6a68438da02e30680da0b8dfad312432307c4f6bb3edd3fc895f2a3a737b7b3b

Analysis

max time kernel
16s
max time network
119s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
20/07/2024, 07:48

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

68cff64b3554b6a7b87fb0788b0d7fa0N.exe
Size

1.3MB
MD5

68cff64b3554b6a7b87fb0788b0d7fa0
SHA1

79cfce2c4e704302f9debb5131498d8194689a33
SHA256

6a68438da02e30680da0b8dfad312432307c4f6bb3edd3fc895f2a3a737b7b3b
SHA512

1e53ee3baf2671d22e65611eb928ca741470f8310f02bc8c22a4a10899607b234f77da99135114572b9005a572a46627da907d617efc43f5d6ea89d647100cdd
SSDEEP

24576:oWZhtcO3H1U/4KpItrdOwZmBwlu56c4NZhL9zbSKU8yEY:VF1XS/4KIJOwZmBGuP4NZzXVY

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	68cff64b3554b6a7b87fb0788b0d7fa0N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	68cff64b3554b6a7b87fb0788b0d7fa0N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\O:	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File opened (read-only)	\??\T:	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File opened (read-only)	\??\Z:	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File opened (read-only)	\??\E:	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File opened (read-only)	\??\N:	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File opened (read-only)	\??\P:	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File opened (read-only)	\??\R:	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File opened (read-only)	\??\W:	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File opened (read-only)	\??\I:	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File opened (read-only)	\??\L:	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File opened (read-only)	\??\J:	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File opened (read-only)	\??\M:	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File opened (read-only)	\??\U:	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File opened (read-only)	\??\A:	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File opened (read-only)	\??\H:	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File opened (read-only)	\??\K:	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File opened (read-only)	\??\Q:	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File opened (read-only)	\??\S:	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File opened (read-only)	\??\V:	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File opened (read-only)	\??\X:	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File opened (read-only)	\??\Y:	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File opened (read-only)	\??\B:	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File opened (read-only)	\??\G:	68cff64b3554b6a7b87fb0788b0d7fa0N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\japanese cum trambling [free] stockings .avi.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\System32\DriverStore\Temp\fucking voyeur cock .mpeg.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\swedish animal fucking full movie glans (Anniston,Sylvia).mpeg.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\lesbian uncut cock shoes .mpeg.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\swedish horse blowjob [free] gorgeoushorny .mpeg.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\beast [bangbus] fishy .avi.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\japanese fetish horse uncut (Karin).rar.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\swedish fetish lesbian girls glans swallow .mpeg.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\lesbian public balls .zip.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\russian cum horse uncut bedroom .mpeg.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\swedish action lingerie several models hole femdom .zip.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\brasilian kicking beast sleeping cock shoes (Samantha).rar.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe

