d30cd31cf10d15f5b15bf8311fd859884aa1a96b5a6a80e2a027762efedd6277

Analysis

max time kernel
11s
max time network
9s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 05:12

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

65da76bc5d7a21062e883c19d3344450N.exe
Size

1.3MB
MD5

65da76bc5d7a21062e883c19d3344450
SHA1

f15f6c7224be0bacaae91f055c7cb4fba865f45e
SHA256

d30cd31cf10d15f5b15bf8311fd859884aa1a96b5a6a80e2a027762efedd6277
SHA512

e61e3c1be434d4c9c6f35bbfe56cf76621c24de34ba5c841d36bbec30cb97b1c7a7b41c424404ad815f58b58fdcbcd1706715960b1f706ff8c79e2a11bc7d5f5
SSDEEP

24576:oWoiUK+NgAGkUGpkxj9/AJlqVnV+iqmLqPuOmCMnZC+NkPhosB3T1cUBniOrAV0s:VoNPN/pkx9YTlmLqPuOmCMAnT6UFiOMp

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 11 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation	65da76bc5d7a21062e883c19d3344450N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation	65da76bc5d7a21062e883c19d3344450N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation	65da76bc5d7a21062e883c19d3344450N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation	65da76bc5d7a21062e883c19d3344450N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation	65da76bc5d7a21062e883c19d3344450N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation	65da76bc5d7a21062e883c19d3344450N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation	65da76bc5d7a21062e883c19d3344450N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation	65da76bc5d7a21062e883c19d3344450N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation	65da76bc5d7a21062e883c19d3344450N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation	65da76bc5d7a21062e883c19d3344450N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1750093773-264148664-1320403265-1000\Control Panel\International\Geo\Nation	65da76bc5d7a21062e883c19d3344450N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	65da76bc5d7a21062e883c19d3344450N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\P:	65da76bc5d7a21062e883c19d3344450N.exe
File opened (read-only)	\??\Q:	65da76bc5d7a21062e883c19d3344450N.exe
File opened (read-only)	\??\U:	65da76bc5d7a21062e883c19d3344450N.exe
File opened (read-only)	\??\O:	65da76bc5d7a21062e883c19d3344450N.exe
File opened (read-only)	\??\V:	65da76bc5d7a21062e883c19d3344450N.exe
File opened (read-only)	\??\W:	65da76bc5d7a21062e883c19d3344450N.exe
File opened (read-only)	\??\X:	65da76bc5d7a21062e883c19d3344450N.exe
File opened (read-only)	\??\A:	65da76bc5d7a21062e883c19d3344450N.exe
File opened (read-only)	\??\B:	65da76bc5d7a21062e883c19d3344450N.exe
File opened (read-only)	\??\K:	65da76bc5d7a21062e883c19d3344450N.exe
File opened (read-only)	\??\M:	65da76bc5d7a21062e883c19d3344450N.exe
File opened (read-only)	\??\Z:	65da76bc5d7a21062e883c19d3344450N.exe
File opened (read-only)	\??\S:	65da76bc5d7a21062e883c19d3344450N.exe
File opened (read-only)	\??\T:	65da76bc5d7a21062e883c19d3344450N.exe
File opened (read-only)	\??\Y:	65da76bc5d7a21062e883c19d3344450N.exe
File opened (read-only)	\??\E:	65da76bc5d7a21062e883c19d3344450N.exe
File opened (read-only)	\??\G:	65da76bc5d7a21062e883c19d3344450N.exe
File opened (read-only)	\??\I:	65da76bc5d7a21062e883c19d3344450N.exe
File opened (read-only)	\??\L:	65da76bc5d7a21062e883c19d3344450N.exe
File opened (read-only)	\??\H:	65da76bc5d7a21062e883c19d3344450N.exe
File opened (read-only)	\??\J:	65da76bc5d7a21062e883c19d3344450N.exe
File opened (read-only)	\??\N:	65da76bc5d7a21062e883c19d3344450N.exe
File opened (read-only)	\??\R:	65da76bc5d7a21062e883c19d3344450N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\indian nude horse [bangbus] ¼ë .mpg.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\xxx cum [milf] hole bondage (Sonja).mpg.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\SysWOW64\FxsTmp\malaysia trambling horse masturbation wifey .mpg.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\horse [bangbus] hole .mpg.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\spanish cumshot hardcore public .rar.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\animal [milf] .mpeg.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\british nude lesbian voyeur .zip.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\System32\DriverStore\Temp\german beast beast several models redhair .mpeg.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\SysWOW64\FxsTmp\porn horse sleeping blondie .mpg.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\blowjob lingerie girls high heels .avi.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\black hardcore horse public .mpeg.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\black kicking hot (!) hotel (Sonja).rar.exe	65da76bc5d7a21062e883c19d3344450N.exe

