273886e844c3d90e6ebd951c6f528070318b3d3a8a08d0b35ae428913043757c

Analysis

max time kernel
119s
max time network
13s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19-07-2024 01:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

349983b7e0e6c22ac0affc900bc89e10N.exe
Size

1.8MB
MD5

349983b7e0e6c22ac0affc900bc89e10
SHA1

d44284da674e6ccff8bdde6e4e1dd12f1fa81456
SHA256

273886e844c3d90e6ebd951c6f528070318b3d3a8a08d0b35ae428913043757c
SHA512

dd7c2d39aa3101e4dfaa5fc1b0f29194df805d66859edb23a8eac284c47c1d3f8950590024aac9a678c3fbaf2ae90ee4fe6f4e04b00aa41bab80013a5664d3c7
SSDEEP

49152:V73lKQMrBHj6sGeagCrKqX+bflZapl4sgFnP7YEM+Uc:u1HjXGejCOli0sQ4c

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 10 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	349983b7e0e6c22ac0affc900bc89e10N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	349983b7e0e6c22ac0affc900bc89e10N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	349983b7e0e6c22ac0affc900bc89e10N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	349983b7e0e6c22ac0affc900bc89e10N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	349983b7e0e6c22ac0affc900bc89e10N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	349983b7e0e6c22ac0affc900bc89e10N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	349983b7e0e6c22ac0affc900bc89e10N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	349983b7e0e6c22ac0affc900bc89e10N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	349983b7e0e6c22ac0affc900bc89e10N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2990742725-2267136959-192470804-1000\Control Panel\International\Geo\Nation	349983b7e0e6c22ac0affc900bc89e10N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	349983b7e0e6c22ac0affc900bc89e10N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\V:	349983b7e0e6c22ac0affc900bc89e10N.exe
File opened (read-only)	\??\W:	349983b7e0e6c22ac0affc900bc89e10N.exe
File opened (read-only)	\??\X:	349983b7e0e6c22ac0affc900bc89e10N.exe
File opened (read-only)	\??\Y:	349983b7e0e6c22ac0affc900bc89e10N.exe
File opened (read-only)	\??\L:	349983b7e0e6c22ac0affc900bc89e10N.exe
File opened (read-only)	\??\N:	349983b7e0e6c22ac0affc900bc89e10N.exe
File opened (read-only)	\??\O:	349983b7e0e6c22ac0affc900bc89e10N.exe
File opened (read-only)	\??\P:	349983b7e0e6c22ac0affc900bc89e10N.exe
File opened (read-only)	\??\S:	349983b7e0e6c22ac0affc900bc89e10N.exe
File opened (read-only)	\??\J:	349983b7e0e6c22ac0affc900bc89e10N.exe
File opened (read-only)	\??\M:	349983b7e0e6c22ac0affc900bc89e10N.exe
File opened (read-only)	\??\Q:	349983b7e0e6c22ac0affc900bc89e10N.exe
File opened (read-only)	\??\R:	349983b7e0e6c22ac0affc900bc89e10N.exe
File opened (read-only)	\??\Z:	349983b7e0e6c22ac0affc900bc89e10N.exe
File opened (read-only)	\??\A:	349983b7e0e6c22ac0affc900bc89e10N.exe
File opened (read-only)	\??\E:	349983b7e0e6c22ac0affc900bc89e10N.exe
File opened (read-only)	\??\G:	349983b7e0e6c22ac0affc900bc89e10N.exe
File opened (read-only)	\??\I:	349983b7e0e6c22ac0affc900bc89e10N.exe
File opened (read-only)	\??\U:	349983b7e0e6c22ac0affc900bc89e10N.exe
File opened (read-only)	\??\B:	349983b7e0e6c22ac0affc900bc89e10N.exe
File opened (read-only)	\??\H:	349983b7e0e6c22ac0affc900bc89e10N.exe
File opened (read-only)	\??\K:	349983b7e0e6c22ac0affc900bc89e10N.exe
File opened (read-only)	\??\T:	349983b7e0e6c22ac0affc900bc89e10N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\xxx [free] glans boots .zip.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\fucking public boots .rar.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\gay licking 40+ .avi.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\beast hidden mature (Sonja,Karin).mpg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\System32\DriverStore\Temp\danish beastiality bukkake several models titts .mpeg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\swedish nude lingerie catfight gorgeoushorny .mpeg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\tyrkish handjob beast [milf] (Sarah).zip.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\italian cumshot sperm several models upskirt .rar.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\SysWOW64\FxsTmp\bukkake masturbation .rar.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\horse public sm .rar.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\SysWOW64\FxsTmp\blowjob big bedroom .rar.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\brasilian handjob blowjob public .rar.exe	349983b7e0e6c22ac0affc900bc89e10N.exe

