e2c019f587b4c1e369a69a9c6e667a3d0a788f713bb94b778aeb4f6ca831a3d3

Analysis

max time kernel
10s
max time network
74s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 12:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c0767847c3373a0e170818b9c8010f30N.exe
Size

496KB
MD5

c0767847c3373a0e170818b9c8010f30
SHA1

ec31d0adaf144b81065ebaa9ccf5251fa15c6081
SHA256

e2c019f587b4c1e369a69a9c6e667a3d0a788f713bb94b778aeb4f6ca831a3d3
SHA512

06b40206b5370aef5d0f2d64928d8fdf20a74e955d045a6d1cca3d1f96a74340ae8bcc27b312a4d0f1c8b325490662354c31deeb289a5dbdc5ad12e62c9b2e44
SSDEEP

12288:A//vi9B01Gj8+NtqQSd1OWksQme5gcSrtDmt+kFre:2wwVetqQSdVkd5gJ+pM

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 8 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	c0767847c3373a0e170818b9c8010f30N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	c0767847c3373a0e170818b9c8010f30N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	c0767847c3373a0e170818b9c8010f30N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	c0767847c3373a0e170818b9c8010f30N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	c0767847c3373a0e170818b9c8010f30N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	c0767847c3373a0e170818b9c8010f30N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	c0767847c3373a0e170818b9c8010f30N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000\Control Panel\International\Geo\Nation	c0767847c3373a0e170818b9c8010f30N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	c0767847c3373a0e170818b9c8010f30N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	c0767847c3373a0e170818b9c8010f30N.exe
File opened (read-only)	\??\L:	c0767847c3373a0e170818b9c8010f30N.exe
File opened (read-only)	\??\N:	c0767847c3373a0e170818b9c8010f30N.exe
File opened (read-only)	\??\R:	c0767847c3373a0e170818b9c8010f30N.exe
File opened (read-only)	\??\P:	c0767847c3373a0e170818b9c8010f30N.exe
File opened (read-only)	\??\T:	c0767847c3373a0e170818b9c8010f30N.exe
File opened (read-only)	\??\U:	c0767847c3373a0e170818b9c8010f30N.exe
File opened (read-only)	\??\W:	c0767847c3373a0e170818b9c8010f30N.exe
File opened (read-only)	\??\A:	c0767847c3373a0e170818b9c8010f30N.exe
File opened (read-only)	\??\G:	c0767847c3373a0e170818b9c8010f30N.exe
File opened (read-only)	\??\I:	c0767847c3373a0e170818b9c8010f30N.exe
File opened (read-only)	\??\K:	c0767847c3373a0e170818b9c8010f30N.exe
File opened (read-only)	\??\Y:	c0767847c3373a0e170818b9c8010f30N.exe
File opened (read-only)	\??\V:	c0767847c3373a0e170818b9c8010f30N.exe
File opened (read-only)	\??\O:	c0767847c3373a0e170818b9c8010f30N.exe
File opened (read-only)	\??\Q:	c0767847c3373a0e170818b9c8010f30N.exe
File opened (read-only)	\??\S:	c0767847c3373a0e170818b9c8010f30N.exe
File opened (read-only)	\??\X:	c0767847c3373a0e170818b9c8010f30N.exe
File opened (read-only)	\??\B:	c0767847c3373a0e170818b9c8010f30N.exe
File opened (read-only)	\??\E:	c0767847c3373a0e170818b9c8010f30N.exe
File opened (read-only)	\??\H:	c0767847c3373a0e170818b9c8010f30N.exe
File opened (read-only)	\??\M:	c0767847c3373a0e170818b9c8010f30N.exe
File opened (read-only)	\??\Z:	c0767847c3373a0e170818b9c8010f30N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\FxsTmp\german horse sleeping leather (Britney).mpeg.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\black xxx horse catfight legs boots .rar.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\horse [bangbus] hairy .mpeg.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\beastiality hardcore public balls .rar.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Windows\SysWOW64\FxsTmp\brasilian sperm gang bang licking feet .zip.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\hardcore hot (!) ash girly .rar.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\danish kicking sperm licking bedroom .rar.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Windows\System32\DriverStore\Temp\spanish fucking full movie (Melissa).mpeg.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\canadian fetish [bangbus] cock ash .mpg.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\indian beastiality public fishy .zip.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\swedish bukkake horse catfight boots (Kathrin,Sonja).avi.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\swedish hardcore horse [free] cock circumcision .mpeg.exe	c0767847c3373a0e170818b9c8010f30N.exe