Drops file in Program Files directory 19 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\spanish fetish handjob hidden upskirt (Jenna,Sylvia).avi.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Program Files (x86)\Microsoft\Temp\horse cum several models vagina gorgeoushorny .rar.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\gang bang girls boobs high heels (Sandy,Curtney).zip.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\trambling fucking hidden hole .zip.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\tyrkish nude cumshot [free] traffic (Curtney,Melissa).mpg.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Program Files (x86)\Google\Update\Download\russian horse [free] (Christine).zip.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU7A02.tmp\lesbian sperm lesbian stockings (Melissa).mpeg.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Program Files\Common Files\microsoft shared\trambling horse sleeping .avi.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Program Files\dotnet\shared\trambling [free] latex .rar.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\brasilian fetish catfight .mpeg.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\lingerie horse voyeur hole mistress .rar.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\cumshot animal hot (!) balls .mpg.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\nude [milf] ash stockings .mpg.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\african hardcore horse voyeur .mpg.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Program Files (x86)\Google\Temp\malaysia handjob gang bang lesbian leather .rar.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\horse xxx licking titts sweet .mpg.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Program Files\Microsoft Office\root\Templates\nude girls .avi.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\beastiality hot (!) leather .mpeg.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\american gang bang public blondie .avi.exe	65da76bc5d7a21062e883c19d3344450N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\lingerie porn sleeping .avi.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\indian hardcore handjob lesbian feet young (Anniston).mpeg.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\malaysia nude several models .mpeg.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\assembly\temp\american horse xxx [free] sm .mpeg.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\CbsTemp\malaysia handjob hardcore [free] fishy .zip.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\french horse lingerie catfight glans .mpeg.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\norwegian sperm [free] nipples .avi.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\spanish gang bang porn big nipples wifey .mpeg.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\swedish trambling beast licking feet .mpeg.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\asian horse xxx hidden nipples 50+ .zip.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\brasilian kicking cumshot public stockings (Curtney,Curtney).mpeg.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\animal beastiality uncut leather (Jade).mpeg.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\british gay cum [milf] feet shower .rar.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\InputMethod\SHARED\french cumshot bukkake [free] traffic .mpeg.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\gay horse several models sm .rar.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\blowjob girls legs .mpeg.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\brasilian gay kicking [milf] penetration .avi.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\kicking gang bang several models mature .rar.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\handjob kicking licking mistress .rar.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\kicking [bangbus] vagina (Jade,Tatjana).zip.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\fucking uncut young .rar.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\Downloaded Program Files\russian gay licking latex .rar.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\danish handjob nude several models .mpg.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\danish nude catfight ash .avi.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\bukkake hot (!) .mpeg.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\asian cum catfight leather .avi.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\cumshot gang bang big nipples sweet .mpeg.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\chinese cumshot blowjob licking glans .rar.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\security\templates\beast sleeping femdom (Sonja,Melissa).avi.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\beastiality hot (!) .avi.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\norwegian cumshot horse [milf] sweet .mpg.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\malaysia beast [free] .mpg.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\italian fetish sleeping .mpg.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\indian fucking licking .mpeg.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\mssrv.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\cumshot masturbation pregnant (Sandy).zip.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\indian kicking hidden leather .zip.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\cumshot [bangbus] feet (Melissa).mpg.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\british action [free] .avi.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\german kicking horse licking lady .mpeg.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\spanish lingerie blowjob licking (Christine,Melissa).avi.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\sperm gay [milf] .zip.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\chinese beast several models legs (Sarah).mpeg.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\gang bang public .mpg.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\french beast [free] vagina .rar.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\tyrkish horse hidden latex .mpeg.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\fucking fetish several models .mpeg.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\nude cum licking upskirt (Ashley).mpg.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\cumshot horse big femdom .rar.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\xxx hidden mature .rar.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\french handjob horse [milf] .zip.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\hardcore beastiality voyeur leather .mpeg.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\malaysia lesbian action masturbation bondage (Anniston).mpg.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\trambling girls traffic .mpeg.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\PLA\Templates\indian fucking beast full movie titts latex .zip.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\gay xxx big stockings .mpg.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\hardcore uncut latex .mpg.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\indian xxx uncut young (Anniston).mpeg.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\japanese nude public sweet (Jenna).zip.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\spanish trambling bukkake voyeur hole hairy .avi.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\canadian cum handjob uncut .avi.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\french handjob uncut legs .mpeg.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\italian trambling fucking voyeur young .zip.exe	65da76bc5d7a21062e883c19d3344450N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\asian gay public mature (Sonja,Kathrin).zip.exe	65da76bc5d7a21062e883c19d3344450N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 62 IoCs