Drops file in Program Files directory 19 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\russian porn trambling several models cock circumcision .zip.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\american horse hardcore catfight (Curtney).mpg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Program Files (x86)\Google\Temp\norwegian xxx voyeur sm .mpeg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Program Files (x86)\Microsoft\Temp\tyrkish beastiality trambling hot (!) sweet .mpeg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Program Files\Microsoft Office\root\Templates\american handjob sperm masturbation latex .rar.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\italian action sperm girls feet young .rar.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\gay several models .zip.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\swedish fetish hardcore girls lady .mpeg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\brasilian cum gay [bangbus] glans latex .avi.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\indian kicking horse sleeping glans (Gina,Sarah).mpeg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Program Files (x86)\Microsoft\Temp\EU8898.tmp\american porn blowjob several models shoes .avi.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\japanese nude fucking [milf] .avi.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\russian horse horse licking feet .zip.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\fucking catfight .mpg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\brasilian gang bang bukkake uncut YEâPSè& (Jenna,Janette).mpeg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Program Files (x86)\Google\Update\Download\indian fetish xxx public latex .avi.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Program Files\Common Files\microsoft shared\fucking voyeur cock mistress .rar.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Program Files\dotnet\shared\xxx masturbation shoes .avi.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\brasilian fetish fucking [free] cock (Kathrin,Sylvia).avi.exe	349983b7e0e6c22ac0affc900bc89e10N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\animal sperm voyeur feet Ôï (Curtney).mpg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\assembly\temp\japanese porn trambling hidden (Liz).rar.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\CbsTemp\xxx [milf] blondie .mpeg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\russian beastiality fucking licking cock black hairunshaved (Curtney).mpg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\trambling public high heels .mpg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\handjob trambling masturbation hole swallow .rar.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\malaysia beast girls pregnant .mpeg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\PLA\Templates\russian handjob beast sleeping glans lady .mpeg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\horse uncut titts .mpg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\italian horse gay [free] feet granny .mpeg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\canadian gay public stockings .mpg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\brasilian nude fucking big .mpg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\british beast several models stockings (Kathrin,Tatjana).zip.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\italian kicking horse voyeur cock hairy .mpeg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\assembly\tmp\horse lesbian stockings .mpg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\japanese beastiality trambling hot (!) pregnant .mpeg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\norwegian trambling [milf] feet latex .rar.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\norwegian beast full movie bondage (Sonja,Liz).zip.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\spanish beast masturbation swallow (Britney,Curtney).mpg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\blowjob big .mpg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\templates\japanese porn bukkake several models hotel .zip.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\sperm hidden fishy .mpeg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\gang bang lingerie masturbation .zip.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\american horse fucking several models glans (Britney,Jade).avi.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\tyrkish action sperm [milf] feet Ôï (Samantha).avi.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\Downloaded Program Files\american handjob hardcore masturbation glans YEâPSè& .zip.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\swedish gang bang beast sleeping penetration .rar.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\american horse trambling public titts .rar.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\gang bang bukkake public fishy .avi.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\japanese horse lingerie hidden .rar.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\lingerie voyeur glans castration (Jade).mpg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\spanish blowjob [bangbus] hole beautyfull (Samantha).rar.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\american action blowjob voyeur cock sm .zip.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\chinese lesbian voyeur balls .rar.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\norwegian blowjob several models mature .zip.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\swedish handjob sperm hot (!) young .avi.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\fucking uncut feet gorgeoushorny .zip.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\fucking public cock (Kathrin,Tatjana).zip.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\russian nude fucking [milf] latex .zip.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\sperm sleeping beautyfull .avi.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\bukkake masturbation feet .rar.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\gay several models circumcision (Kathrin,Sarah).mpeg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\french beast [milf] glans .mpg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\porn gay big hole stockings (Sarah).mpg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\InputMethod\SHARED\beastiality trambling hot (!) titts .mpg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\russian cum sperm [free] .mpg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\british hardcore public hole .mpeg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\asian beast several models bedroom .mpg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\lesbian sleeping hole upskirt (Jade).zip.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\canadian blowjob full movie cock redhair (Karin).zip.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\japanese horse hardcore masturbation swallow .zip.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\blowjob masturbation hole .mpg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\lesbian masturbation feet .avi.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\swedish kicking beast sleeping 50+ .mpeg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\fetish horse several models granny (Christine,Karin).avi.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\brasilian nude bukkake lesbian castration .rar.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\cum gay girls Ôï .avi.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\asian hardcore girls cock shoes (Samantha).rar.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\african blowjob hot (!) gorgeoushorny .mpeg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\african gay masturbation stockings .avi.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\porn trambling big .mpeg.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\brasilian beastiality gay [milf] hole bedroom .zip.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\danish fetish trambling big cock .avi.exe	349983b7e0e6c22ac0affc900bc89e10N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\japanese gang bang sperm masturbation balls .zip.exe	349983b7e0e6c22ac0affc900bc89e10N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 54 IoCs

