295d037afa613c35e2be991beca19a11a3e966d3b50965a94d87c6f7de0dbcb8

Analysis

max time kernel
12s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14-07-2024 22:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

315198f91e350aea69212d7c23e14200N.exe
Size

1.9MB
MD5

315198f91e350aea69212d7c23e14200
SHA1

a65ae8ae962ece215c7d4fd3cfb315477c7e5094
SHA256

295d037afa613c35e2be991beca19a11a3e966d3b50965a94d87c6f7de0dbcb8
SHA512

823e45d66a88d10fd7fb9a3f954ad5f9de24da4de6387ee108b05db4c723a35f196a3584a826b5f58229f49cdface0cffeeed4770a6c1834ea05a1f186fdeae2
SSDEEP

49152:5X2RYZhrAiZEMW4l4mOes02nNjU1RMPsIxUyr:sKhuYNOes1nNoDUsIxU0

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 13 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	315198f91e350aea69212d7c23e14200N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	315198f91e350aea69212d7c23e14200N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	315198f91e350aea69212d7c23e14200N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	315198f91e350aea69212d7c23e14200N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	315198f91e350aea69212d7c23e14200N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	315198f91e350aea69212d7c23e14200N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	315198f91e350aea69212d7c23e14200N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	315198f91e350aea69212d7c23e14200N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	315198f91e350aea69212d7c23e14200N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	315198f91e350aea69212d7c23e14200N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	315198f91e350aea69212d7c23e14200N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	315198f91e350aea69212d7c23e14200N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	315198f91e350aea69212d7c23e14200N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	315198f91e350aea69212d7c23e14200N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	315198f91e350aea69212d7c23e14200N.exe
File opened (read-only)	\??\H:	315198f91e350aea69212d7c23e14200N.exe
File opened (read-only)	\??\J:	315198f91e350aea69212d7c23e14200N.exe
File opened (read-only)	\??\Q:	315198f91e350aea69212d7c23e14200N.exe
File opened (read-only)	\??\T:	315198f91e350aea69212d7c23e14200N.exe
File opened (read-only)	\??\Z:	315198f91e350aea69212d7c23e14200N.exe
File opened (read-only)	\??\A:	315198f91e350aea69212d7c23e14200N.exe
File opened (read-only)	\??\B:	315198f91e350aea69212d7c23e14200N.exe
File opened (read-only)	\??\G:	315198f91e350aea69212d7c23e14200N.exe
File opened (read-only)	\??\O:	315198f91e350aea69212d7c23e14200N.exe
File opened (read-only)	\??\R:	315198f91e350aea69212d7c23e14200N.exe
File opened (read-only)	\??\V:	315198f91e350aea69212d7c23e14200N.exe
File opened (read-only)	\??\W:	315198f91e350aea69212d7c23e14200N.exe
File opened (read-only)	\??\K:	315198f91e350aea69212d7c23e14200N.exe
File opened (read-only)	\??\L:	315198f91e350aea69212d7c23e14200N.exe
File opened (read-only)	\??\P:	315198f91e350aea69212d7c23e14200N.exe
File opened (read-only)	\??\U:	315198f91e350aea69212d7c23e14200N.exe
File opened (read-only)	\??\X:	315198f91e350aea69212d7c23e14200N.exe
File opened (read-only)	\??\Y:	315198f91e350aea69212d7c23e14200N.exe
File opened (read-only)	\??\I:	315198f91e350aea69212d7c23e14200N.exe
File opened (read-only)	\??\M:	315198f91e350aea69212d7c23e14200N.exe
File opened (read-only)	\??\N:	315198f91e350aea69212d7c23e14200N.exe
File opened (read-only)	\??\S:	315198f91e350aea69212d7c23e14200N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\gang bang beastiality hidden wifey .rar.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\porn sperm [free] wifey .mpeg.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\lesbian lingerie lesbian femdom .zip.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\asian horse licking vagina .zip.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\bukkake gay several models vagina (Sonja).mpg.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\nude [bangbus] sm .mpg.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\System32\DriverStore\Temp\french porn xxx hidden granny (Samantha,Gina).mpeg.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\SysWOW64\FxsTmp\canadian handjob public girly (Gina,Christine).mpg.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\canadian fucking gang bang several models bedroom .rar.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\SysWOW64\FxsTmp\hardcore voyeur boobs (Anniston,Liz).zip.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\xxx cum [bangbus] feet shoes (Karin,Gina).zip.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\nude bukkake lesbian 50+ .mpeg.exe	315198f91e350aea69212d7c23e14200N.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\asian xxx cumshot voyeur .mpg.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\chinese horse lesbian ash .mpeg.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\porn hot (!) feet .zip.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Program Files\Microsoft Office\root\Templates\danish horse big legs .avi.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\lesbian cumshot lesbian .rar.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Program Files (x86)\Google\Temp\japanese handjob animal sleeping lady (Melissa).mpeg.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Program Files\Common Files\microsoft shared\british lingerie [milf] fishy .zip.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\bukkake fetish masturbation granny (Ashley).mpg.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\horse animal big ,Ó .mpeg.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\malaysia animal voyeur .avi.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Program Files\dotnet\shared\danish horse blowjob licking beautyfull .zip.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\bukkake lesbian catfight high heels (Janette).rar.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\action hidden girly (Sonja).mpeg.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\spanish blowjob [milf] .mpeg.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\gang bang [free] .mpg.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\cum girls hole .mpeg.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Program Files (x86)\Google\Update\Download\cumshot full movie legs (Jenna,Ashley).zip.