab6a81a83013e04477c17f3ecfaa45562cf17a7d35e00ec9a85277bb5bd3ebc87e815ace7cd6c5ba01

Download Submit
memory/468-262-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/468-274-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/660-256-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/956-269-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/956-257-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/972-261-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1044-194-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1044-242-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1080-284-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1328-251-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1328-230-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1408-240-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1408-15-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1484-255-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1484-239-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1524-243-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1524-195-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1764-283-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1832-253-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2012-215-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2012-244-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2092-263-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2448-272-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2908-265-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2908-278-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2996-249-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2996-266-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3152-218-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3152-250-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3212-267-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3408-247-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3604-259-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3604-271-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3652-237-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3652-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3692-280-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4048-216-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4048-246-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4196-238-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4196-254-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4368-241-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4480-268-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4480-252-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4544-217-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4544-248-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4796-260-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4832-258-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/4832-270-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5220-276-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5220-289-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5240-275-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5240-288-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5256-292-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5256-279-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5468-281-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5480-282-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5652-285-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5748-296-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5748-286-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5816-287-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5816-299-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5828-290-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5892-291-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5892-305-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5904-306-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5904-293-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/5960-308-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6004-294-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6028-295-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6028-312-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6036-311-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6312-300-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6324-316-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6324-301-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6340-302-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6340-317-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6592-307-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6724-333-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6732-309-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6732-334-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6780-310-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6856-313-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6868-339-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/6924-314-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/7048-315-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/7272-318-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/7280-321-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/7336-346-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/7348-322-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/7356-323-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/7400-324-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/7596-329-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/7808-335-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/7816-336-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/7848-337-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/8056-338-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download