efbf77cb78d4438ad94c8de60dd3027c9ec1b6e1dcbb80be1797f0d4eee55ef4

Analysis

max time kernel
11s
max time network
89s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2024, 23:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

31cba0f96af6789c3ae79e7eae9bb030N.exe
Size

1.1MB
MD5

31cba0f96af6789c3ae79e7eae9bb030
SHA1

b7d714865c29f22f5f5c5729f840140abdfcf1b0
SHA256

efbf77cb78d4438ad94c8de60dd3027c9ec1b6e1dcbb80be1797f0d4eee55ef4
SHA512

91955c743d130037682c823de5d430ef19dd729e16f34146f17086b34fd05f6f56110b7ca55a5f534a6c12f19485d6c1fa1cf902920a469f4639200ddc4961d9
SSDEEP

24576:oW2tNakvWTFLrNROWxqbfBLT1bLHh2pUG57krLgLifJoWWdIChgdO:V2tNETBNPELxbL0UG1UgeuWWn

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 11 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	31cba0f96af6789c3ae79e7eae9bb030N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	31cba0f96af6789c3ae79e7eae9bb030N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	31cba0f96af6789c3ae79e7eae9bb030N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	31cba0f96af6789c3ae79e7eae9bb030N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	31cba0f96af6789c3ae79e7eae9bb030N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	31cba0f96af6789c3ae79e7eae9bb030N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	31cba0f96af6789c3ae79e7eae9bb030N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	31cba0f96af6789c3ae79e7eae9bb030N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	31cba0f96af6789c3ae79e7eae9bb030N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	31cba0f96af6789c3ae79e7eae9bb030N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2650514177-1034912467-4025611726-1000\Control Panel\International\Geo\Nation	31cba0f96af6789c3ae79e7eae9bb030N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	31cba0f96af6789c3ae79e7eae9bb030N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\Q:	31cba0f96af6789c3ae79e7eae9bb030N.exe
File opened (read-only)	\??\O:	31cba0f96af6789c3ae79e7eae9bb030N.exe
File opened (read-only)	\??\I:	31cba0f96af6789c3ae79e7eae9bb030N.exe
File opened (read-only)	\??\L:	31cba0f96af6789c3ae79e7eae9bb030N.exe
File opened (read-only)	\??\R:	31cba0f96af6789c3ae79e7eae9bb030N.exe
File opened (read-only)	\??\S:	31cba0f96af6789c3ae79e7eae9bb030N.exe
File opened (read-only)	\??\U:	31cba0f96af6789c3ae79e7eae9bb030N.exe
File opened (read-only)	\??\X:	31cba0f96af6789c3ae79e7eae9bb030N.exe
File opened (read-only)	\??\Y:	31cba0f96af6789c3ae79e7eae9bb030N.exe
File opened (read-only)	\??\A:	31cba0f96af6789c3ae79e7eae9bb030N.exe
File opened (read-only)	\??\E:	31cba0f96af6789c3ae79e7eae9bb030N.exe
File opened (read-only)	\??\G:	31cba0f96af6789c3ae79e7eae9bb030N.exe
File opened (read-only)	\??\H:	31cba0f96af6789c3ae79e7eae9bb030N.exe
File opened (read-only)	\??\J:	31cba0f96af6789c3ae79e7eae9bb030N.exe
File opened (read-only)	\??\K:	31cba0f96af6789c3ae79e7eae9bb030N.exe
File opened (read-only)	\??\N:	31cba0f96af6789c3ae79e7eae9bb030N.exe
File opened (read-only)	\??\T:	31cba0f96af6789c3ae79e7eae9bb030N.exe
File opened (read-only)	\??\B:	31cba0f96af6789c3ae79e7eae9bb030N.exe
File opened (read-only)	\??\W:	31cba0f96af6789c3ae79e7eae9bb030N.exe
File opened (read-only)	\??\P:	31cba0f96af6789c3ae79e7eae9bb030N.exe
File opened (read-only)	\??\V:	31cba0f96af6789c3ae79e7eae9bb030N.exe
File opened (read-only)	\??\Z:	31cba0f96af6789c3ae79e7eae9bb030N.exe
File opened (read-only)	\??\M:	31cba0f96af6789c3ae79e7eae9bb030N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\IME\SHARED\indian action trambling uncut .mpg.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\black nude beast [free] (Jade).avi.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\indian animal horse several models penetration .mpeg.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\russian gang bang bukkake full movie lady .rar.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\SysWOW64\FxsTmp\brasilian cumshot trambling several models .mpeg.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\russian action gay [bangbus] swallow .mpeg.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\brasilian nude fucking [milf] glans latex .avi.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\System32\DriverStore\Temp\gay catfight cock pregnant .rar.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\fucking licking hole .avi.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\japanese horse blowjob uncut hole granny .mpeg.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\SysWOW64\FxsTmp\norwegian lesbian masturbation (Karin).mpg.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\black handjob bukkake voyeur upskirt .mpg.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\japanese beastiality sperm hidden hole .mpeg.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\american cumshot lesbian hot (!) cock .zip.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\black cumshot blowjob [bangbus] latex .mpeg.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Program Files (x86)\Google\Temp\bukkake hot (!) hole pregnant (Liz).rar.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Program Files (x86)\Microsoft\Temp\blowjob full movie 40+ .rar.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\indian beastiality horse public mature .avi.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\indian animal bukkake licking hole (Anniston,Sylvia).mpg.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\sperm [free] feet 50+ .avi.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Program Files (x86)\Google\Update\Download\american gang bang gay [free] (Melissa).mpg.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\black horse hardcore sleeping glans circumcision (Sarah).mpeg.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Program Files\Common Files\microsoft shared\japanese beastiality horse several models cock shoes .rar.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Program Files\dotnet\shared\tyrkish action fucking [bangbus] bedroom .mpeg.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Program Files\Microsoft Office\root\Templates\japanese nude gay uncut glans mature .mpg.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\horse full movie titts .zip.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\swedish horse blowjob catfight shoes .mpeg.