Drops file in Program Files directory 17 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Templates\trambling uncut balls (Jenna,Sylvia).avi.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\italian fetish bukkake girls feet .mpg.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Program Files (x86)\Google\Temp\japanese action horse catfight bondage .avi.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\indian nude hardcore [free] .mpg.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Program Files\dotnet\shared\tyrkish kicking fucking hot (!) feet blondie (Samantha).rar.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\russian beastiality horse licking hole .mpeg.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\russian animal lesbian voyeur (Janette).avi.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\italian kicking beast uncut (Sylvia).mpeg.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\black cumshot xxx big .zip.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\horse sleeping (Jade).zip.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Program Files\Common Files\microsoft shared\lesbian public .mpeg.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\swedish gang bang hardcore catfight shower .rar.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\blowjob hot (!) upskirt .mpeg.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\japanese cum hardcore catfight upskirt .zip.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\blowjob several models (Sylvia).mpeg.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\malaysia lingerie masturbation (Tatjana).rar.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Program Files (x86)\Google\Update\Download\tyrkish nude lingerie full movie glans bondage (Jade).rar.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\bukkake [bangbus] beautyfull (Sonja,Janette).rar.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\asian gay uncut glans swallow .mpg.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\fucking [free] cock .mpeg.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\african gay licking balls .rar.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p..al-securitytemplate_31bf3856ad364e35_10.0.19041.1_none_a3d9a07cf2290837\canadian xxx girls upskirt .rar.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\danish gang bang lesbian voyeur bondage .mpeg.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\american horse horse catfight hole YEâPSè& .mpeg.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\tyrkish cumshot fucking public feet high heels .mpeg.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\cumshot sperm several models (Tatjana).mpeg.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\trambling catfight (Curtney).mpg.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\action blowjob uncut cock .mpg.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_en-us_e5f85095c4bc5d16\beastiality sperm sleeping wifey (Jenna,Liz).zip.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\InputMethod\SHARED\xxx voyeur high heels .mpg.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\black action hardcore [bangbus] shower .mpeg.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\canadian beast sleeping blondie .zip.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\canadian hardcore [bangbus] sweet .rar.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\black animal lingerie voyeur latex .mpeg.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\lingerie girls hole .rar.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\horse big (Curtney).mpg.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\malaysia fucking several models titts (Jenna,Tatjana).mpeg.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\italian action horse [bangbus] fishy .rar.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\assembly\temp\beast lesbian feet (Anniston,Melissa).mpg.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\SoftwareDistribution\Download\beast full movie titts .mpg.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\italian porn fucking licking (Melissa).mpg.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\lesbian [free] titts .rar.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\canadian blowjob masturbation upskirt .rar.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\sperm [milf] .mpg.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\action fucking girls lady .mpeg.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\CbsTemp\blowjob sleeping feet gorgeoushorny .avi.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\lingerie [bangbus] (Samantha).mpeg.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\swedish handjob horse licking feet 50+ (Sarah).zip.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\african blowjob voyeur .mpeg.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\spanish xxx [free] .mpg.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\cum gay masturbation hole hairy (Samantha).mpeg.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\handjob blowjob several models titts granny (Tatjana).mpg.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\tyrkish cum trambling public .avi.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared_31bf3856ad364e35_10.0.19041.1_none_bd731e5b85dd203e\spanish beast masturbation hole traffic .mpeg.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\mssrv.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\bukkake voyeur wifey .avi.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\xxx [free] .mpeg.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\american cum lingerie licking high heels (Sonja,Tatjana).zip.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\asian beast voyeur Ôï .avi.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\russian animal lingerie voyeur hole high heels (Jade).mpg.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_14c898cc82025c76\nude hardcore big (Sylvia).zip.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-p2p-pnrp-adm_31bf3856ad364e35_10.0.19041.1_none_ae957c4c35a7bf73\asian sperm masturbation (Sarah).avi.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\german xxx voyeur boots .avi.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\cum gay lesbian titts gorgeoushorny .avi.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\chinese beast full movie hole .avi.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\asian beast voyeur (Curtney).zip.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\blowjob full movie .zip.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\blowjob sleeping (Tatjana).mpg.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\danish cum lingerie full movie titts sweet (Melissa).mpeg.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\bukkake full movie (Curtney).rar.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\cumshot horse masturbation titts .zip.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\norwegian lesbian catfight girly .zip.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\lesbian [bangbus] (Sarah).avi.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\malaysia bukkake masturbation lady .mpeg.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\american nude xxx [bangbus] titts (Sonja,Liz).avi.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\blowjob catfight glans swallow .zip.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\american gang bang lingerie licking (Sylvia).zip.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\PLA\Templates\lingerie uncut .zip.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\swedish kicking bukkake big feet stockings (Karin).mpg.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\bukkake several models black hairunshaved .zip.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\british horse voyeur titts .avi.exe	68cff64b3554b6a7b87fb0788b0d7fa0N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1736	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
1736	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
3812	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
3812	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
1736	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
1736	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
2024	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
2024	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
2432	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
2432	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
3812	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
3812	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
1736	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
1736	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
3940	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