pid	Process
2740	65da76bc5d7a21062e883c19d3344450N.exe
2740	65da76bc5d7a21062e883c19d3344450N.exe
3512	65da76bc5d7a21062e883c19d3344450N.exe
3512	65da76bc5d7a21062e883c19d3344450N.exe
2740	65da76bc5d7a21062e883c19d3344450N.exe
2740	65da76bc5d7a21062e883c19d3344450N.exe
4600	65da76bc5d7a21062e883c19d3344450N.exe
4600	65da76bc5d7a21062e883c19d3344450N.exe
2740	65da76bc5d7a21062e883c19d3344450N.exe
2740	65da76bc5d7a21062e883c19d3344450N.exe
468	65da76bc5d7a21062e883c19d3344450N.exe
468	65da76bc5d7a21062e883c19d3344450N.exe
3512	65da76bc5d7a21062e883c19d3344450N.exe
3512	65da76bc5d7a21062e883c19d3344450N.exe
1476	65da76bc5d7a21062e883c19d3344450N.exe
1476	65da76bc5d7a21062e883c19d3344450N.exe
2740	65da76bc5d7a21062e883c19d3344450N.exe
2740	65da76bc5d7a21062e883c19d3344450N.exe
756	65da76bc5d7a21062e883c19d3344450N.exe
756	65da76bc5d7a21062e883c19d3344450N.exe
692	65da76bc5d7a21062e883c19d3344450N.exe
692	65da76bc5d7a21062e883c19d3344450N.exe
3512	65da76bc5d7a21062e883c19d3344450N.exe
4600	65da76bc5d7a21062e883c19d3344450N.exe
4600	65da76bc5d7a21062e883c19d3344450N.exe
3512	65da76bc5d7a21062e883c19d3344450N.exe
2084	65da76bc5d7a21062e883c19d3344450N.exe
2084	65da76bc5d7a21062e883c19d3344450N.exe
468	65da76bc5d7a21062e883c19d3344450N.exe
468	65da76bc5d7a21062e883c19d3344450N.exe
2748	65da76bc5d7a21062e883c19d3344450N.exe
2748	65da76bc5d7a21062e883c19d3344450N.exe
2248	65da76bc5d7a21062e883c19d3344450N.exe
2248	65da76bc5d7a21062e883c19d3344450N.exe
2740	65da76bc5d7a21062e883c19d3344450N.exe
2740	65da76bc5d7a21062e883c19d3344450N.exe
1476	65da76bc5d7a21062e883c19d3344450N.exe
1476	65da76bc5d7a21062e883c19d3344450N.exe
3316	65da76bc5d7a21062e883c19d3344450N.exe
3316	65da76bc5d7a21062e883c19d3344450N.exe
4604	65da76bc5d7a21062e883c19d3344450N.exe
4604	65da76bc5d7a21062e883c19d3344450N.exe
4600	65da76bc5d7a21062e883c19d3344450N.exe
4600	65da76bc5d7a21062e883c19d3344450N.exe
3512	65da76bc5d7a21062e883c19d3344450N.exe
3512	65da76bc5d7a21062e883c19d3344450N.exe
3796	65da76bc5d7a21062e883c19d3344450N.exe
3796	65da76bc5d7a21062e883c19d3344450N.exe
3812	65da76bc5d7a21062e883c19d3344450N.exe
3812	65da76bc5d7a21062e883c19d3344450N.exe
4860	65da76bc5d7a21062e883c19d3344450N.exe
4860	65da76bc5d7a21062e883c19d3344450N.exe
756	65da76bc5d7a21062e883c19d3344450N.exe
756	65da76bc5d7a21062e883c19d3344450N.exe
692	65da76bc5d7a21062e883c19d3344450N.exe
692	65da76bc5d7a21062e883c19d3344450N.exe
468	65da76bc5d7a21062e883c19d3344450N.exe
468	65da76bc5d7a21062e883c19d3344450N.exe
416	65da76bc5d7a21062e883c19d3344450N.exe
416	65da76bc5d7a21062e883c19d3344450N.exe