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\japanese gang bang hardcore [milf] lady .rar.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\blowjob hidden boots .zip.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\black porn fucking several models glans latex (Karin).rar.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\lingerie uncut bedroom .mpg.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\african lingerie catfight titts .rar.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\african horse hidden .mpg.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\handjob fucking licking cock .mpg.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\gay licking .avi.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\danish cum trambling big hairy .rar.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\swedish beastiality fucking girls (Sylvia).avi.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\malaysia fucking full movie titts (Ashley,Tatjana).rar.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\lesbian hidden (Sylvia).zip.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\japanese beastiality beast several models cock mistress .mpeg.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\assembly\temp\indian cumshot lingerie hot (!) bedroom .avi.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\gang bang sperm uncut .rar.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\brasilian kicking fucking licking glans .avi.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\malaysia trambling hidden .mpeg.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\porn blowjob lesbian glans young .zip.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\asian beast full movie glans .zip.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\trambling big (Melissa).rar.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\black horse bukkake big young .avi.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\tyrkish nude blowjob lesbian hole .avi.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\asian lesbian several models traffic .avi.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\action fucking voyeur .mpeg.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\security\templates\swedish porn lesbian licking feet (Sonja,Samantha).zip.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\russian gang bang hardcore [free] .mpg.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\french beast catfight .zip.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\black nude blowjob masturbation hole (Sonja,Tatjana).mpeg.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\asian trambling masturbation feet penetration (Tatjana).avi.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\chinese horse full movie ash (Christine,Melissa).mpeg.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\african sperm catfight cock mature .mpeg.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\indian horse fucking big cock bondage (Karin).avi.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\blowjob uncut young .zip.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\SoftwareDistribution\Download\american porn trambling full movie titts bondage .mpeg.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\french lesbian sleeping glans leather (Sarah).mpeg.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\mssrv.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\trambling several models .avi.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\italian gang bang lesbian masturbation (Janette).rar.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\porn fucking full movie beautyfull .zip.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\lesbian girls beautyfull (Kathrin,Melissa).zip.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\spanish lesbian hot (!) titts Ôï .avi.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\trambling uncut .rar.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\nude bukkake lesbian .rar.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\canadian sperm lesbian glans sweet .mpeg.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\handjob lesbian lesbian circumcision .mpg.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\gang bang xxx big (Melissa).rar.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\fucking [bangbus] glans (Ashley,Liz).mpg.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\malaysia bukkake public .avi.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\hardcore full movie .mpg.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\CbsTemp\danish horse sperm sleeping hotel .avi.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\lingerie [free] cock stockings (Melissa).mpeg.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\lingerie [bangbus] glans castration (Curtney).mpg.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\InputMethod\SHARED\sperm hot (!) cock swallow .mpeg.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\italian porn gay girls titts high heels .zip.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\horse blowjob big .rar.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\gang bang fucking uncut titts .rar.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\hardcore uncut glans .mpg.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\malaysia gay sleeping glans .rar.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\japanese animal blowjob [milf] shower (Christine,Sylvia).mpeg.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\action bukkake catfight .mpeg.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\nude lesbian catfight upskirt .zip.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\norwegian xxx catfight titts penetration (Curtney).avi.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\malaysia lingerie public mature .avi.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\swedish beastiality bukkake girls Ôï .rar.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\british gay full movie feet leather (Sarah).mpg.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\hardcore sleeping hole penetration .mpeg.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\tyrkish beastiality gay full movie sweet .rar.exe	31cba0f96af6789c3ae79e7eae9bb030N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 62 IoCs