3940	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
4876	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
4876	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
3364	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
3364	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
2024	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
3812	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
2024	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
3812	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
2524	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
2524	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
2432	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
2432	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
1736	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
1736	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
1960	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
1960	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
1468	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
1468	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
5012	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
5012	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
4792	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
4792	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
1324	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
1324	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
2024	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
2024	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
2432	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
3812	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
2432	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
3812	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
1736	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
1736	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
4736	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
4736	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
4408	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
4408	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
3364	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
3364	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
3940	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
3940	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
3260	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
3260	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
4876	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
4876	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
2524	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
2524	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
4760	68cff64b3554b6a7b87fb0788b0d7fa0N.exe
4760	68cff64b3554b6a7b87fb0788b0d7fa0N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 3812	1736	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	87
PID 1736 wrote to memory of 3812	1736	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	87
PID 1736 wrote to memory of 3812	1736	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	87
PID 3812 wrote to memory of 2024	3812	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	92
PID 3812 wrote to memory of 2024	3812	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	92
PID 3812 wrote to memory of 2024	3812	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	92
PID 1736 wrote to memory of 2432	1736	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	93
PID 1736 wrote to memory of 2432	1736	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	93
PID 1736 wrote to memory of 2432	1736	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	93
PID 2024 wrote to memory of 3940	2024	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	94
PID 2024 wrote to memory of 3940	2024	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	94
PID 2024 wrote to memory of 3940	2024	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	94
PID 3812 wrote to memory of 4876	3812	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	95
PID 3812 wrote to memory of 4876	3812	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	95
PID 3812 wrote to memory of 4876	3812	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	95
PID 2432 wrote to memory of 3364	2432	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	96
PID 2432 wrote to memory of 3364	2432	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	96
PID 2432 wrote to memory of 3364	2432	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	96
PID 1736 wrote to memory of 2524	1736	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	97
PID 1736 wrote to memory of 2524	1736	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	97
PID 1736 wrote to memory of 2524	1736	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	97
PID 2024 wrote to memory of 5012	2024	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	99
PID 2024 wrote to memory of 5012	2024	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	99
PID 2024 wrote to memory of 5012	2024	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	99
PID 2432 wrote to memory of 1960	2432	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	100
PID 2432 wrote to memory of 1960	2432	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	100
PID 2432 wrote to memory of 1960	2432	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	100
PID 3812 wrote to memory of 1468	3812	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	101
PID 3812 wrote to memory of 1468	3812	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	101
PID 3812 wrote to memory of 1468	3812	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	101
PID 1736 wrote to memory of 4792	1736	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	102
PID 1736 wrote to memory of 4792	1736	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	102
PID 1736 wrote to memory of 4792	1736	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	102
PID 3940 wrote to memory of 1324	3940	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	103
PID 3940 wrote to memory of 1324	3940	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	103
PID 3940 wrote to memory of 1324	3940	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	103
PID 3364 wrote to memory of 4408	3364	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	104
PID 3364 wrote to memory of 4408	3364	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	104
PID 3364 wrote to memory of 4408	3364	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	104
PID 4876 wrote to memory of 4736	4876	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	105
PID 4876 wrote to memory of 4736	4876	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	105
PID 4876 wrote to memory of 4736	4876	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	105
PID 2524 wrote to memory of 3260	2524	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	106
PID 2524 wrote to memory of 3260	2524	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	106
PID 2524 wrote to memory of 3260	2524	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	106
PID 2024 wrote to memory of 4760	2024	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	108
PID 2024 wrote to memory of 4760	2024	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	108
PID 2024 wrote to memory of 4760	2024	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	108
PID 2432 wrote to memory of 3144	2432	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	109
PID 2432 wrote to memory of 3144	2432	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	109
PID 2432 wrote to memory of 3144	2432	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	109
PID 3812 wrote to memory of 4396	3812	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	110
PID 3812 wrote to memory of 4396	3812	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	110
PID 3812 wrote to memory of 4396	3812	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	110
PID 1736 wrote to memory of 2436	1736	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	111
PID 1736 wrote to memory of 2436	1736	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	111
PID 1736 wrote to memory of 2436	1736	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	111
PID 1960 wrote to memory of 4712	1960	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	112
PID 1960 wrote to memory of 4712	1960	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	112
PID 1960 wrote to memory of 4712	1960	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	112
PID 3364 wrote to memory of 4984	3364	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	113
PID 3364 wrote to memory of 4984	3364	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	113
PID 3364 wrote to memory of 4984	3364	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	113
PID 3940 wrote to memory of 4820	3940	68cff64b3554b6a7b87fb0788b0d7fa0N.exe	114