2084	65da76bc5d7a21062e883c19d3344450N.exe
2084	65da76bc5d7a21062e883c19d3344450N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2740 wrote to memory of 3512	2740	65da76bc5d7a21062e883c19d3344450N.exe	86
PID 2740 wrote to memory of 3512	2740	65da76bc5d7a21062e883c19d3344450N.exe	86
PID 2740 wrote to memory of 3512	2740	65da76bc5d7a21062e883c19d3344450N.exe	86
PID 2740 wrote to memory of 4600	2740	65da76bc5d7a21062e883c19d3344450N.exe	87
PID 2740 wrote to memory of 4600	2740	65da76bc5d7a21062e883c19d3344450N.exe	87
PID 2740 wrote to memory of 4600	2740	65da76bc5d7a21062e883c19d3344450N.exe	87
PID 3512 wrote to memory of 468	3512	65da76bc5d7a21062e883c19d3344450N.exe	88
PID 3512 wrote to memory of 468	3512	65da76bc5d7a21062e883c19d3344450N.exe	88
PID 3512 wrote to memory of 468	3512	65da76bc5d7a21062e883c19d3344450N.exe	88
PID 2740 wrote to memory of 1476	2740	65da76bc5d7a21062e883c19d3344450N.exe	93
PID 2740 wrote to memory of 1476	2740	65da76bc5d7a21062e883c19d3344450N.exe	93
PID 2740 wrote to memory of 1476	2740	65da76bc5d7a21062e883c19d3344450N.exe	93
PID 3512 wrote to memory of 756	3512	65da76bc5d7a21062e883c19d3344450N.exe	94
PID 3512 wrote to memory of 756	3512	65da76bc5d7a21062e883c19d3344450N.exe	94
PID 3512 wrote to memory of 756	3512	65da76bc5d7a21062e883c19d3344450N.exe	94
PID 4600 wrote to memory of 692	4600	65da76bc5d7a21062e883c19d3344450N.exe	95
PID 4600 wrote to memory of 692	4600	65da76bc5d7a21062e883c19d3344450N.exe	95
PID 4600 wrote to memory of 692	4600	65da76bc5d7a21062e883c19d3344450N.exe	95
PID 468 wrote to memory of 2084	468	65da76bc5d7a21062e883c19d3344450N.exe	96
PID 468 wrote to memory of 2084	468	65da76bc5d7a21062e883c19d3344450N.exe	96
PID 468 wrote to memory of 2084	468	65da76bc5d7a21062e883c19d3344450N.exe	96
PID 2740 wrote to memory of 2748	2740	65da76bc5d7a21062e883c19d3344450N.exe	97
PID 2740 wrote to memory of 2748	2740	65da76bc5d7a21062e883c19d3344450N.exe	97
PID 2740 wrote to memory of 2748	2740	65da76bc5d7a21062e883c19d3344450N.exe	97
PID 1476 wrote to memory of 2248	1476	65da76bc5d7a21062e883c19d3344450N.exe	98
PID 1476 wrote to memory of 2248	1476	65da76bc5d7a21062e883c19d3344450N.exe	98
PID 1476 wrote to memory of 2248	1476	65da76bc5d7a21062e883c19d3344450N.exe	98
PID 4600 wrote to memory of 3316	4600	65da76bc5d7a21062e883c19d3344450N.exe	99
PID 4600 wrote to memory of 3316	4600	65da76bc5d7a21062e883c19d3344450N.exe	99
PID 4600 wrote to memory of 3316	4600	65da76bc5d7a21062e883c19d3344450N.exe	99
PID 3512 wrote to memory of 4604	3512	65da76bc5d7a21062e883c19d3344450N.exe	100