pid	Process
4012	31cba0f96af6789c3ae79e7eae9bb030N.exe
4012	31cba0f96af6789c3ae79e7eae9bb030N.exe
4700	31cba0f96af6789c3ae79e7eae9bb030N.exe
4700	31cba0f96af6789c3ae79e7eae9bb030N.exe
4012	31cba0f96af6789c3ae79e7eae9bb030N.exe
4012	31cba0f96af6789c3ae79e7eae9bb030N.exe
2700	31cba0f96af6789c3ae79e7eae9bb030N.exe
2700	31cba0f96af6789c3ae79e7eae9bb030N.exe
1400	31cba0f96af6789c3ae79e7eae9bb030N.exe
1400	31cba0f96af6789c3ae79e7eae9bb030N.exe
4012	31cba0f96af6789c3ae79e7eae9bb030N.exe
4012	31cba0f96af6789c3ae79e7eae9bb030N.exe
4700	31cba0f96af6789c3ae79e7eae9bb030N.exe
4700	31cba0f96af6789c3ae79e7eae9bb030N.exe
2372	31cba0f96af6789c3ae79e7eae9bb030N.exe
2372	31cba0f96af6789c3ae79e7eae9bb030N.exe
2272	31cba0f96af6789c3ae79e7eae9bb030N.exe
2272	31cba0f96af6789c3ae79e7eae9bb030N.exe
4792	31cba0f96af6789c3ae79e7eae9bb030N.exe
4792	31cba0f96af6789c3ae79e7eae9bb030N.exe
3232	31cba0f96af6789c3ae79e7eae9bb030N.exe
3232	31cba0f96af6789c3ae79e7eae9bb030N.exe
4012	31cba0f96af6789c3ae79e7eae9bb030N.exe
4012	31cba0f96af6789c3ae79e7eae9bb030N.exe
2700	31cba0f96af6789c3ae79e7eae9bb030N.exe
2700	31cba0f96af6789c3ae79e7eae9bb030N.exe
4700	31cba0f96af6789c3ae79e7eae9bb030N.exe
4700	31cba0f96af6789c3ae79e7eae9bb030N.exe
1400	31cba0f96af6789c3ae79e7eae9bb030N.exe
1400	31cba0f96af6789c3ae79e7eae9bb030N.exe
2200	31cba0f96af6789c3ae79e7eae9bb030N.exe
2200	31cba0f96af6789c3ae79e7eae9bb030N.exe
4224	31cba0f96af6789c3ae79e7eae9bb030N.exe
4224	31cba0f96af6789c3ae79e7eae9bb030N.exe
2356	31cba0f96af6789c3ae79e7eae9bb030N.exe
2356	31cba0f96af6789c3ae79e7eae9bb030N.exe
4012	31cba0f96af6789c3ae79e7eae9bb030N.exe
4012	31cba0f96af6789c3ae79e7eae9bb030N.exe
2360	31cba0f96af6789c3ae79e7eae9bb030N.exe
2360	31cba0f96af6789c3ae79e7eae9bb030N.exe
4700	31cba0f96af6789c3ae79e7eae9bb030N.exe
4700	31cba0f96af6789c3ae79e7eae9bb030N.exe
1400	31cba0f96af6789c3ae79e7eae9bb030N.exe
1400	31cba0f96af6789c3ae79e7eae9bb030N.exe
2700	31cba0f96af6789c3ae79e7eae9bb030N.exe
2700	31cba0f96af6789c3ae79e7eae9bb030N.exe
4704	31cba0f96af6789c3ae79e7eae9bb030N.exe
4704	31cba0f96af6789c3ae79e7eae9bb030N.exe
2372	31cba0f96af6789c3ae79e7eae9bb030N.exe
2372	31cba0f96af6789c3ae79e7eae9bb030N.exe
436	31cba0f96af6789c3ae79e7eae9bb030N.exe
436	31cba0f96af6789c3ae79e7eae9bb030N.exe
2272	31cba0f96af6789c3ae79e7eae9bb030N.exe
2272	31cba0f96af6789c3ae79e7eae9bb030N.exe
3360	31cba0f96af6789c3ae79e7eae9bb030N.exe
3360	31cba0f96af6789c3ae79e7eae9bb030N.exe
2644	31cba0f96af6789c3ae79e7eae9bb030N.exe
2644	31cba0f96af6789c3ae79e7eae9bb030N.exe
4792	31cba0f96af6789c3ae79e7eae9bb030N.exe
4792	31cba0f96af6789c3ae79e7eae9bb030N.exe