pid	Process
4760	349983b7e0e6c22ac0affc900bc89e10N.exe
4760	349983b7e0e6c22ac0affc900bc89e10N.exe
4768	349983b7e0e6c22ac0affc900bc89e10N.exe
4768	349983b7e0e6c22ac0affc900bc89e10N.exe
4760	349983b7e0e6c22ac0affc900bc89e10N.exe
4760	349983b7e0e6c22ac0affc900bc89e10N.exe
1128	349983b7e0e6c22ac0affc900bc89e10N.exe
1128	349983b7e0e6c22ac0affc900bc89e10N.exe
4228	349983b7e0e6c22ac0affc900bc89e10N.exe
4228	349983b7e0e6c22ac0affc900bc89e10N.exe
4768	349983b7e0e6c22ac0affc900bc89e10N.exe
4768	349983b7e0e6c22ac0affc900bc89e10N.exe
4760	349983b7e0e6c22ac0affc900bc89e10N.exe
4760	349983b7e0e6c22ac0affc900bc89e10N.exe
4776	349983b7e0e6c22ac0affc900bc89e10N.exe
4776	349983b7e0e6c22ac0affc900bc89e10N.exe
1848	349983b7e0e6c22ac0affc900bc89e10N.exe
1848	349983b7e0e6c22ac0affc900bc89e10N.exe
2692	349983b7e0e6c22ac0affc900bc89e10N.exe
2692	349983b7e0e6c22ac0affc900bc89e10N.exe
1128	349983b7e0e6c22ac0affc900bc89e10N.exe
4768	349983b7e0e6c22ac0affc900bc89e10N.exe
1128	349983b7e0e6c22ac0affc900bc89e10N.exe
4768	349983b7e0e6c22ac0affc900bc89e10N.exe
4428	349983b7e0e6c22ac0affc900bc89e10N.exe
4428	349983b7e0e6c22ac0affc900bc89e10N.exe
4760	349983b7e0e6c22ac0affc900bc89e10N.exe
4760	349983b7e0e6c22ac0affc900bc89e10N.exe
4228	349983b7e0e6c22ac0affc900bc89e10N.exe
4228	349983b7e0e6c22ac0affc900bc89e10N.exe
4072	349983b7e0e6c22ac0affc900bc89e10N.exe
4072	349983b7e0e6c22ac0affc900bc89e10N.exe
2600	349983b7e0e6c22ac0affc900bc89e10N.exe
2600	349983b7e0e6c22ac0affc900bc89e10N.exe
1128	349983b7e0e6c22ac0affc900bc89e10N.exe
1128	349983b7e0e6c22ac0affc900bc89e10N.exe
4768	349983b7e0e6c22ac0affc900bc89e10N.exe
4768	349983b7e0e6c22ac0affc900bc89e10N.exe
1404	349983b7e0e6c22ac0affc900bc89e10N.exe
1404	349983b7e0e6c22ac0affc900bc89e10N.exe
4760	349983b7e0e6c22ac0affc900bc89e10N.exe
4760	349983b7e0e6c22ac0affc900bc89e10N.exe
2492	349983b7e0e6c22ac0affc900bc89e10N.exe
2492	349983b7e0e6c22ac0affc900bc89e10N.exe
4228	349983b7e0e6c22ac0affc900bc89e10N.exe
4228	349983b7e0e6c22ac0affc900bc89e10N.exe
2728	349983b7e0e6c22ac0affc900bc89e10N.exe
2728	349983b7e0e6c22ac0affc900bc89e10N.exe
4776	349983b7e0e6c22ac0affc900bc89e10N.exe
4776	349983b7e0e6c22ac0affc900bc89e10N.exe
3636	349983b7e0e6c22ac0affc900bc89e10N.exe
3636	349983b7e0e6c22ac0affc900bc89e10N.exe
4144	349983b7e0e6c22ac0affc900bc89e10N.exe
4144	349983b7e0e6c22ac0affc900bc89e10N.exe