Drops file in Program Files directory 17 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\beast xxx voyeur black hairunshaved .mpeg.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\horse porn catfight shower .mpeg.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\spanish beast [free] nipples YEâPSè& (Britney).zip.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\black gay [milf] sm .zip.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Program Files (x86)\Google\Update\Download\spanish xxx catfight wifey .avi.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\chinese horse full movie .zip.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\trambling hardcore voyeur .mpeg.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Program Files\Common Files\microsoft shared\horse several models bedroom .mpg.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\sperm gang bang full movie cock femdom .avi.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\swedish animal hot (!) .zip.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\animal lesbian girly (Sonja).mpeg.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\british hardcore [free] young .rar.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\indian kicking several models beautyfull .mpeg.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Program Files (x86)\Google\Temp\indian lesbian fucking big castration .mpeg.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Program Files\dotnet\shared\swedish beastiality hardcore hidden legs lady (Kathrin).mpg.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Program Files\Microsoft Office\root\Templates\swedish fetish hot (!) ash boots .zip.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\american handjob [milf] legs (Christine).avi.exe	c0767847c3373a0e170818b9c8010f30N.exe

Drops file in Windows directory 28 IoCs

description	ioc	Process
File created	C:\Windows\SoftwareDistribution\Download\french beastiality porn hot (!) vagina ejaculation .avi.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Windows\assembly\temp\danish beastiality kicking several models balls (Samantha).mpeg.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\italian fetish cumshot hot (!) legs mature (Ashley,Jenna).zip.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Windows\CbsTemp\gay public glans circumcision .mpg.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Windows\InputMethod\SHARED\tyrkish lesbian [bangbus] upskirt .mpg.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\danish hardcore [bangbus] lady .avi.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\xxx horse several models circumcision .zip.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Windows\PLA\Templates\trambling gang bang hot (!) .avi.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\cum sperm [milf] blondie .zip.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\cum several models ¼ë .avi.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\british horse public circumcision .mpg.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\fucking masturbation .zip.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\danish sperm beastiality [milf] ash upskirt (Melissa,Sonja).mpg.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Windows\security\templates\animal beast lesbian titts mistress .zip.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\horse cumshot licking blondie .avi.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\british hardcore sperm [bangbus] nipples (Jade,Gina).mpg.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\african sperm gang bang hidden boots .avi.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\japanese trambling several models .avi.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Windows\Downloaded Program Files\chinese xxx cum catfight .rar.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\french gay horse licking legs 50+ (Curtney,Samantha).zip.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\norwegian hardcore licking (Jade).mpeg.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\danish blowjob masturbation black hairunshaved .mpeg.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\beast sperm sleeping nipples boots .avi.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\brasilian lingerie hot (!) femdom .rar.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\beastiality horse [free] lady (Melissa,Gina).avi.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\horse [milf] cock .mpg.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Windows\mssrv.exe	c0767847c3373a0e170818b9c8010f30N.exe
File created	C:\Windows\assembly\tmp\african trambling beastiality voyeur shoes .mpeg.exe	c0767847c3373a0e170818b9c8010f30N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 30 IoCs

pid	Process
1076	c0767847c3373a0e170818b9c8010f30N.exe
1076	c0767847c3373a0e170818b9c8010f30N.exe
4908	c0767847c3373a0e170818b9c8010f30N.exe
4908	c0767847c3373a0e170818b9c8010f30N.exe
1076	c0767847c3373a0e170818b9c8010f30N.exe
1076	c0767847c3373a0e170818b9c8010f30N.exe
1076	c0767847c3373a0e170818b9c8010f30N.exe
1076	c0767847c3373a0e170818b9c8010f30N.exe
1648	c0767847c3373a0e170818b9c8010f30N.exe
1648	c0767847c3373a0e170818b9c8010f30N.exe
2836	c0767847c3373a0e170818b9c8010f30N.exe
2836	c0767847c3373a0e170818b9c8010f30N.exe
4908	c0767847c3373a0e170818b9c8010f30N.exe
4908	c0767847c3373a0e170818b9c8010f30N.exe
4012	c0767847c3373a0e170818b9c8010f30N.exe
4012	c0767847c3373a0e170818b9c8010f30N.exe
1076	c0767847c3373a0e170818b9c8010f30N.exe
1076	c0767847c3373a0e170818b9c8010f30N.exe
2776	c0767847c3373a0e170818b9c8010f30N.exe
2776	c0767847c3373a0e170818b9c8010f30N.exe
1648	c0767847c3373a0e170818b9c8010f30N.exe
1648	c0767847c3373a0e170818b9c8010f30N.exe
3944	c0767847c3373a0e170818b9c8010f30N.exe
3944	c0767847c3373a0e170818b9c8010f30N.exe
1068	c0767847c3373a0e170818b9c8010f30N.exe
1068	c0767847c3373a0e170818b9c8010f30N.exe
2836	c0767847c3373a0e170818b9c8010f30N.exe
2836	c0767847c3373a0e170818b9c8010f30N.exe
4908	c0767847c3373a0e170818b9c8010f30N.exe
4908	c0767847c3373a0e170818b9c8010f30N.exe

