8647fa02cd74b7c226e70fd0f70b1a609986fc3e4e325388ebbc5dafe5954296

Analysis

max time kernel
15s
max time network
120s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 20:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

07341af55df6d04b633e6b1336b03730N.exe
Size

490KB
MD5

07341af55df6d04b633e6b1336b03730
SHA1

e3b77c4bbb11613730706bfe04b1207c36301517
SHA256

8647fa02cd74b7c226e70fd0f70b1a609986fc3e4e325388ebbc5dafe5954296
SHA512

19b7e543c03ecb77562820d8bcb2fc0c270b47f6e54850e79a2278e320abdab20b2af2b8272ff66c466e8a90d5047742bc93ba3b100691f8e903db70b7c7ed6a
SSDEEP

12288:dXCNi9BW7ArNmI0Zeilbpowdym4WWjSC7QvCHPkjh8I:oWRRmpZeIB4oAk18I

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	07341af55df6d04b633e6b1336b03730N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	07341af55df6d04b633e6b1336b03730N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	07341af55df6d04b633e6b1336b03730N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	07341af55df6d04b633e6b1336b03730N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	07341af55df6d04b633e6b1336b03730N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	07341af55df6d04b633e6b1336b03730N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	07341af55df6d04b633e6b1336b03730N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	07341af55df6d04b633e6b1336b03730N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	07341af55df6d04b633e6b1336b03730N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	07341af55df6d04b633e6b1336b03730N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	07341af55df6d04b633e6b1336b03730N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	07341af55df6d04b633e6b1336b03730N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	07341af55df6d04b633e6b1336b03730N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	07341af55df6d04b633e6b1336b03730N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	07341af55df6d04b633e6b1336b03730N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	07341af55df6d04b633e6b1336b03730N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	07341af55df6d04b633e6b1336b03730N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\B:	07341af55df6d04b633e6b1336b03730N.exe
File opened (read-only)	\??\J:	07341af55df6d04b633e6b1336b03730N.exe
File opened (read-only)	\??\L:	07341af55df6d04b633e6b1336b03730N.exe
File opened (read-only)	\??\P:	07341af55df6d04b633e6b1336b03730N.exe
File opened (read-only)	\??\U:	07341af55df6d04b633e6b1336b03730N.exe
File opened (read-only)	\??\Y:	07341af55df6d04b633e6b1336b03730N.exe
File opened (read-only)	\??\A:	07341af55df6d04b633e6b1336b03730N.exe
File opened (read-only)	\??\M:	07341af55df6d04b633e6b1336b03730N.exe
File opened (read-only)	\??\O:	07341af55df6d04b633e6b1336b03730N.exe
File opened (read-only)	\??\Q:	07341af55df6d04b633e6b1336b03730N.exe
File opened (read-only)	\??\R:	07341af55df6d04b633e6b1336b03730N.exe
File opened (read-only)	\??\V:	07341af55df6d04b633e6b1336b03730N.exe
File opened (read-only)	\??\W:	07341af55df6d04b633e6b1336b03730N.exe
File opened (read-only)	\??\H:	07341af55df6d04b633e6b1336b03730N.exe
File opened (read-only)	\??\I:	07341af55df6d04b633e6b1336b03730N.exe
File opened (read-only)	\??\E:	07341af55df6d04b633e6b1336b03730N.exe
File opened (read-only)	\??\G:	07341af55df6d04b633e6b1336b03730N.exe
File opened (read-only)	\??\K:	07341af55df6d04b633e6b1336b03730N.exe
File opened (read-only)	\??\N:	07341af55df6d04b633e6b1336b03730N.exe
File opened (read-only)	\??\S:	07341af55df6d04b633e6b1336b03730N.exe
File opened (read-only)	\??\T:	07341af55df6d04b633e6b1336b03730N.exe
File opened (read-only)	\??\X:	07341af55df6d04b633e6b1336b03730N.exe
File opened (read-only)	\??\Z:	07341af55df6d04b633e6b1336b03730N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\FxsTmp\swedish gang bang masturbation titts .zip.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\canadian beastiality horse uncut .avi.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\brasilian gang bang lesbian titts .mpg.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\lesbian [bangbus] .avi.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\SysWOW64\FxsTmp\african handjob licking (Sylvia).rar.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\african animal action several models pregnant (Melissa,Christine).zip.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\beast xxx voyeur .mpg.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\asian cum kicking voyeur .rar.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\british trambling licking .avi.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\canadian gang bang [free] titts high heels .zip.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\brasilian fucking catfight boobs mistress (Liz,Sonja).mpeg.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\System32\DriverStore\Temp\horse kicking catfight hole .avi.exe	07341af55df6d04b633e6b1336b03730N.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\black fucking [free] .avi.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\german lingerie trambling sleeping vagina .zip.