Suspicious use of WriteProcessMemory 60 IoCs

description	pid	Process	procid_target
PID 4760 wrote to memory of 4768	4760	349983b7e0e6c22ac0affc900bc89e10N.exe	88
PID 4760 wrote to memory of 4768	4760	349983b7e0e6c22ac0affc900bc89e10N.exe	88
PID 4760 wrote to memory of 4768	4760	349983b7e0e6c22ac0affc900bc89e10N.exe	88
PID 4768 wrote to memory of 1128	4768	349983b7e0e6c22ac0affc900bc89e10N.exe	89
PID 4768 wrote to memory of 1128	4768	349983b7e0e6c22ac0affc900bc89e10N.exe	89
PID 4768 wrote to memory of 1128	4768	349983b7e0e6c22ac0affc900bc89e10N.exe	89
PID 4760 wrote to memory of 4228	4760	349983b7e0e6c22ac0affc900bc89e10N.exe	90
PID 4760 wrote to memory of 4228	4760	349983b7e0e6c22ac0affc900bc89e10N.exe	90
PID 4760 wrote to memory of 4228	4760	349983b7e0e6c22ac0affc900bc89e10N.exe	90
PID 1128 wrote to memory of 2692	1128	349983b7e0e6c22ac0affc900bc89e10N.exe	91
PID 1128 wrote to memory of 2692	1128	349983b7e0e6c22ac0affc900bc89e10N.exe	91
PID 1128 wrote to memory of 2692	1128	349983b7e0e6c22ac0affc900bc89e10N.exe	91
PID 4768 wrote to memory of 4776	4768	349983b7e0e6c22ac0affc900bc89e10N.exe	92
PID 4768 wrote to memory of 4776	4768	349983b7e0e6c22ac0affc900bc89e10N.exe	92
PID 4768 wrote to memory of 4776	4768	349983b7e0e6c22ac0affc900bc89e10N.exe	92
PID 4760 wrote to memory of 1848	4760	349983b7e0e6c22ac0affc900bc89e10N.exe	93
PID 4760 wrote to memory of 1848	4760	349983b7e0e6c22ac0affc900bc89e10N.exe	93
PID 4760 wrote to memory of 1848	4760	349983b7e0e6c22ac0affc900bc89e10N.exe	93
PID 4228 wrote to memory of 4428	4228	349983b7e0e6c22ac0affc900bc89e10N.exe	94
PID 4228 wrote to memory of 4428	4228	349983b7e0e6c22ac0affc900bc89e10N.exe	94
PID 4228 wrote to memory of 4428	4228	349983b7e0e6c22ac0affc900bc89e10N.exe	94
PID 1128 wrote to memory of 4072	1128	349983b7e0e6c22ac0affc900bc89e10N.exe	95
PID 1128 wrote to memory of 4072	1128	349983b7e0e6c22ac0affc900bc89e10N.exe	95
PID 1128 wrote to memory of 4072	1128	349983b7e0e6c22ac0affc900bc89e10N.exe	95
PID 4768 wrote to memory of 2600	4768	349983b7e0e6c22ac0affc900bc89e10N.exe	96
PID 4768 wrote to memory of 2600	4768	349983b7e0e6c22ac0affc900bc89e10N.exe	96
PID 4768 wrote to memory of 2600	4768	349983b7e0e6c22ac0affc900bc89e10N.exe	96
PID 4760 wrote to memory of 1404	4760	349983b7e0e6c22ac0affc900bc89e10N.exe	97
PID 4760 wrote to memory of 1404	4760	349983b7e0e6c22ac0affc900bc89e10N.exe	97
PID 4760 wrote to memory of 1404	4760	349983b7e0e6c22ac0affc900bc89e10N.exe	97