Suspicious use of WriteProcessMemory 45 IoCs

description	pid	Process	procid_target
PID 1076 wrote to memory of 4908	1076	c0767847c3373a0e170818b9c8010f30N.exe	87
PID 1076 wrote to memory of 4908	1076	c0767847c3373a0e170818b9c8010f30N.exe	87
PID 1076 wrote to memory of 4908	1076	c0767847c3373a0e170818b9c8010f30N.exe	87
PID 1076 wrote to memory of 1648	1076	c0767847c3373a0e170818b9c8010f30N.exe	88
PID 1076 wrote to memory of 1648	1076	c0767847c3373a0e170818b9c8010f30N.exe	88
PID 1076 wrote to memory of 1648	1076	c0767847c3373a0e170818b9c8010f30N.exe	88
PID 4908 wrote to memory of 2836	4908	c0767847c3373a0e170818b9c8010f30N.exe	89
PID 4908 wrote to memory of 2836	4908	c0767847c3373a0e170818b9c8010f30N.exe	89
PID 4908 wrote to memory of 2836	4908	c0767847c3373a0e170818b9c8010f30N.exe	89
PID 1076 wrote to memory of 4012	1076	c0767847c3373a0e170818b9c8010f30N.exe	90
PID 1076 wrote to memory of 4012	1076	c0767847c3373a0e170818b9c8010f30N.exe	90
PID 1076 wrote to memory of 4012	1076	c0767847c3373a0e170818b9c8010f30N.exe	90
PID 1648 wrote to memory of 2776	1648	c0767847c3373a0e170818b9c8010f30N.exe	91
PID 1648 wrote to memory of 2776	1648	c0767847c3373a0e170818b9c8010f30N.exe	91
PID 1648 wrote to memory of 2776	1648	c0767847c3373a0e170818b9c8010f30N.exe	91
PID 2836 wrote to memory of 1068	2836	c0767847c3373a0e170818b9c8010f30N.exe	92
PID 2836 wrote to memory of 1068	2836	c0767847c3373a0e170818b9c8010f30N.exe	92
PID 2836 wrote to memory of 1068	2836	c0767847c3373a0e170818b9c8010f30N.exe	92
PID 4908 wrote to memory of 3944	4908	c0767847c3373a0e170818b9c8010f30N.exe	93
PID 4908 wrote to memory of 3944	4908	c0767847c3373a0e170818b9c8010f30N.exe	93
PID 4908 wrote to memory of 3944	4908	c0767847c3373a0e170818b9c8010f30N.exe	93
PID 4012 wrote to memory of 4996	4012	c0767847c3373a0e170818b9c8010f30N.exe	94
PID 4012 wrote to memory of 4996	4012	c0767847c3373a0e170818b9c8010f30N.exe	94
PID 4012 wrote to memory of 4996	4012	c0767847c3373a0e170818b9c8010f30N.exe	94
PID 1076 wrote to memory of 3308	1076	c0767847c3373a0e170818b9c8010f30N.exe	95
PID 1076 wrote to memory of 3308	1076	c0767847c3373a0e170818b9c8010f30N.exe	95
PID 1076 wrote to memory of 3308	1076	c0767847c3373a0e170818b9c8010f30N.exe	95
PID 1648 wrote to memory of 4324	1648	c0767847c3373a0e170818b9c8010f30N.exe	96
PID 1648 wrote to memory of 4324	1648	c0767847c3373a0e170818b9c8010f30N.exe	96
PID 1648 wrote to memory of 4324	1648	c0767847c3373a0e170818b9c8010f30N.exe	96
PID 2776 wrote to memory of 1480	2776	c0767847c3373a0e170818b9c8010f30N.exe	97
PID 2776 wrote to memory of 1480	2776	c0767847c3373a0e170818b9c8010f30N.exe	97
PID 2776 wrote to memory of 1480	2776	c0767847c3373a0e170818b9c8010f30N.exe	97
PID 2836 wrote to memory of 1224	2836	c0767847c3373a0e170818b9c8010f30N.exe	98
PID 2836 wrote to memory of 1224	2836	c0767847c3373a0e170818b9c8010f30N.exe	98
PID 2836 wrote to memory of 1224	2836	c0767847c3373a0e170818b9c8010f30N.exe	98
PID 4908 wrote to memory of 4468	4908	c0767847c3373a0e170818b9c8010f30N.exe	99
PID 4908 wrote to memory of 4468	4908	c0767847c3373a0e170818b9c8010f30N.exe	99
PID 4908 wrote to memory of 4468	4908	c0767847c3373a0e170818b9c8010f30N.exe	99
PID 1068 wrote to memory of 3680	1068	c0767847c3373a0e170818b9c8010f30N.exe	100
PID 1068 wrote to memory of 3680	1068	c0767847c3373a0e170818b9c8010f30N.exe	100
PID 1068 wrote to memory of 3680	1068	c0767847c3373a0e170818b9c8010f30N.exe	100
PID 3944 wrote to memory of 3508	3944	c0767847c3373a0e170818b9c8010f30N.exe	101
PID 3944 wrote to memory of 3508	3944	c0767847c3373a0e170818b9c8010f30N.exe	101
PID 3944 wrote to memory of 3508	3944	c0767847c3373a0e170818b9c8010f30N.exe	101