3232	31cba0f96af6789c3ae79e7eae9bb030N.exe
3232	31cba0f96af6789c3ae79e7eae9bb030N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4012 wrote to memory of 4700	4012	31cba0f96af6789c3ae79e7eae9bb030N.exe	86
PID 4012 wrote to memory of 4700	4012	31cba0f96af6789c3ae79e7eae9bb030N.exe	86
PID 4012 wrote to memory of 4700	4012	31cba0f96af6789c3ae79e7eae9bb030N.exe	86
PID 4012 wrote to memory of 2700	4012	31cba0f96af6789c3ae79e7eae9bb030N.exe	87
PID 4012 wrote to memory of 2700	4012	31cba0f96af6789c3ae79e7eae9bb030N.exe	87
PID 4012 wrote to memory of 2700	4012	31cba0f96af6789c3ae79e7eae9bb030N.exe	87
PID 4700 wrote to memory of 1400	4700	31cba0f96af6789c3ae79e7eae9bb030N.exe	88
PID 4700 wrote to memory of 1400	4700	31cba0f96af6789c3ae79e7eae9bb030N.exe	88
PID 4700 wrote to memory of 1400	4700	31cba0f96af6789c3ae79e7eae9bb030N.exe	88
PID 4012 wrote to memory of 2372	4012	31cba0f96af6789c3ae79e7eae9bb030N.exe	89
PID 4012 wrote to memory of 2372	4012	31cba0f96af6789c3ae79e7eae9bb030N.exe	89
PID 4012 wrote to memory of 2372	4012	31cba0f96af6789c3ae79e7eae9bb030N.exe	89
PID 2700 wrote to memory of 2272	2700	31cba0f96af6789c3ae79e7eae9bb030N.exe	90
PID 2700 wrote to memory of 2272	2700	31cba0f96af6789c3ae79e7eae9bb030N.exe	90
PID 2700 wrote to memory of 2272	2700	31cba0f96af6789c3ae79e7eae9bb030N.exe	90
PID 4700 wrote to memory of 4792	4700	31cba0f96af6789c3ae79e7eae9bb030N.exe	91
PID 4700 wrote to memory of 4792	4700	31cba0f96af6789c3ae79e7eae9bb030N.exe	91
PID 4700 wrote to memory of 4792	4700	31cba0f96af6789c3ae79e7eae9bb030N.exe	91
PID 1400 wrote to memory of 3232	1400	31cba0f96af6789c3ae79e7eae9bb030N.exe	92
PID 1400 wrote to memory of 3232	1400	31cba0f96af6789c3ae79e7eae9bb030N.exe	92
PID 1400 wrote to memory of 3232	1400	31cba0f96af6789c3ae79e7eae9bb030N.exe	92
PID 4012 wrote to memory of 2200	4012	31cba0f96af6789c3ae79e7eae9bb030N.exe	93
PID 4012 wrote to memory of 2200	4012	31cba0f96af6789c3ae79e7eae9bb030N.exe	93
PID 4012 wrote to memory of 2200	4012	31cba0f96af6789c3ae79e7eae9bb030N.exe	93
PID 4700 wrote to memory of 4224	4700	31cba0f96af6789c3ae79e7eae9bb030N.exe	94
PID 4700 wrote to memory of 4224	4700	31cba0f96af6789c3ae79e7eae9bb030N.exe	94
PID 4700 wrote to memory of 4224	4700	31cba0f96af6789c3ae79e7eae9bb030N.exe	94
PID 1400 wrote to memory of 2356	1400	31cba0f96af6789c3ae79e7eae9bb030N.exe	95
PID 1400 wrote to memory of 2356	1400	31cba0f96af6789c3ae79e7eae9bb030N.exe	95
PID 1400 wrote to memory of 2356	1400	31cba0f96af6789c3ae79e7eae9bb030N.exe	95
PID 2700 wrote to memory of 2360	2700	31cba0f96af6789c3ae79e7eae9bb030N.exe	96