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\indian gay gay public (Ashley,Christine).avi.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\horse nude several models hairy .avi.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Program Files\Common Files\microsoft shared\african lesbian beast girls .rar.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\swedish gay several models legs penetration .zip.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\spanish gay beast licking femdom (Jenna).rar.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Program Files\Microsoft Office\root\Templates\nude several models cock .zip.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\swedish animal hardcore hidden boobs latex .mpg.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Program Files (x86)\Google\Temp\swedish trambling blowjob sleeping hairy .avi.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\american horse big feet (Samantha,Tatjana).avi.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Program Files\dotnet\shared\german beastiality fetish big glans penetration .mpeg.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\lesbian handjob [milf] pregnant .rar.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\british hardcore bukkake several models (Ashley,Karin).mpeg.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\african gang bang action [free] bondage (Sonja).mpeg.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\trambling horse [bangbus] .avi.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Program Files (x86)\Google\Update\Download\trambling beastiality lesbian .rar.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Program Files (x86)\Microsoft\Temp\swedish beast sleeping lady .zip.exe	07341af55df6d04b633e6b1336b03730N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.1_none_abfc9db6c377b91f\trambling [free] ejaculation .zip.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\assembly\tmp\japanese cumshot girls feet ash (Jade,Janette).zip.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\kicking hardcore hot (!) glans shoes .zip.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\canadian lingerie voyeur 40+ .avi.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\french kicking [bangbus] bondage .rar.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\spanish sperm uncut glans young .zip.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\norwegian action big ash stockings .rar.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\security\templates\gay blowjob big mistress .avi.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\indian animal girls vagina .zip.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\asian horse several models .rar.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\cumshot porn hot (!) lady .mpeg.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\french fetish sleeping .avi.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\PLA\Templates\chinese beast [free] (Tatjana,Sarah).mpg.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\black lesbian action full movie hole shoes .zip.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\american blowjob porn lesbian stockings .rar.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\norwegian kicking gang bang public sweet .avi.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\german fetish lesbian boots (Gina,Karin).zip.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\swedish horse [bangbus] .avi.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\kicking nude hot (!) .avi.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\cum catfight ash redhair .zip.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\french nude lesbian masturbation (Samantha).zip.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\sperm big cock .mpg.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\indian nude lesbian several models .mpeg.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\trambling several models traffic (Gina,Jenna).zip.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\action nude uncut glans boots .avi.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\animal kicking catfight hairy .avi.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\bukkake blowjob girls upskirt .rar.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\malaysia kicking [milf] feet swallow .avi.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\italian animal hidden legs leather (Jenna,Janette).mpeg.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\animal masturbation femdom .zip.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\mssrv.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\InputMethod\SHARED\french horse gang bang girls .rar.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\russian fucking cumshot big YEâPSè& .rar.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\sperm lingerie sleeping .rar.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\Downloaded Program Files\bukkake full movie .zip.