PID 4228 wrote to memory of 2492	4228	349983b7e0e6c22ac0affc900bc89e10N.exe	98
PID 4228 wrote to memory of 2492	4228	349983b7e0e6c22ac0affc900bc89e10N.exe	98
PID 4228 wrote to memory of 2492	4228	349983b7e0e6c22ac0affc900bc89e10N.exe	98
PID 4776 wrote to memory of 2728	4776	349983b7e0e6c22ac0affc900bc89e10N.exe	99
PID 4776 wrote to memory of 2728	4776	349983b7e0e6c22ac0affc900bc89e10N.exe	99
PID 4776 wrote to memory of 2728	4776	349983b7e0e6c22ac0affc900bc89e10N.exe	99
PID 2692 wrote to memory of 3636	2692	349983b7e0e6c22ac0affc900bc89e10N.exe	100
PID 2692 wrote to memory of 3636	2692	349983b7e0e6c22ac0affc900bc89e10N.exe	100
PID 2692 wrote to memory of 3636	2692	349983b7e0e6c22ac0affc900bc89e10N.exe	100
PID 1848 wrote to memory of 4144	1848	349983b7e0e6c22ac0affc900bc89e10N.exe	101
PID 1848 wrote to memory of 4144	1848	349983b7e0e6c22ac0affc900bc89e10N.exe	101
PID 1848 wrote to memory of 4144	1848	349983b7e0e6c22ac0affc900bc89e10N.exe	101
PID 4428 wrote to memory of 4108	4428	349983b7e0e6c22ac0affc900bc89e10N.exe	102
PID 4428 wrote to memory of 4108	4428	349983b7e0e6c22ac0affc900bc89e10N.exe	102
PID 4428 wrote to memory of 4108	4428	349983b7e0e6c22ac0affc900bc89e10N.exe	102
PID 1128 wrote to memory of 2044	1128	349983b7e0e6c22ac0affc900bc89e10N.exe	106
PID 1128 wrote to memory of 2044	1128	349983b7e0e6c22ac0affc900bc89e10N.exe	106
PID 1128 wrote to memory of 2044	1128	349983b7e0e6c22ac0affc900bc89e10N.exe	106
PID 4768 wrote to memory of 2620	4768	349983b7e0e6c22ac0affc900bc89e10N.exe	107
PID 4768 wrote to memory of 2620	4768	349983b7e0e6c22ac0affc900bc89e10N.exe	107
PID 4768 wrote to memory of 2620	4768	349983b7e0e6c22ac0affc900bc89e10N.exe	107
PID 4760 wrote to memory of 2356	4760	349983b7e0e6c22ac0affc900bc89e10N.exe	109
PID 4760 wrote to memory of 2356	4760	349983b7e0e6c22ac0affc900bc89e10N.exe	109
PID 4760 wrote to memory of 2356	4760	349983b7e0e6c22ac0affc900bc89e10N.exe	109
PID 2600 wrote to memory of 2952	2600	349983b7e0e6c22ac0affc900bc89e10N.exe	110
PID 2600 wrote to memory of 2952	2600	349983b7e0e6c22ac0affc900bc89e10N.exe	110
PID 2600 wrote to memory of 2952	2600	349983b7e0e6c22ac0affc900bc89e10N.exe	110
PID 4072 wrote to memory of 4916	4072	349983b7e0e6c22ac0affc900bc89e10N.exe	111
PID 4072 wrote to memory of 4916	4072	349983b7e0e6c22ac0affc900bc89e10N.exe	111
PID 4072 wrote to memory of 4916	4072	349983b7e0e6c22ac0affc900bc89e10N.exe	111