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Program Files (x86)\Microsoft\Temp\swedish trambling hot (!) (Sonja).rar.exe	315198f91e350aea69212d7c23e14200N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\danish horse uncut (Sonja,Christine).mpeg.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\chinese lingerie cum voyeur lady .zip.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\african lingerie horse several models penetration .zip.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\blowjob cum big castration (Kathrin,Anniston).avi.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\russian horse [milf] Ôï .avi.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\SoftwareDistribution\Download\italian horse voyeur .mpg.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\canadian fetish hidden swallow .avi.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\indian porn public glans (Melissa).zip.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\indian cum porn girls feet Ôï .avi.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\indian porn several models girly .zip.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\action public glans .avi.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\african lingerie fetish [free] boobs latex .rar.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\horse hidden .mpg.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\bukkake [milf] nipples ash (Karin).mpg.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\american hardcore lesbian .mpg.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\french horse gay public black hairunshaved .zip.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\chinese porn uncut gorgeoushorny .zip.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\blowjob several models .mpeg.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\norwegian animal catfight .avi.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\beastiality sperm voyeur pregnant .avi.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\american hardcore hardcore [bangbus] nipples .mpeg.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\beastiality lesbian boobs redhair (Sandy).avi.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\sperm trambling catfight mistress .avi.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\malaysia cum licking bedroom .rar.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\french sperm catfight .zip.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\danish fucking lesbian several models bondage .mpeg.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\sperm cum voyeur legs traffic .mpeg.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\animal lesbian .avi.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\Downloaded Program Files\tyrkish trambling gang bang girls 50+ .mpg.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\InputMethod\SHARED\spanish fucking full movie hotel .avi.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\african porn gay catfight .mpg.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\malaysia gay catfight swallow (Britney,Sonja).avi.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\brasilian kicking sleeping titts bedroom .rar.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\bukkake masturbation hole (Kathrin).mpg.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\sperm cumshot sleeping 50+ .mpg.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\indian fetish horse lesbian boots .mpg.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\mssrv.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\cum sleeping cock blondie .mpeg.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\assembly\temp\hardcore several models .avi.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\assembly\tmp\british horse gay [bangbus] hole (Tatjana).zip.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\indian cum trambling [bangbus] 50+ (Janette,Gina).mpeg.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\malaysia blowjob bukkake [milf] latex (Britney).rar.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\trambling horse girls (Sylvia,Gina).mpeg.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\trambling sleeping legs .zip.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\black cum catfight hole fishy .avi.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\danish horse lesbian lesbian lady (Tatjana,Liz).mpg.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\french horse licking titts bondage .mpg.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\trambling hardcore several models high heels .zip.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\beastiality trambling [bangbus] titts femdom .mpeg.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\cumshot [bangbus] legs bedroom (Samantha).avi.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\animal licking hairy (Liz,Karin).mpeg.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\swedish kicking public .rar.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\gang bang horse hidden titts redhair .rar.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\trambling gay several models penetration (Christine).mpeg.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\lesbian gay hidden boots .zip.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\norwegian horse licking titts black hairunshaved .rar.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\action hardcore big upskirt .zip.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\horse hardcore [bangbus] boobs .rar.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\CbsTemp\african sperm girls stockings (Jade).mpeg.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\blowjob kicking public cock .mpg.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\xxx sleeping .mpg.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\japanese blowjob uncut balls .mpeg.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\indian fucking hidden swallow .mpeg.exe	315198f91e350aea69212d7c23e14200N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\indian fetish big .mpeg.exe	315198f91e350aea69212d7c23e14200N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 62 IoCs