PID 3512 wrote to memory of 4604	3512	65da76bc5d7a21062e883c19d3344450N.exe	100
PID 3512 wrote to memory of 4604	3512	65da76bc5d7a21062e883c19d3344450N.exe	100
PID 756 wrote to memory of 3796	756	65da76bc5d7a21062e883c19d3344450N.exe	101
PID 756 wrote to memory of 3796	756	65da76bc5d7a21062e883c19d3344450N.exe	101
PID 756 wrote to memory of 3796	756	65da76bc5d7a21062e883c19d3344450N.exe	101
PID 692 wrote to memory of 3812	692	65da76bc5d7a21062e883c19d3344450N.exe	102
PID 692 wrote to memory of 3812	692	65da76bc5d7a21062e883c19d3344450N.exe	102
PID 692 wrote to memory of 3812	692	65da76bc5d7a21062e883c19d3344450N.exe	102
PID 468 wrote to memory of 4860	468	65da76bc5d7a21062e883c19d3344450N.exe	103
PID 468 wrote to memory of 4860	468	65da76bc5d7a21062e883c19d3344450N.exe	103
PID 468 wrote to memory of 4860	468	65da76bc5d7a21062e883c19d3344450N.exe	103
PID 2084 wrote to memory of 416	2084	65da76bc5d7a21062e883c19d3344450N.exe	104
PID 2084 wrote to memory of 416	2084	65da76bc5d7a21062e883c19d3344450N.exe	104
PID 2084 wrote to memory of 416	2084	65da76bc5d7a21062e883c19d3344450N.exe	104
PID 2740 wrote to memory of 4040	2740	65da76bc5d7a21062e883c19d3344450N.exe	106
PID 2740 wrote to memory of 4040	2740	65da76bc5d7a21062e883c19d3344450N.exe	106
PID 2740 wrote to memory of 4040	2740	65da76bc5d7a21062e883c19d3344450N.exe	106
PID 1476 wrote to memory of 3128	1476	65da76bc5d7a21062e883c19d3344450N.exe	107
PID 1476 wrote to memory of 3128	1476	65da76bc5d7a21062e883c19d3344450N.exe	107
PID 1476 wrote to memory of 3128	1476	65da76bc5d7a21062e883c19d3344450N.exe	107
PID 2748 wrote to memory of 2280	2748	65da76bc5d7a21062e883c19d3344450N.exe	108
PID 2748 wrote to memory of 2280	2748	65da76bc5d7a21062e883c19d3344450N.exe	108
PID 2748 wrote to memory of 2280	2748	65da76bc5d7a21062e883c19d3344450N.exe	108
PID 2248 wrote to memory of 3624	2248	65da76bc5d7a21062e883c19d3344450N.exe	109
PID 2248 wrote to memory of 3624	2248	65da76bc5d7a21062e883c19d3344450N.exe	109
PID 2248 wrote to memory of 3624	2248	65da76bc5d7a21062e883c19d3344450N.exe	109
PID 4600 wrote to memory of 1620	4600	65da76bc5d7a21062e883c19d3344450N.exe	110
PID 4600 wrote to memory of 1620	4600	65da76bc5d7a21062e883c19d3344450N.exe	110
PID 4600 wrote to memory of 1620	4600	65da76bc5d7a21062e883c19d3344450N.exe	110
PID 3512 wrote to memory of 1932	3512	65da76bc5d7a21062e883c19d3344450N.exe	111
PID 3512 wrote to memory of 1932	3512	65da76bc5d7a21062e883c19d3344450N.exe	111
PID 3512 wrote to memory of 1932	3512	65da76bc5d7a21062e883c19d3344450N.exe	111
PID 756 wrote to memory of 976	756	65da76bc5d7a21062e883c19d3344450N.exe	112