C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
"C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4760
- C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
  "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4768
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1128
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2692
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:3636
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:3748
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:6300
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        8⤵
        
        PID:10984
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        8⤵
        
        PID:14756
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:8088
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        8⤵
        
        PID:16380
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:11272
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:15600
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:5888
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:10152
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        8⤵
        
        PID:12024
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:19976
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:7524
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:14556
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:20516
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:10388
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:14056
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:14788
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:20992
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:4248
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:5976
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:10164
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        8⤵
        
        PID:14148
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:13964
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:3988
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:15068
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:13640
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:10432
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:14820
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:21124
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:5400
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:8012
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:17644
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:11224
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:14928
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:7072
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:13228
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:18080
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:9324
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:11284
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:12504
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:17424
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:4072
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:4916
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:5484
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:8516
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        8⤵
        
        PID:16368
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:11564
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:16076
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:6292
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:13548
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:18092
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:9336
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:20176
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:12656
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:3736
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:5212
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:6924
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:13296
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:17660
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:8760
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:20148
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:11960
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:16472
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:6700
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:12800
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:17448
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:8732
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:19096
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:12256
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:17112
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:2044
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:3220
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:6772
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:12300
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:17784
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:8768
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:19988
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:12248
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:17104
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:6404
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:2300
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:14940
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:8408
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:20084
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:11588
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:16100
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:1108
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:6592
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:12584
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:17368
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:8680
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:19856
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:11652
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:16176
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:6384
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:12816
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:17464
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:8416
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:18632
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:11404
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:15792
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4776
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:2156
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:6180
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:11168
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:14672
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:8080
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:18516
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:8400
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:15568
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:5688
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:10260
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:13104
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:14612
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:20764
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:6524
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:13884
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:19652
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:9388
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:20068
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:12856
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:17520
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:3504
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:6012
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:10836
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:15188
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:15708
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:7592
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:15504
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:10596
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:14980
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:21132
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:5356
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:7288
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:14628
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:20956
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:9760
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:11760
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:13908
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:19660
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:6968
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:13276
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:17748
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:8992
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:5012
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:12280
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:17120
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2600
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:2952
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:5676
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:10212
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:13988
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:14548
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:20508
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:6152
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:14368
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:19808
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:9372
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:20124
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:12776
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:17676
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:5176
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:6904
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:12824
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:17512
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:9000
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:19820
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:12264
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:17128
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:6684
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:12808
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:17440
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:8724
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:20092
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:11988
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:16500
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:2620
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:3548
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:6556
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:11572
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:16092
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:8652
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:20076
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:11624
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:16128
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:6416
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:13304
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:17668
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:8672
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:18616
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:11708
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:16184
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:1092
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:6544
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:11876
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:15512
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:8436
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:19088
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:11396
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:15552
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:6424
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:11928
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:16420
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:8688
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:19016
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:11644
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:16120
- C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
  "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4228
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4428
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:4108
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:4212
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:6168
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:10996
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:15328
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:8036
        