PID 2700 wrote to memory of 2360	2700	31cba0f96af6789c3ae79e7eae9bb030N.exe	96
PID 2700 wrote to memory of 2360	2700	31cba0f96af6789c3ae79e7eae9bb030N.exe	96
PID 2372 wrote to memory of 4704	2372	31cba0f96af6789c3ae79e7eae9bb030N.exe	97
PID 2372 wrote to memory of 4704	2372	31cba0f96af6789c3ae79e7eae9bb030N.exe	97
PID 2372 wrote to memory of 4704	2372	31cba0f96af6789c3ae79e7eae9bb030N.exe	97
PID 2272 wrote to memory of 436	2272	31cba0f96af6789c3ae79e7eae9bb030N.exe	98
PID 2272 wrote to memory of 436	2272	31cba0f96af6789c3ae79e7eae9bb030N.exe	98
PID 2272 wrote to memory of 436	2272	31cba0f96af6789c3ae79e7eae9bb030N.exe	98
PID 4792 wrote to memory of 2644	4792	31cba0f96af6789c3ae79e7eae9bb030N.exe	99
PID 4792 wrote to memory of 2644	4792	31cba0f96af6789c3ae79e7eae9bb030N.exe	99
PID 4792 wrote to memory of 2644	4792	31cba0f96af6789c3ae79e7eae9bb030N.exe	99
PID 3232 wrote to memory of 3360	3232	31cba0f96af6789c3ae79e7eae9bb030N.exe	100
PID 3232 wrote to memory of 3360	3232	31cba0f96af6789c3ae79e7eae9bb030N.exe	100
PID 3232 wrote to memory of 3360	3232	31cba0f96af6789c3ae79e7eae9bb030N.exe	100
PID 4012 wrote to memory of 5116	4012	31cba0f96af6789c3ae79e7eae9bb030N.exe	101
PID 4012 wrote to memory of 5116	4012	31cba0f96af6789c3ae79e7eae9bb030N.exe	101
PID 4012 wrote to memory of 5116	4012	31cba0f96af6789c3ae79e7eae9bb030N.exe	101
PID 1400 wrote to memory of 3100	1400	31cba0f96af6789c3ae79e7eae9bb030N.exe	103
PID 1400 wrote to memory of 3100	1400	31cba0f96af6789c3ae79e7eae9bb030N.exe	103
PID 1400 wrote to memory of 3100	1400	31cba0f96af6789c3ae79e7eae9bb030N.exe	103
PID 2700 wrote to memory of 2052	2700	31cba0f96af6789c3ae79e7eae9bb030N.exe	104
PID 2700 wrote to memory of 2052	2700	31cba0f96af6789c3ae79e7eae9bb030N.exe	104
PID 2700 wrote to memory of 2052	2700	31cba0f96af6789c3ae79e7eae9bb030N.exe	104
PID 4700 wrote to memory of 3332	4700	31cba0f96af6789c3ae79e7eae9bb030N.exe	102
PID 4700 wrote to memory of 3332	4700	31cba0f96af6789c3ae79e7eae9bb030N.exe	102
PID 4700 wrote to memory of 3332	4700	31cba0f96af6789c3ae79e7eae9bb030N.exe	102
PID 2372 wrote to memory of 3556	2372	31cba0f96af6789c3ae79e7eae9bb030N.exe	105
PID 2372 wrote to memory of 3556	2372	31cba0f96af6789c3ae79e7eae9bb030N.exe	105
PID 2372 wrote to memory of 3556	2372	31cba0f96af6789c3ae79e7eae9bb030N.exe	105
PID 4224 wrote to memory of 464	4224	31cba0f96af6789c3ae79e7eae9bb030N.exe	106
PID 4224 wrote to memory of 464	4224	31cba0f96af6789c3ae79e7eae9bb030N.exe	106
PID 4224 wrote to memory of 464	4224	31cba0f96af6789c3ae79e7eae9bb030N.exe	106
PID 2272 wrote to memory of 1248	2272	31cba0f96af6789c3ae79e7eae9bb030N.exe	107