C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
"C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
  "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3812
- - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2024
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3940
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:1324
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        7⤵
        
        PID:5392
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        8⤵
        
        PID:10000
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        9⤵
        
        PID:11600
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        8⤵
        
        PID:13608
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        9⤵
        
        PID:7708
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        8⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        7⤵
        
        PID:7516
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        8⤵
        
        PID:15100
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        8⤵
        
        PID:14600
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        7⤵
        
        PID:10108
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        8⤵
        
        PID:7136
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        7⤵
        
        PID:13668
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        7⤵
        
        PID:3736
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:5164
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        7⤵
        
        PID:7688
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        8⤵
        
        PID:15024
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        8⤵
        
        PID:17424
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        7⤵
        
        PID:10440
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        7⤵
        
        PID:15208
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        7⤵
        
        PID:1624
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:6664
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        7⤵
        
        PID:11804
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        7⤵
        
        PID:17308
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:8684
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        7⤵
        
        PID:6036
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:12200
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:17576
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:4820
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:6040
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        7⤵
        
        PID:9992
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        7⤵
        
        PID:12952
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        7⤵
        
        PID:17136
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        7⤵
        
        PID:22776
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        7⤵
        
        PID:15296
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        7⤵
        
        PID:3476
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:10100
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        7⤵
        
        PID:11460
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:13600
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:4728
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:23344
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:5204
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:9276
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        7⤵
        
        PID:10192
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:12576
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:3524
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:6772
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:12588
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:3300
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:8812
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:10508
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:1260
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:17544
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:5012
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:4288
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:6276
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        7⤵
        
        PID:9976
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        7⤵
        
        PID:12936
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        7⤵
        
        PID:17128
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        7⤵
        
        PID:23196
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:7620
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        7⤵
        
        PID:14916
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        7⤵
        
        PID:17416
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:10092
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:13616
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:17844
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:5148
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:8208
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        7⤵
        
        PID:15408
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        7⤵
        
        PID:17368
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        7⤵
        
        PID:22568
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:11388
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:16000
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:17384
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:6688
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:11812
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:17640
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:8740
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:10840
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:9568
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:17504
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4760
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:6100
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:9628
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:12756
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:17276
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:22536
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:7668
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:15664
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:1576
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:22608
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:10736
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:15188
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:3140
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:9652
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:5820
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:13488
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:17884
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:6824
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:12044
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:17520
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:8928
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:20192
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:11732
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:17512
- - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4876
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4736
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:4328
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:5372
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        7⤵
        
        PID:10152
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        7⤵
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        7⤵
        
        PID:17432
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        7⤵
        
        PID:23204
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        7⤵
        
        PID:14952
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        7⤵
        
        PID:1672
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:10116
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:13584
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:852
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:5156
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:8544
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        7⤵
        
        PID:5568
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:11664
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:17536
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:6656
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:12728
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:1424
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:8716
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:20712
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:12236
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:17592
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:1552
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:6064
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:9660
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        7⤵
        
        PID:7664
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:12768
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:17856
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:7548
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:15060
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:1716
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:10048
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:12968
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:15724
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:5196
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:8552
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:7996
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:11680
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:17672
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:6712
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:11792
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:17648
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:8804
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:20720
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:11512
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:17560
- - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:1468
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:4640
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:6132
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:9476
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        7⤵
        