C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
"C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2740
- C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
  "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3512
- - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
    "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:468
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2084
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:416
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:4672
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:6032
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        8⤵
        
        PID:9400
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        9⤵
        
        PID:19280
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        8⤵
        
        PID:13176
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        8⤵
        
        PID:18956
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:7260
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        8⤵
        
        PID:13932
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        8⤵
        
        PID:20236
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:10048
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        8⤵
        
        PID:11076
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:14188
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:20620
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:8700
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        8⤵
        
        PID:18196
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        8⤵
        
        PID:18504
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:12084
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        8⤵
        
        PID:25548
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:17864
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:25076
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:6480
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:13208
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:18988
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:8568
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:18172
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:18372
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:11908
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:3236
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:15228
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:24388
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:2448
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:6364
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:10540
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        8⤵
        
        PID:10700
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:14760
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:464
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:7828
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:15624
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:7072
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:10900
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:23424
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:14808
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:3944
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:4524
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:16924
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:23236
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:10924
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:14280
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:14972
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:22004
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:6488
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:11456
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:14848
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:16708
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:22764
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:8680
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:18180
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:23044
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:11936
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:23856
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:17416
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:24444
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4860
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:4704
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:5896
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:9408
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        8⤵
        
        PID:18832
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:13168
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:18972
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:7244
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:13796
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:19616
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:10148
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:9556
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:14204
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:20696
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:7732
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:15576
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:6900
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:10456
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:10684
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:14612
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:1552
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:6456
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:11664
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:23624
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:17244
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:23840
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:8528
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:17620
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:24420
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:12248
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:19600
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:18140
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:18512
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:3140
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:6172
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:9948
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:10492
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:14108
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:20500
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:7712
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:15592
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:7020
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:10532
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:21696
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:14604
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:2680
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:4996
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:8244
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:17352
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:24356
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:11136
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:14232
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:14980
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:22012
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:6544
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:11328
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:23544
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:15740
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:6728
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:8536
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:16716
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:10384
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:11884
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:17308
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:24336
- - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
    "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:756
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3796
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:2432
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:6272
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:9628
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        8⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:13712
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:19424
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:7720
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:15568
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:7496
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:10524
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:9660
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:14596
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:4892
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:3144
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:17644
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:24428
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:11256
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:23380
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:15248
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:22292
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:6584
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:1408
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:19064
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:9068
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:18964
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:12788
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:18460
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:976
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:6040
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:9508
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:19484
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:10580
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:19012
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:7292
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:15560
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:6824
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:10080
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:10332
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:14248
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:20680
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:3000
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:8472
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:16132
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:24396
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:11644
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:14276
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:17008
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:23596
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:6520
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:12860
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:18628
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:8588
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:17372
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:24436
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:11876
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:17320
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:24348
- - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
    "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4604
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:2964
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:6316
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:9524
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:20844
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:13440
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:19272
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:7756
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:15600
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:7040
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:10760
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:11176
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:14820
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:21948
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:1740
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:8452
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:1568
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:24456
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:11432
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:23632
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:16588
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:10556
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:6528
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:12260
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:17908
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:25200
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:8604
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:18212
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:18548
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:12064
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:25360
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:17872
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:25140
- - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
    "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
    3⤵
    PID:1932
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:6024
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:9516
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:4912
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:13288
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:18996
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:7232
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:13728
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:19444
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:9956
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:10352
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:14116
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:20484
- - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
    "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
    3⤵
    PID:5124
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:8024
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:16820
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:22796
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:10908
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:14804
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:14876
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:21932
- - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
    "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
    3⤵
    PID:6536
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:13380
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:19092
- - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
    "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
    3⤵
    PID:8596
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:17360
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:24364
- - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
    "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
    3⤵
    PID:12112
- - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
    "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
    3⤵
    PID:17892
- - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
    "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
    3⤵
    PID:25068
- C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
  "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4600
- - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
    "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:692
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:3812
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:4008
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:5988
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:10464
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        8⤵
        
        PID:10632
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:14620
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:4784
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:7300
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:15608
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:7044
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:10056
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:13152
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:14172
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:20672
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:3020
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:7940
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:16812
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:22788
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:10980
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:14044
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:14884
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:21940
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:6468
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:13132
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:18824
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:8544
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:18156
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:18592
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:11892
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:17328
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:24372
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:536
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:6136
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:10428
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:10668
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:14376
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:20688
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:7376
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:15748
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:6680
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:10136
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:10404
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:14196
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:20644
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:4388
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:8316
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:17568
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:24516
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:11360
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:23440
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:16392
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:9572
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:6512
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:11568
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:14260
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:17024
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:23580
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:8552
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:18164
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:18444
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:12060
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:17884
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:25084
- - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
    "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3316
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:4652
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:6000
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:9664
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:712
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:13788
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:19504
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:7224
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:13888
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:19748
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:9972
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:9588
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:14124
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:20508
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:2996
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:7956
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:16604
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:10952
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:10940
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:23448
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:14772
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:944
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:6552
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:11448
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:23612
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:16732
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:22780
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:8612
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:18416
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:18668
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:12104
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:17900
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:25192
- - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
    "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
    3⤵
    PID:1620
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:6048
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:9900
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:6236
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:14092
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:20492
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:7268
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:13908
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:19824
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:10072
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:15040
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:14180
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:20632
- - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
    "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
    3⤵
    PID:5132
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:8332
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:16984
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:16956
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:11440
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:23656
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:16596
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:10600
- - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
    "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
    3⤵
    PID:6560
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:11672
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:23648
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:17252
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:23848
- - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
    "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
    3⤵
    PID:8620
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:18220
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:11612
- - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
    "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
    3⤵
    PID:12076
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:18532
- - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
    "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
    3⤵
    PID:17856
- - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
    "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
    3⤵
    PID:25132
- C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
  "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1476
- - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
    "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2248
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:3624
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:6016
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:10448
        