pid	Process
544	315198f91e350aea69212d7c23e14200N.exe
544	315198f91e350aea69212d7c23e14200N.exe
2448	315198f91e350aea69212d7c23e14200N.exe
2448	315198f91e350aea69212d7c23e14200N.exe
544	315198f91e350aea69212d7c23e14200N.exe
544	315198f91e350aea69212d7c23e14200N.exe
1028	315198f91e350aea69212d7c23e14200N.exe
1028	315198f91e350aea69212d7c23e14200N.exe
544	315198f91e350aea69212d7c23e14200N.exe
544	315198f91e350aea69212d7c23e14200N.exe
2448	315198f91e350aea69212d7c23e14200N.exe
2448	315198f91e350aea69212d7c23e14200N.exe
4184	315198f91e350aea69212d7c23e14200N.exe
4184	315198f91e350aea69212d7c23e14200N.exe
4412	315198f91e350aea69212d7c23e14200N.exe
4412	315198f91e350aea69212d7c23e14200N.exe
4580	315198f91e350aea69212d7c23e14200N.exe
4580	315198f91e350aea69212d7c23e14200N.exe
2644	315198f91e350aea69212d7c23e14200N.exe
544	315198f91e350aea69212d7c23e14200N.exe
2644	315198f91e350aea69212d7c23e14200N.exe
544	315198f91e350aea69212d7c23e14200N.exe
1028	315198f91e350aea69212d7c23e14200N.exe
1028	315198f91e350aea69212d7c23e14200N.exe
2448	315198f91e350aea69212d7c23e14200N.exe
2448	315198f91e350aea69212d7c23e14200N.exe
2012	315198f91e350aea69212d7c23e14200N.exe
2012	315198f91e350aea69212d7c23e14200N.exe
4184	315198f91e350aea69212d7c23e14200N.exe
4184	315198f91e350aea69212d7c23e14200N.exe
3116	315198f91e350aea69212d7c23e14200N.exe
3116	315198f91e350aea69212d7c23e14200N.exe
544	315198f91e350aea69212d7c23e14200N.exe
544	315198f91e350aea69212d7c23e14200N.exe
4764	315198f91e350aea69212d7c23e14200N.exe
4764	315198f91e350aea69212d7c23e14200N.exe
2268	315198f91e350aea69212d7c23e14200N.exe
2268	315198f91e350aea69212d7c23e14200N.exe
2604	315198f91e350aea69212d7c23e14200N.exe
2604	315198f91e350aea69212d7c23e14200N.exe
1876	315198f91e350aea69212d7c23e14200N.exe
1876	315198f91e350aea69212d7c23e14200N.exe
4412	315198f91e350aea69212d7c23e14200N.exe
4412	315198f91e350aea69212d7c23e14200N.exe
1028	315198f91e350aea69212d7c23e14200N.exe
1028	315198f91e350aea69212d7c23e14200N.exe
2448	315198f91e350aea69212d7c23e14200N.exe
2448	315198f91e350aea69212d7c23e14200N.exe
4580	315198f91e350aea69212d7c23e14200N.exe
4580	315198f91e350aea69212d7c23e14200N.exe
4544	315198f91e350aea69212d7c23e14200N.exe
4544	315198f91e350aea69212d7c23e14200N.exe
2644	315198f91e350aea69212d7c23e14200N.exe
2644	315198f91e350aea69212d7c23e14200N.exe
2136	315198f91e350aea69212d7c23e14200N.exe
2136	315198f91e350aea69212d7c23e14200N.exe
2240	315198f91e350aea69212d7c23e14200N.exe
2240	315198f91e350aea69212d7c23e14200N.exe
2012	315198f91e350aea69212d7c23e14200N.exe
2012	315198f91e350aea69212d7c23e14200N.exe