C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
"C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4012
- C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
  "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4700
- - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
    "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1400
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3232
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3360
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        7⤵
        
        PID:5832
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        8⤵
        
        PID:9384
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        9⤵
        
        PID:14576
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        8⤵
        
        PID:11968
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        8⤵
        
        PID:16276
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        7⤵
        
        PID:7100
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        8⤵
        
        PID:17584
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        7⤵
        
        PID:10024
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        8⤵
        
        PID:16144
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        7⤵
        
        PID:11904
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        7⤵
        
        PID:16412
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:208
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        7⤵
        
        PID:8128
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        8⤵
        
        PID:17464
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        7⤵
        
        PID:10156
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        7⤵
        
        PID:16300
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:6084
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        7⤵
        
        PID:12332
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        7⤵
        
        PID:14740
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        7⤵
        
        PID:18792
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:2104
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:14512
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:552
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:5608
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        7⤵
        
        PID:9560
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        8⤵
        
        PID:14400
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        7⤵
        
        PID:11944
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        7⤵
        
        PID:14384
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        7⤵
        
        PID:12528
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        7⤵
        
        PID:16388
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:8936
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        7⤵
        
        PID:17364
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:12108
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:16484
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:1412
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:8704
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        7⤵
        
        PID:18832
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:12228
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:16252
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:6060
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:10876
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        7⤵
        
        PID:17576
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:11896
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:14528
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:7896
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:18680
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:12348
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:16284
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2356
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:2580
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        7⤵
        
        PID:8896
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        8⤵
        
        PID:18688
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        7⤵
        
        PID:12188
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        7⤵
        
        PID:16460
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:6936
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        7⤵
        
        PID:16808
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        7⤵
        
        PID:18744
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:12100
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:16924
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:2216
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:9240
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        7⤵
        