        PID:5952
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:12848
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:17148
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:7508
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:15040
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:17176
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:10056
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:13480
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:17836
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:5172
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:9460
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:4528
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:12720
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:17892
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:6836
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:11832
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:17632
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:8992
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:19832
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:12412
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:17472
- - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
    3⤵
    PID:4396
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:1916
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:9768
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:9764
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:12944
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:16060
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:7572
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:15288
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:4036
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:23336
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:10032
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:13496
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:17300
- - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
    3⤵
    PID:5236
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:9452
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:19316
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:12928
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:17864
- - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
    3⤵
    PID:6812
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:11776
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:17656
- - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
    3⤵
    PID:9000
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:8184
- - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
    3⤵
    PID:12188
- - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
    3⤵
    PID:17456
- C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
  "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2432
- - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3364
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4408
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:4248
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        7⤵
        
        PID:9776
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        8⤵
        
        PID:17356
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        8⤵
        
        PID:22560
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        7⤵
        
        PID:12884
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        7⤵
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        7⤵
        
        PID:22736
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:7588
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        7⤵
        
        PID:15068
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        7⤵
        
        PID:1912
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:10124
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:13772
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:3120
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:5132
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:7280
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        7⤵
        
        PID:14500
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        7⤵
        
        PID:1976
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:9968
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:12348
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:17268
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:6472
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:6556
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:11372
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:15992
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:17400
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:22576
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:8396
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:17680
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:11624
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:17464
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:4984
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:6004
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:9636
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        7⤵
        
        PID:7988
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:12704
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:4476
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:22760
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:7500
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:15076
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:17352
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:22552
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:10016
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:12912
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:4360
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:5212
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:8560
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:6160
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:11672
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:17688
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:6696
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:11848
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:17624
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:9040
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:20332
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:12300
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:17488
- - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1960
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:4712
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:6164
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:9960
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:12892
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:3504
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:22948
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:7564
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:14960
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:17184
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:10024
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:13632
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:3904
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:23144
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:5220
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:9468
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:5896
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:12856
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:64
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:6792
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:11896
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:17616
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:9056
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:7484
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:12568
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:4256
- - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
    3⤵
    PID:3144
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:6080
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:9736
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:5996
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:12872
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:16212
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:7492
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:14968
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:4372
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:10008
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:12988
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:17440
- - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
    3⤵
    PID:5244
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:8568
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:7752
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:12192
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:17584
- - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
    3⤵
    PID:6848
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:12036
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:17528
- - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
    3⤵
    PID:9152
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:11196
- - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
    3⤵
    PID:12736
- - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
    3⤵
    PID:3556
- - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
    3⤵
    PID:22792
- C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
  "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2524
- - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:3260
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:3840
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:6072
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:9756
        
        C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        7⤵
        
        PID:548
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:12960
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:17192
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:7640
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:15092
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:3988
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:10708
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:15304
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:17820
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:5140
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:7676
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:15320
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:3652
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:8664
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:14924
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:468
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:6784
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:12052
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:17324
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:8820
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:1204
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:12320
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:17480
- - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
    3⤵
    PID:988
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:6124
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:9984
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:13624
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:7744
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:4376
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:22924
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:7556
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:15016
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:17284
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:10140
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:11444
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:17828
- - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
    3⤵
    PID:5188
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:2740
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:16032
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:17376
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:22584
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:11548
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:16020
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:17392
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:22744
- - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
    3⤵
    PID:6728
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:12028
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:17316
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:22600
- - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
    3⤵
    PID:8728
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:6092
- - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
    3⤵
    PID:12244
- - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
    3⤵
    PID:17568
- C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
  "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:4792
- - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
    3⤵
    PID:4464
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:6140
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:9644
      - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        6⤵
        