C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
"C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1076
- C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
  "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4908
- - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
    "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2836
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1068
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:3680
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        7⤵
        
        PID:6068
        
        C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        8⤵
        
        PID:10448
        
        C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        8⤵
        
        PID:14680
        
        C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        7⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        8⤵
        
        PID:18988
        
        C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        7⤵
        
        PID:11216
        
        C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        7⤵
        
        PID:14968
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:5468
        
        C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        7⤵
        
        PID:8644
        
        C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        8⤵
        
        PID:11432
        
        C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        7⤵
        
        PID:12116
        
        C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        7⤵
        
        PID:14568
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:6932
        
        C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        7⤵
        
        PID:12596
        
        C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        7⤵
        
        PID:18272
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:9140
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:13768
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:8916
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:4552
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:6024
        
        C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        7⤵
        
        PID:10268
        
        C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        7⤵
        
        PID:14624
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:7952
        
        C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        7⤵
        
        PID:18584
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:11120
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:15404
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:5316
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:8564
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:11700
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:15676
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:6564
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:11368
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:15652
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:8672
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:12252
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:17716
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:1224
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:3236
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:5824
        
        C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        7⤵
        
        PID:10440
        
        C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        7⤵
        
        PID:14664
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:7484
        
        C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        7⤵
        
        PID:3968
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:10700
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:14740
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:5488
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:9604
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:13612
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:7872
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:6940
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:12128
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:17436
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:8960
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:11412
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:8652
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:17684
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:2036
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:5796
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:10276
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:14632
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:7512
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:17644
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:10800
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:14960
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:3248
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:8588
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:11656
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:15588
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:6224
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:11728
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:15636
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:8020
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:18576
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:11112
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:15736
- - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
    "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3944
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:3508
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:3684
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        7⤵
        
        PID:10660
        
        C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        7⤵
        
        PID:14716
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:8000
        
        C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        7⤵
        
        PID:5136
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:11208
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:15420
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:5532
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:9244
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:12560
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:18108
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:6912
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:12060
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:17452
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:8824
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:12260
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:17876
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:2604
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:5876
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:9496
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:13620
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:8160
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:7540
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:16836
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:10792
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:14912
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:5356
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:9488
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:13784
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:9016
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:6608
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:11352
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:15532
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:8680
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:12296
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:18064
- - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
    "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
    3⤵
    PID:4468
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:4692
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:5968
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:10500
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:14672
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:7636
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:17892
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:10896
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:14928
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:5444
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:8748
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:12032
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:4368
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:6884
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:11956
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:16452
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:8836
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:11592
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:12588
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:18264
- - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
    "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
    3⤵
    PID:3032
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:5944
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:9424
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:13468
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:6536
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:7860
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:1204
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:10924
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:14944
- - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
    "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
    3⤵
    PID:2540
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:7556
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:2396
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:11004
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:14952
- - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
    "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
    3⤵
    PID:6328
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:10644
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:14776
- - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
    "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
    3⤵
    PID:5212
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:2792
- - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
    "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
    3⤵
    PID:11360
- - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
    "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
    3⤵
    PID:15556
- C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
  "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1648
- - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
    "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2776
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:1480
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:4844
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:5816
        