        PID:16776
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:11888
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:17592
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:6744
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:16396
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:9268
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:17472
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:12084
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:14520
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:3100
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:5596
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:9728
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        7⤵
        
        PID:14416
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:12000
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:16972
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:6724
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:12600
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:16964
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:9184
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:17544
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:12044
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:16756
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:3756
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:8420
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:17528
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:12236
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:16332
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:5936
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:12264
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:16236
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:8156
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:17456
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:12276
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:16380
- - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
    "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4792
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2644
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:1980
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:5948
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        7⤵
        
        PID:9568
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        8⤵
        
        PID:16900
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        7⤵
        
        PID:12024
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        7⤵
        
        PID:14464
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        7⤵
        
        PID:21464
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:7172
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        7⤵
        
        PID:17716
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:9812
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        7⤵
        
        PID:14432
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:11960
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:16948
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:4692
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:8524
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        7⤵
        
        PID:18848
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:2864
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:16260
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:6092
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:12420
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:16244
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:8136
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:17488
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:10828
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:14552
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:1700
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:5632
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:9504
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        7⤵
        
        PID:14408
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:11976
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:16420
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:6760
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:12504
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:16908
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:9096
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:16784
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:12124
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:14056
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:1352
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:8828
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:17504
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:12156
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:16744
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:6076
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:12404
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:16308
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:7952
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:3904
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:12364
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:16988
- - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
    "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4224
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:464
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:5720
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:9008
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        7⤵
        
        PID:18776
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:12140
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:16516
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:7216
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:18824
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:9996
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:12452
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:12460
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:11928
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:16884
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:8
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:8716
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:18672
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:12180
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:1580
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:6052
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:10868
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:11872
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:14504
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:7904
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:18736
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:12356
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:16496
- - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
    "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
    3⤵
    PID:3332
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:5660
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:9364
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:14424
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:11880
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:14392
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:7184
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:16892
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:10032
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:17004
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:11920
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:16524
- - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
    "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
    3⤵
    PID:4944
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:8752
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:17384
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:12212
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:16372
- - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
    "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
    3⤵
    PID:6044
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:12324
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:14472
- - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
    "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
    3⤵
    PID:7944
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:18728
- - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
    "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
    3⤵
    PID:12372
- - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
    "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
    3⤵
    PID:14544
- C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
  "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2700
- - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
    "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2272
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:436
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:2612
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:5588
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        7⤵
        
        PID:9496
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        8⤵
        
        PID:16476
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        7⤵
        
        PID:11984
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        7⤵
        
        PID:17356
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:6972
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        7⤵
        
        PID:16800
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:9232
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        7⤵
        
        PID:18712
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:12052
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:17724
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:1204
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:8456
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        7⤵
        
        PID:17560
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:12220
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:16816
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:6580
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:12520
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:16876
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:8780
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:18704
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:12204
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:16364
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:1248
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:5580
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:8880
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        7⤵
        
        PID:18656
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:12148
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:1916
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:6796
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:17496
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:9204
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:16792
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:12116
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:17348
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:1216
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:7708
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:17424
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:10628
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:18768
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:11864
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:14376
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:6100
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:12496
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:17340
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:7936
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:17608
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:11856
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:14488
- - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
    "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2360
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:940
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:5440
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:8868
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        7⤵
        
        PID:18840
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:12196
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:16324
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:6292
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:12316
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:14448
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:8276
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:17520
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:12284
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:16228
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:676
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:8888
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:17416
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:12172
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:16432
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:6028
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:12396
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:16340
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:7912
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:17448
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:12308
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:14596
- - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
    "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
    3⤵
    PID:2052
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:5712
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:9252
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:17536
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:12076
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:17028
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:7032
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:18696
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:9376
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:17552
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:12016
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:14456
- - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
    "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
    3⤵
    PID:4020
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:9652
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:18760
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:12008
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:16940
- - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
    "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
    3⤵
    PID:6036
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:12380
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:16996
- - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
    "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
    3⤵
    PID:7928
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:17600
- - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
    "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
    3⤵
    PID:12388
- - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
    "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
    3⤵
    PID:14536
- C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
  "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2372
- - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
    "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4704
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:3176
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:5940
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:9588
        