4184	315198f91e350aea69212d7c23e14200N.exe
4184	315198f91e350aea69212d7c23e14200N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 544 wrote to memory of 2448	544	315198f91e350aea69212d7c23e14200N.exe	86
PID 544 wrote to memory of 2448	544	315198f91e350aea69212d7c23e14200N.exe	86
PID 544 wrote to memory of 2448	544	315198f91e350aea69212d7c23e14200N.exe	86
PID 544 wrote to memory of 1028	544	315198f91e350aea69212d7c23e14200N.exe	87
PID 544 wrote to memory of 1028	544	315198f91e350aea69212d7c23e14200N.exe	87
PID 544 wrote to memory of 1028	544	315198f91e350aea69212d7c23e14200N.exe	87
PID 2448 wrote to memory of 4184	2448	315198f91e350aea69212d7c23e14200N.exe	88
PID 2448 wrote to memory of 4184	2448	315198f91e350aea69212d7c23e14200N.exe	88
PID 2448 wrote to memory of 4184	2448	315198f91e350aea69212d7c23e14200N.exe	88
PID 544 wrote to memory of 4412	544	315198f91e350aea69212d7c23e14200N.exe	89
PID 544 wrote to memory of 4412	544	315198f91e350aea69212d7c23e14200N.exe	89
PID 544 wrote to memory of 4412	544	315198f91e350aea69212d7c23e14200N.exe	89
PID 1028 wrote to memory of 4580	1028	315198f91e350aea69212d7c23e14200N.exe	90
PID 1028 wrote to memory of 4580	1028	315198f91e350aea69212d7c23e14200N.exe	90
PID 1028 wrote to memory of 4580	1028	315198f91e350aea69212d7c23e14200N.exe	90
PID 2448 wrote to memory of 2644	2448	315198f91e350aea69212d7c23e14200N.exe	91
PID 2448 wrote to memory of 2644	2448	315198f91e350aea69212d7c23e14200N.exe	91
PID 2448 wrote to memory of 2644	2448	315198f91e350aea69212d7c23e14200N.exe	91
PID 4184 wrote to memory of 2012	4184	315198f91e350aea69212d7c23e14200N.exe	92
PID 4184 wrote to memory of 2012	4184	315198f91e350aea69212d7c23e14200N.exe	92
PID 4184 wrote to memory of 2012	4184	315198f91e350aea69212d7c23e14200N.exe	92
PID 544 wrote to memory of 3116	544	315198f91e350aea69212d7c23e14200N.exe	93
PID 544 wrote to memory of 3116	544	315198f91e350aea69212d7c23e14200N.exe	93
PID 544 wrote to memory of 3116	544	315198f91e350aea69212d7c23e14200N.exe	93
PID 4412 wrote to memory of 1876	4412	315198f91e350aea69212d7c23e14200N.exe	94
PID 4412 wrote to memory of 1876	4412	315198f91e350aea69212d7c23e14200N.exe	94
PID 4412 wrote to memory of 1876	4412	315198f91e350aea69212d7c23e14200N.exe	94
PID 1028 wrote to memory of 2604	1028	315198f91e350aea69212d7c23e14200N.exe	95
PID 1028 wrote to memory of 2604	1028	315198f91e350aea69212d7c23e14200N.exe	95
PID 1028 wrote to memory of 2604	1028	315198f91e350aea69212d7c23e14200N.exe	95
PID 2448 wrote to memory of 4764	2448	315198f91e350aea69212d7c23e14200N.exe	96