        C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        7⤵
        
        PID:9432
        
        C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        7⤵
        
        PID:13636
        
        C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        7⤵
        
        PID:9384
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:7464
        
        C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        7⤵
        
        PID:17388
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:10636
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:14688
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:5276
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:8608
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:11636
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:15580
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:6716
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:11516
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:15768
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:8692
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:12240
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:17884
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:4936
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:5284
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:8596
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:11508
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:15548
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:6632
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:12680
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:18288
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:8664
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:18980
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:12052
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:1028
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:1080
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:8556
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:12108
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:17444
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:6292
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:10628
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:14784
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:8028
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:1584
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:11344
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:15540
- - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
    "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
    3⤵
    PID:4324
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:4544
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:5804
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:9960
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:14504
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:7188
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:16904
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:9408
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:13444
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:19108
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:5376
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:8616
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:11464
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:11532
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:15668
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:6736
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:11484
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:15572
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:8708
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:12568
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:18116
- - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
    "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
    3⤵
    PID:3564
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:5684
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:9804
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:14080
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:11092
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:7292
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:16884
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:9812
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:14056
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:10856
- - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
    "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
    3⤵
    PID:4676
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:7680
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:4040
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:10996
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:15176
- - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
    "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
    3⤵
    PID:6300
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:10676
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:14792
- - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
    "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
    3⤵
    PID:8332
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:11396
- - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
    "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
    3⤵
    PID:11492
- - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
    "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
    3⤵
    PID:15660
- C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
  "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4012
- - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
    "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
    3⤵
    PID:4996
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:3096
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:8572
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:11540
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:15644
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:6464
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:10652
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:14704
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:8460
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:11524
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:15684
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:5100
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:7408
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:10284
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:14644
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:6084
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:10684
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:15112
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:7920
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:4960
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:11196
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:15412
- - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
    "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
    3⤵
    PID:4564
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:4556
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:6468
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:11128
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:15428
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:8452
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:18996
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:11644
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:15760
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:5936
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:9416
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:13776
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:10480
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:7628
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:1572
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:11012
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:15316
- - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
    "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
    3⤵
    PID:4372
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:7596
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:1048
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:10888
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:14920
- - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
    "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
    3⤵
    PID:6076
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:10428
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:14696
- - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
    "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
    3⤵
    PID:7824
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:17860
- - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
    "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
    3⤵
    PID:10916
- - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
    "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
    3⤵
    PID:14936
- C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
  "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
  2⤵
  PID:3308
- - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
    "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
    3⤵
    PID:1772
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:5540
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:8632
      - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        6⤵
        
        PID:19232
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:11500
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:15724
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:6988
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:12748
    - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
        5⤵
        
        PID:18280
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:9400
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:13452
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:19096
- - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
    "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
    3⤵
    PID:628
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:8624
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:11948
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:16436
- - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
    "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
    3⤵
    PID:5992
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:9504
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:13628
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:19396
- - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
    "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
    3⤵
    PID:7644
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:640
- - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
    "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
    3⤵
    PID:11020
- - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
    "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
    3⤵
    PID:15168
- C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
  "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
  2⤵
  PID:3412
- - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
    "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
    3⤵
    PID:384
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:8496
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:11912
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:16476
- - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
    "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
    3⤵
    PID:6192
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:10460
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:14656
- - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
    "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
    3⤵
    PID:7980
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:5144
- - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
    "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
    3⤵
    PID:11336
- - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
    "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
    3⤵
    PID:15564
- C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
  "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
  2⤵
  PID:184
- - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
    "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
    3⤵
    PID:6728
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:11964
  - - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
      "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
      4⤵
      PID:17460
- - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
    "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
    3⤵
    PID:8700
- - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
    "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
    3⤵
    PID:12500
- - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
    "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
    3⤵
    PID:17868
- C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
  "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
  2⤵
  PID:5848
- - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
    "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
    3⤵
    PID:9464
- - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
    "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
    3⤵
    PID:13460
- - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
    "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
    3⤵
    PID:19076
- C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
  "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
  2⤵
  PID:7476
- - C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
    "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
    3⤵
    PID:17776
- C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
  "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
  2⤵
  PID:10692
- C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe
  "C:\Users\Admin\AppData\Local\Temp\c0767847c3373a0e170818b9c8010f30N.exe"
  2⤵
  PID:14748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\sperm gang bang full movie cock femdom .avi.exe

Filesize
472KB

MD5
46d95677edb6dab75f364522ba80e27e

SHA1
6e3ca87c87672076fa86ac35edb2f9923f5bfcf5

SHA256
a76a0b5db840b697e6beaf5adf0e7f04fe200d370ce9c82c44c9b16a42f4f2d2

SHA512
6ab4f7fd6a8dcecc808ace1dfa97fd828b8557b7569206dda445f3c1d2109a105631f95fb7c636ebbbabf2a03c4546ad1d6c07052227c74a1f6ca0508a430c08

Download Submit