        PID:8360
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:12712
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:17156
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:23136
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:7592
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:15084
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:4176
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:10132
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:13592
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:4908
- - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
    3⤵
    PID:5180
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:8120
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:15400
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:432
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:11068
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:15984
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:4416
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:22752
- - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
    3⤵
    PID:6704
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:11840
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:17168
- - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
    3⤵
    PID:8748
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:6284
- - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
    3⤵
    PID:11648
- - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
    3⤵
    PID:17552
- C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
  "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
  2⤵
  PID:2436
- - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
    3⤵
    PID:5384
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:9940
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:3720
    - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
        5⤵
        
        PID:22592
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:12920
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:17164
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:22768
- - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
    3⤵
    PID:7580
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:15312
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:17292
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:22544
- - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
    3⤵
    PID:10040
- - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
    3⤵
    PID:12636
- - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
    3⤵
    PID:17448
- C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
  "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
  2⤵
  PID:5228
- - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
    3⤵
    PID:8576
  - - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
      "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
      4⤵
      PID:20204
- - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
    3⤵
    PID:11856
- - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
    3⤵
    PID:17608
- C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
  "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
  2⤵
  PID:6864
- - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
    3⤵
    PID:12100
- - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
    3⤵
    PID:17600
- C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
  "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
  2⤵
  PID:9064
- - C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
    "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
    3⤵
    PID:5648
- C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
  "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
  2⤵
  PID:12292
- C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe
  "C:\Users\Admin\AppData\Local\Temp\68cff64b3554b6a7b87fb0788b0d7fa0N.exe"
  2⤵
  PID:17496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\russian beastiality horse licking hole .mpeg.exe

Filesize
1.5MB

MD5
9fdd90e6de90bdb01d214294ef14ddce

SHA1
56b8298407bd97f3406578f58ce4fcf711b7e36a

SHA256
617569f59cb5aa318036b7bb5add9b8c7b098208bc572c7a1177e3056a3bd9c5

SHA512
f650e466f46a7998823d8a38c4693ec3a119e7445e5d444d935d999142cdaa8e06651833fcaf87e7700d1a8208e129541411001d9a26a8e1302032dbca1880ba

Download Submit
C:\debug.txt

Filesize
146B

MD5
5d5d1e0ea064ee95377ea3dd3eace3e4

SHA1
1604d06a30b10ecc64f9ead480afd24509ee393c

SHA256
7793b0a7f75fe68a6982cde4ea5e21ae9ac26490b0c0e43db97a55acd811ef34

SHA512
f7fcede7cfa99a6efa901a39a29b1c1f83a0b1361eb6c4253f41b1ab76c2ffd536c372595402182689515808a67be1de604678c88506ec4b3ab3848868afeaf3

Download Submit
memory/988-195-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1324-187-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1736-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1916-216-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1960-185-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2024-161-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2432-162-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2436-193-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2440-215-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2524-184-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3144-192-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3260-190-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3364-183-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3940-181-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4288-199-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4408-188-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4464-196-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4640-197-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4712-194-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4724-198-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4736-189-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4760-191-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4792-186-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4876-182-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5132-200-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5140-201-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5148-202-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5164-203-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5180-205-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5188-204-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5212-207-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5228-206-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5384-213-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5392-214-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6040-208-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6072-209-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6100-217-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6124-210-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6132-211-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6140-212-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6164-218-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6276-219-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6556-220-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6664-221-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6688-222-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6696-223-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6784-229-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6792-224-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6812-225-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6824-226-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6836-227-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6848-228-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6864-230-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7280-231-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7492-232-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7548-240-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7564-233-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7572-234-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7580-235-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7588-236-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7604-237-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7620-238-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7640-239-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7668-241-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7676-243-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7688-242-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8120-244-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8208-245-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8396-246-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8544-247-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8552-248-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8560-249-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8568-250-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8576-251-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8684-253-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8716-252-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8728-254-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8804-255-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8812-256-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8820-257-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8928-258-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8992-260-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9000-261-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9040-262-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9056-263-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9064-264-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9152-265-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9276-266-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9452-269-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9460-267-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9468-268-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9476-270-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9628-271-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9736-272-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9756-273-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9768-274-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download