PID 2448 wrote to memory of 4764	2448	315198f91e350aea69212d7c23e14200N.exe	96
PID 2448 wrote to memory of 4764	2448	315198f91e350aea69212d7c23e14200N.exe	96
PID 4580 wrote to memory of 2268	4580	315198f91e350aea69212d7c23e14200N.exe	97
PID 4580 wrote to memory of 2268	4580	315198f91e350aea69212d7c23e14200N.exe	97
PID 4580 wrote to memory of 2268	4580	315198f91e350aea69212d7c23e14200N.exe	97
PID 2644 wrote to memory of 4544	2644	315198f91e350aea69212d7c23e14200N.exe	98
PID 2644 wrote to memory of 4544	2644	315198f91e350aea69212d7c23e14200N.exe	98
PID 2644 wrote to memory of 4544	2644	315198f91e350aea69212d7c23e14200N.exe	98
PID 2012 wrote to memory of 2136	2012	315198f91e350aea69212d7c23e14200N.exe	99
PID 2012 wrote to memory of 2136	2012	315198f91e350aea69212d7c23e14200N.exe	99
PID 2012 wrote to memory of 2136	2012	315198f91e350aea69212d7c23e14200N.exe	99
PID 4184 wrote to memory of 2240	4184	315198f91e350aea69212d7c23e14200N.exe	100
PID 4184 wrote to memory of 2240	4184	315198f91e350aea69212d7c23e14200N.exe	100
PID 4184 wrote to memory of 2240	4184	315198f91e350aea69212d7c23e14200N.exe	100
PID 544 wrote to memory of 3672	544	315198f91e350aea69212d7c23e14200N.exe	101
PID 544 wrote to memory of 3672	544	315198f91e350aea69212d7c23e14200N.exe	101
PID 544 wrote to memory of 3672	544	315198f91e350aea69212d7c23e14200N.exe	101
PID 1028 wrote to memory of 1104	1028	315198f91e350aea69212d7c23e14200N.exe	102
PID 1028 wrote to memory of 1104	1028	315198f91e350aea69212d7c23e14200N.exe	102
PID 1028 wrote to memory of 1104	1028	315198f91e350aea69212d7c23e14200N.exe	102
PID 4412 wrote to memory of 4716	4412	315198f91e350aea69212d7c23e14200N.exe	103
PID 4412 wrote to memory of 4716	4412	315198f91e350aea69212d7c23e14200N.exe	103
PID 4412 wrote to memory of 4716	4412	315198f91e350aea69212d7c23e14200N.exe	103
PID 2448 wrote to memory of 2536	2448	315198f91e350aea69212d7c23e14200N.exe	104
PID 2448 wrote to memory of 2536	2448	315198f91e350aea69212d7c23e14200N.exe	104
PID 2448 wrote to memory of 2536	2448	315198f91e350aea69212d7c23e14200N.exe	104
PID 4580 wrote to memory of 4424	4580	315198f91e350aea69212d7c23e14200N.exe	105
PID 4580 wrote to memory of 4424	4580	315198f91e350aea69212d7c23e14200N.exe	105
PID 4580 wrote to memory of 4424	4580	315198f91e350aea69212d7c23e14200N.exe	105
PID 2644 wrote to memory of 2800	2644	315198f91e350aea69212d7c23e14200N.exe	106
PID 2644 wrote to memory of 2800	2644	315198f91e350aea69212d7c23e14200N.exe	106
PID 2644 wrote to memory of 2800	2644	315198f91e350aea69212d7c23e14200N.exe	106
PID 3116 wrote to memory of 2224	3116	315198f91e350aea69212d7c23e14200N.exe	107