        C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        7⤵
        
        PID:18752
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:11952
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:17400
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:2084
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:16932
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:9988
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:17440
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:11936
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:16168
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:4540
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:9260
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:14568
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:12092
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:17372
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:6988
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:17616
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:9296
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:18808
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:12068
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:16404
- - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
    "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
    3⤵
    PID:3556
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:5480
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:8008
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:18784
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:12300
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:4440
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:6340
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:12244
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:16356
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:8312
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:16916
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:4500
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:16956
- - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
    "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
    3⤵
    PID:5104
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:8052
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:18816
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:12292
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:14560
- - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
    "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
    3⤵
    PID:6068
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:12340
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:14584
- - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
    "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
    3⤵
    PID:7888
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:17432
- - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
    "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
    3⤵
    PID:12260
- - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
    "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
    3⤵
    PID:16316
- C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
  "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:2200
- - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
    "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
    3⤵
    PID:4836
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:5572
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:9552
      - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        6⤵
        
        PID:16468
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:11992
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:16268
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:6716
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:12512
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:16292
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:9088
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:18800
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:12132
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:17392
- - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
    "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
    3⤵
    PID:4492
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:9344
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:16980
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:12032
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:17012
- - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
    "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
    3⤵
    PID:6732
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:12592
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:16452
- - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
    "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
    3⤵
    PID:8904
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:18720
- - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
    "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
    3⤵
    PID:12164
- - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
    "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
    3⤵
    PID:16348
- C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
  "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
  2⤵
  PID:5116
- - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
    "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
    3⤵
    PID:5700
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:9308
    - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
        5⤵
        
        PID:14496
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:12060
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:14480
- - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
    "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
    3⤵
    PID:4480
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:17480
- - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
    "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
    3⤵
    PID:10040
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:17512
- - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
    "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
    3⤵
    PID:11912
- - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
    "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
    3⤵
    PID:14440
- C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
  "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
  2⤵
  PID:1692
- - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
    "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
    3⤵
    PID:8148
  - - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
      "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
      4⤵
      PID:21304
- - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
    "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
    3⤵
    PID:716
- - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
    "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
    3⤵
    PID:18664
- C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
  "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
  2⤵
  PID:6124
- - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
    "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
    3⤵
    PID:12412
- - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
    "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
    3⤵
    PID:16220
- C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
  "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
  2⤵
  PID:8188
- - C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
    "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
    3⤵
    PID:17568
- C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
  "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
  2⤵
  PID:12252
- C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe
  "C:\Users\Admin\AppData\Local\Temp\31cba0f96af6789c3ae79e7eae9bb030N.exe"
  2⤵
  PID:16212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\indian beastiality horse public mature .avi.exe

Filesize
103KB

MD5
035bf3dd3bc77b58280494c64591db59

SHA1
128f57b75497f7a53250309ee8789c54c01dac2a

SHA256
1c50b63382f7b22d32d1ab05bd9c9b64847e62c9d631d10d2c5f564132d6d7a2

SHA512
cc4def56baf49ad4149a45166a150aeabdd6cefc296855d66f9cd8d396a933623ef448881d4bedd2fd4d043f50f962e38368195e3fbe538de5301a98ecbc9853

Download Submit
C:\debug.txt

Filesize
146B

MD5
85f4b21bd6b33a971ef744b82d2051fc

SHA1
f44c67bf63bd5e74324d3fae384e8e8c384d4008

SHA256
a2fadf26a1223e8b9cb89c32cbed4b2eba838b9e2926120adc1847d9d69aa38a

SHA512
aac53eb3a7fcc26edb8397dd3ec475a1fda40b44ebea604a7261bd6bda5f2c36790dd497be95ba004df654fd453dc7a4256af9642fc58ec6692873bfe377c5ae

Download Submit