        C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        7⤵
        
        PID:23368
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:14692
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:18820
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:7252
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:15552
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:7740
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:9836
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:5292
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:14004
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:20244
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:5140
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:7704
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:16148
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:7888
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:10560
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:14924
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:14664
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:5052
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:6576
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:13352
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:19264
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:9084
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:18228
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:11500
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:12940
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:18620
- - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
    "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
    3⤵
    PID:3128
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:5928
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:9532
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:20316
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:13448
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:19020
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:7216
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:13736
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:19476
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:9964
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:10412
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:14100
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:20540
- - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
    "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
    3⤵
    PID:5164
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:8044
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:16828
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:22804
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:11128
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:15704
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:15044
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:22204
- - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
    "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
    3⤵
    PID:6568
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:11248
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:14148
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:15240
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:22224
- - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
    "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
    3⤵
    PID:8628
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:18436
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:18764
- - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
    "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
    3⤵
    PID:11900
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:12220
- - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
    "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
    3⤵
    PID:15652
- - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
    "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
    3⤵
    PID:24380
- C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
  "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2748
- - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
    "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
    3⤵
    PID:2280
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:6056
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:9768
      - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        6⤵
        
        PID:9060
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:13916
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:19928
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:7308
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:13720
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:19492
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:10064
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:23432
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:14164
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:20572
- - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
    "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
    3⤵
    PID:5148
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:8324
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:17584
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:24412
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:11412
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:23640
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:16724
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:22772
- - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
    "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
    3⤵
    PID:6600
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:13576
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:19468
- - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
    "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
    3⤵
    PID:8708
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:18188
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:18456
- - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
    "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
    3⤵
    PID:11652
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:23664
- - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
    "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
    3⤵
    PID:17016
- - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
    "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
    3⤵
    PID:23572
- C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
  "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
  2⤵
  PID:4040
- - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
    "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
    3⤵
    PID:6008
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:9980
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:11092
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:14132
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:20532
- - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
    "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
    3⤵
    PID:7696
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:15584
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:7016
- - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
    "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
    3⤵
    PID:10548
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:13108
- - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
    "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
    3⤵
    PID:14588
- - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
    "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
    3⤵
    PID:4108
- C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
  "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
  2⤵
  PID:5156
- - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
    "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
    3⤵
    PID:6424
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:11204
    - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
        5⤵
        
        PID:14020
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:15052
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:22216
- - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
    "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
    3⤵
    PID:8480
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:17576
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:24404
- - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
    "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
    3⤵
    PID:11592
  - - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
      "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
      4⤵
      PID:23672
- - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
    "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
    3⤵
    PID:17032
- - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
    "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
    3⤵
    PID:23564
- C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
  "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
  2⤵
  PID:6592
- - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
    "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
    3⤵
    PID:13216
- - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
    "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
    3⤵
    PID:18980
- C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
  "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
  2⤵
  PID:9172
- - C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
    "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
    3⤵
    PID:18608
- C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
  "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
  2⤵
  PID:13044
- C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe
  "C:\Users\Admin\AppData\Local\Temp\65da76bc5d7a21062e883c19d3344450N.exe"
  2⤵
  PID:18640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\lingerie horse voyeur hole mistress .rar.exe

Filesize
421KB

MD5
58a86a0fe096daf061b5e49b3ba4d586

SHA1
4b4fb8873c0179aaebed900675d782516292660b

SHA256
0ea5cf642ffee3d1d8ba0bc4b9f505295cd7fc5623512034068aea4b0d873345

SHA512
f901782d0516c13e048605504224c7ab0d68d313d1182e6efd613dd2e2a852db926f2f96e34843dba0f19adc757fe15b55f82398300bfb67cc79094203fd0d09

Download Submit