C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
"C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:544
- C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
  "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2448
- - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
    "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4184
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2012
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:2136
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        8⤵
        
        PID:8708
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        9⤵
        
        PID:19860
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        8⤵
        
        PID:12564
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        8⤵
        
        PID:18244
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:7380
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        8⤵
        
        PID:16020
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        8⤵
        
        PID:21968
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:10164
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        8⤵
        
        PID:11828
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:13384
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:6300
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:7140
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        8⤵
        
        PID:14348
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        8⤵
        
        PID:19672
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:10156
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        8⤵
        
        PID:23016
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:13744
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:8284
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:6192
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:13728
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:4708
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:8412
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:19932
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:12056
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:17956
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:3548
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:5792
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:9388
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        8⤵
        
        PID:12644
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:13024
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:19080
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:7604
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:16244
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:21736
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:10332
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:23100
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:14156
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:8444
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:4848
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:14340
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:9432
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:9900
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:23008
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:13360
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:19832
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:6156
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:12244
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:18188
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:8388
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:16996
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:24260
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:11636
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:17680
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2240
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:2472
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:5580
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:8716
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        8⤵
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:12404
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:18428
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:7340
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:15768
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:21208
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:10192
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:2016
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:13696
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:6992
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:1840
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:6080
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:12140
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:17964
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:16796
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:24248
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:10844
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:23300
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:15696
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:21020
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:6140
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:12820
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:18808
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:8172
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:16820
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:15936
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:11040
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:24608
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:16980
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:24224
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:4172
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:5676
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:6224
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:7240
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:12976
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:19064
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:7492
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:16764
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:24200
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:10676
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:23108
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:15308
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:20760
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:3500
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:6868
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:15400
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:20752
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:9488
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:12504
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:13196
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:19204
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:6268
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:14132
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:9464
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:8380
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:16788
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:24240
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:11644
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:17672
- - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
    "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2644
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4544
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:4968
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:5652
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:8484
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        8⤵
        
        PID:19948
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:12376
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:18180
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:7628
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:16868
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:16004
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:10660
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:23148
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:14108
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:8588
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:4168
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:6256
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:12572
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:18236
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:8404
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:20168
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:11704
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:17688
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:6232
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:12684
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:18220
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:8356
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:16828
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:24192
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:11712
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:17712
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:2800
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:5700
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:9728
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:22788
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:13220
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:4376
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:7596
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:16260
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:21832
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:10292
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:23084
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:14140
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:9008
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:220
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:6628
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:16040
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:21916
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:9044
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:12948
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:12728
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:3960
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:6244
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:13736
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:7832
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:8772
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:5408
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:12416
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:18376
- - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
    "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4764
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:4884
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:5668
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:9180
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:7172
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:12960
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:18836
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:7508
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:16804
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:24168
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:10280
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:23132
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:14100
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:8596
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:3240
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:6680
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:3940
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:20720
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:9540
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:22804
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:13236
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:4368
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:6164
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:12364
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:18212
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:8364
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:16836
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:16008
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:11684
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:17704
- - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
    "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
    3⤵
    PID:2536
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:5632
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:8672
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:5020
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:12424
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:18228
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:7500
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:16252
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:21952
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:10180
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:23092
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:14124
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:8988
- - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
    "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
    3⤵
    PID:2128
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:6836
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:13644
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:6936
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:9480
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:22780
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:13188
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:19452
- - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
    "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
    3⤵
    PID:6016
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:9612
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:2460
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:13204
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:764
- - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
    "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
    3⤵
    PID:8244
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:16972
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:24216
- - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
    "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
    3⤵
    PID:11156
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:16412
- - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
    "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
    3⤵
    PID:17828
- C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
  "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1028
- - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
    "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4580
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:2268
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:2004
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:5828
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:9332
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        8⤵
        
        PID:8180
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:13012
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:18948
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:7928
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:16344
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:21852
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:10864
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:23124
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:15748
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:21340
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:5080
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:7052
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:13752
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:8204
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:13040
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:13228
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:1580
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:6204
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:12836
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:19160
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:8196
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:16844
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:24176
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:10988
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:24584
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:16756
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:23360
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:4424
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:5712
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:9892
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:23024
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:13352
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:19940
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:7640
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:16812
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:24232
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:10668
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:23164
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:15316
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:20732
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:2508
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:7204
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:16268
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:21844
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:10148
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:23140
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:13656
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:7032
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:6724
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:16048
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:21468
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:9496
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:22532
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:13100
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:18920
- - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
    "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:2604
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:4120
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:5556
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:8476
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:19852
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:12188
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:18060
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:3952
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:16276
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:22088
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:10140
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:23032
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:14060
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:8680
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:5088
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:6636
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:14092
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:8492
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:9236
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:13292
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:12968
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:18824
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:6172
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:12752
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:18800
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:8396
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:17556
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:11696
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:17696
- - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
    "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
    3⤵
    PID:1104
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:5540
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:8372
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:16988
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:24156
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:12156
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:18048
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:7196
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:16064
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:21924
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:10220
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:23116
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:14052
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:8344
- - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
    "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
    3⤵
    PID:4016
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:7372
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:16012
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:21908
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:10364
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:10212
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:14148
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:19480
- - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
    "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
    3⤵
    PID:6808
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:14992
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:20484
- - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
    "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
    3⤵
    PID:9720
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:23156
- - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
    "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
    3⤵
    PID:13244
- - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
    "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
    3⤵
    PID:4108
- C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
  "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4412
- - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
    "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:1876
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:2820
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:5720
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:8780
        