        C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        7⤵
        
        PID:18188
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:2304
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:15116
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:5732
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:10732
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:15180
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:7296
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:14680
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:20756
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:9460
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:2056
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:13220
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:17724
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:4232
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:6108
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:10976
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:15224
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:15668
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:7804
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:18416
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:10852
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:15216
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:5416
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:7812
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:18624
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:11020
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:15288
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:7092
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:14360
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:1812
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:9140
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:3216
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:12492
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:17260
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2492
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:1592
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:6160
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:10740
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:15232
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:8072
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:17692
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:11388
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:15928
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:5668
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:8744
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:20168
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:12348
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:17228
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:6240
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:12292
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:17756
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:9344
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:1412
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:12556
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:1736
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:1440
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:6024
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:11052
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:14748
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:7584
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:14308
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:10408
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:20836
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:14828
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:21004
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:5320
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:6996
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:12164
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:17844
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:9228
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:20156
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:12456
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:17304
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:6864
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:12172
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:17708
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:8984
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:20100
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:10356
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:17236
- C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
  "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1848
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4144
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:4120
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:6096
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:10748
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:15240
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:8100
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:17700
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:11076
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:15584
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:5772
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:8752
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:19916
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:12012
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:16676
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:7480
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:15560
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:10000
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:11908
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:14060
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:19848
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:4504
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:6104
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:11040
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:2040
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:8028
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:16880
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:9644
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:15020
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:5424
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:8572
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:18524
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:11556
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:16084
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:7164
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:13284
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:17740
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:9416
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:20140
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:12792
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:17432
- C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
  "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1404
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:2432
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:5276
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:10400
      - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        6⤵
        
        PID:1392
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:14812
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:20984
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:7840
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:16220
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:11012
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:4788
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:5504
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:8144
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:18180
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:11376
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:15896
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:6332
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:13716
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:18736
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:9380
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:12036
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:12784
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:17504
- C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
  "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
  2⤵
  PID:2356
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:5476
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:7820
    - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
        5⤵
        
        PID:17044
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:10844
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:15196
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:6608
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:14352
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:5744
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:9352
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:11844
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:12848
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:17416
- C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
  "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
  2⤵
  PID:5168
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:6916
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:4820
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:18064
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:8968
  - - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
      "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
      4⤵
      PID:20116
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:12272
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:17136
- C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
  "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
  2⤵
  PID:6600
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:13268
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:17716
- C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
  "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
  2⤵
  PID:8696
- - C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
    "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
    3⤵
    PID:19124
- C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
  "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
  2⤵
  PID:12240
- C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe
  "C:\Users\Admin\AppData\Local\Temp\349983b7e0e6c22ac0affc900bc89e10N.exe"
  2⤵
  PID:17096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\brasilian fetish fucking [free] cock (Kathrin,Sylvia).avi.exe

Filesize
706KB

MD5
8f18d4fef206bab3330d9927731991ba

SHA1
a378046e9df19b04b6be4635e7ae14f810b74c5c

SHA256
9c631826535ddf7b6e7e816c87df7b04554e89111911d244fb10863c22903790

SHA512
2007ef5d354e06f32499abee344cd3724bd578b43a416447d5afe8167859c3415a3e58b40c3a762050edb54cc3f3f0a645d4996fe836df157bc794953341a287

Download Submit
memory/1404-187-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1592-194-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2492-188-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2620-191-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2952-193-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3548-196-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3636-189-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4072-186-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4120-195-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4144-190-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4428-185-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4760-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4768-39-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4916-192-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5212-197-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5276-211-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5320-198-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5356-199-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5476-200-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5484-201-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5504-202-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5668-204-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5688-203-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5772-205-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5888-206-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5976-207-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6012-208-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6024-209-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6096-212-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6104-213-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6108-210-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6152-236-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6160-214-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6168-215-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6180-216-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6240-237-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6292-234-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6300-217-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6332-238-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6384-220-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6404-221-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6416-218-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6424-219-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6544-222-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6592-223-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6600-224-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6684-225-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6700-226-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6772-227-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6904-228-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6916-229-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6924-230-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6968-231-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6996-232-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7072-233-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7164-235-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7288-239-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7480-240-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7524-241-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7552-242-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7584-243-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7592-244-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7812-246-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7820-245-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7840-247-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8036-249-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8100-248-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8144-250-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8408-251-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8416-252-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8436-253-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8516-254-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8572-255-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8672-256-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8688-257-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8696-258-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8984-259-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8992-260-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9140-261-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9228-262-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9324-263-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9344-266-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9372-267-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9380-268-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9388-269-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9416-264-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9460-265-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9760-270-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/10000-271-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/10152-272-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/10164-273-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/10212-274-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/10260-275-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/10388-276-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/10400-277-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/10408-278-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download