        C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        7⤵
        
        PID:17032
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:12396
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:18204
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:7780
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:16852
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:15996
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:10888
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:23368
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:15712
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:21068
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:5072
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:6768
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:15000
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:20688
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:9560
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:12784
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:13168
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:19344
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:6148
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:12720
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:4484
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:8468
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:20188
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:12336
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:18172
- - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
    "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
    3⤵
    PID:4716
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:9324
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:21900
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:13004
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:19056
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:7364
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:16860
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:24208
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:10172
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:23200
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:13700
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:7016
- - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
    "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
    3⤵
    PID:2964
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:7936
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:16316
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:21960
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:10856
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:10068
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:15704
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:21328
- - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
    "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
    3⤵
    PID:6944
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:14984
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:20492
- - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
    "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
    3⤵
    PID:9712
- - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
    "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
    3⤵
    PID:13368
- - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
    "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
    3⤵
    PID:19816
- C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
  "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3116
- - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
    "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
    3⤵
    PID:2224
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:5588
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:8724
      - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        6⤵
        
        PID:3304
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:12516
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:18356
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:7612
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:16032
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:21480
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:10372
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:24592
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:14252
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:18644
- - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
    "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
    3⤵
    PID:4712
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:6856
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:15848
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:21460
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:9504
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:13288
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:13212
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:5024
- - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
    "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
    3⤵
    PID:6212
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:12580
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:18196
- - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
    "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
    3⤵
    PID:8548
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:19840
- - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
    "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
    3⤵
    PID:3956
- - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
    "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
    3⤵
    PID:18160
- C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
  "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
  2⤵
  PID:3672
- - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
    "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
    3⤵
    PID:5660
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:9172
    - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
        5⤵
        
        PID:12628
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:12952
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:18816
- - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
    "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
    3⤵
    PID:7520
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:16056
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:21492
- - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
    "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
    3⤵
    PID:10200
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:24600
- - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
    "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
    3⤵
    PID:13712
- - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
    "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
    3⤵
    PID:6900
- C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
  "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
  2⤵
  PID:2988
- - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
    "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
    3⤵
    PID:7572
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:16780
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:24184
- - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
    "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
    3⤵
    PID:10380
  - - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
      "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
      4⤵
      PID:23052
- - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
    "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
    3⤵
    PID:14116
- - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
    "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
    3⤵
    PID:8228
- C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
  "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
  2⤵
  PID:6952
- - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
    "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
    3⤵
    PID:14976
- - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
    "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
    3⤵
    PID:20992
- C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
  "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
  2⤵
  PID:9548
- - C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
    "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
    3⤵
    PID:23040
- C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
  "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
  2⤵
  PID:13176
- C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe
  "C:\Users\Admin\AppData\Local\Temp\315198f91e350aea69212d7c23e14200N.exe"
  2⤵
  PID:4920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\bukkake lesbian catfight high heels (Janette).rar.exe

Filesize
876KB

MD5
f58cbdc8d687b9bb9b86729707ce2fe5

SHA1
b604d305b2424b99bc74f5c35908daa6e3c93adb

SHA256
436110ee36262f3eaf91a6583ad62da4fb283b2372fbed610ccc8d23b142ed50

SHA512
afe668e6fc3c46b28da45dda03a923c29a4b55502b7877d87dad92a5335bba84d1d58b7131babe60a47df522b028d3e96ac2756d7c29f64fc9c9f3299e73f346

Download Submit