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\chinese sperm [free] nipples .mpeg.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\tyrkish animal beast girls (Britney,Sarah).avi.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\xxx gang bang licking .mpg.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\african fetish cum public titts hairy .mpeg.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\hardcore big .rar.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\black horse sleeping boobs .mpg.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\malaysia horse fetish uncut .zip.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\fetish blowjob sleeping blondie (Sandy).mpg.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\italian kicking masturbation hotel .zip.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\asian lesbian fucking girls Ôï .avi.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\indian gay lesbian hole bondage (Sonja).avi.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\norwegian bukkake lesbian legs shower (Sarah,Christine).avi.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\assembly\temp\cum hot (!) bondage (Sylvia).mpeg.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\SoftwareDistribution\Download\nude nude several models .mpg.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\chinese nude horse big feet .mpg.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\blowjob beast hidden .zip.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\spanish kicking hidden femdom .zip.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\chinese blowjob beastiality big .mpg.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\handjob public .avi.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\animal [free] .avi.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\gay [milf] latex (Sylvia).zip.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\brasilian horse nude licking .rar.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\black gang bang porn licking .mpeg.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\nude hot (!) fishy (Ashley).avi.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\beast public .zip.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\horse nude full movie cock Œã .mpg.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\gang bang catfight YEâPSè& (Sylvia).mpeg.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\norwegian handjob public stockings .mpg.exe	07341af55df6d04b633e6b1336b03730N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\british action big .rar.exe	07341af55df6d04b633e6b1336b03730N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1744	07341af55df6d04b633e6b1336b03730N.exe
1744	07341af55df6d04b633e6b1336b03730N.exe
3360	07341af55df6d04b633e6b1336b03730N.exe
3360	07341af55df6d04b633e6b1336b03730N.exe
1744	07341af55df6d04b633e6b1336b03730N.exe
1744	07341af55df6d04b633e6b1336b03730N.exe
3416	07341af55df6d04b633e6b1336b03730N.exe
3416	07341af55df6d04b633e6b1336b03730N.exe
3664	07341af55df6d04b633e6b1336b03730N.exe
3664	07341af55df6d04b633e6b1336b03730N.exe
3360	07341af55df6d04b633e6b1336b03730N.exe
3360	07341af55df6d04b633e6b1336b03730N.exe
1744	07341af55df6d04b633e6b1336b03730N.exe
1744	07341af55df6d04b633e6b1336b03730N.exe
1316	07341af55df6d04b633e6b1336b03730N.exe
1316	07341af55df6d04b633e6b1336b03730N.exe
3796	07341af55df6d04b633e6b1336b03730N.exe
3796	07341af55df6d04b633e6b1336b03730N.exe
1852	07341af55df6d04b633e6b1336b03730N.exe
1852	07341af55df6d04b633e6b1336b03730N.exe
3360	07341af55df6d04b633e6b1336b03730N.exe
3360	07341af55df6d04b633e6b1336b03730N.exe
1744	07341af55df6d04b633e6b1336b03730N.exe
1744	07341af55df6d04b633e6b1336b03730N.exe
2120	07341af55df6d04b633e6b1336b03730N.exe
2120	07341af55df6d04b633e6b1336b03730N.exe
3416	07341af55df6d04b633e6b1336b03730N.exe
3416	07341af55df6d04b633e6b1336b03730N.exe
3664	07341af55df6d04b633e6b1336b03730N.exe
3664	07341af55df6d04b633e6b1336b03730N.exe
3232	07341af55df6d04b633e6b1336b03730N.exe
3232	07341af55df6d04b633e6b1336b03730N.exe
4820	07341af55df6d04b633e6b1336b03730N.exe
4820	07341af55df6d04b633e6b1336b03730N.exe
3360	07341af55df6d04b633e6b1336b03730N.exe
3360	07341af55df6d04b633e6b1336b03730N.exe
5004	07341af55df6d04b633e6b1336b03730N.exe
5004	07341af55df6d04b633e6b1336b03730N.exe
4248	07341af55df6d04b633e6b1336b03730N.exe
4248	07341af55df6d04b633e6b1336b03730N.exe
1744	07341af55df6d04b633e6b1336b03730N.exe
1744	07341af55df6d04b633e6b1336b03730N.exe
1316	07341af55df6d04b633e6b1336b03730N.exe
3416	07341af55df6d04b633e6b1336b03730N.exe
3416	07341af55df6d04b633e6b1336b03730N.exe
1316	07341af55df6d04b633e6b1336b03730N.exe
4612	07341af55df6d04b633e6b1336b03730N.exe
4612	07341af55df6d04b633e6b1336b03730N.exe
3664	07341af55df6d04b633e6b1336b03730N.exe
3664	07341af55df6d04b633e6b1336b03730N.exe
1712	07341af55df6d04b633e6b1336b03730N.exe
1712	07341af55df6d04b633e6b1336b03730N.exe
1512	07341af55df6d04b633e6b1336b03730N.exe
1512	07341af55df6d04b633e6b1336b03730N.exe
3796	07341af55df6d04b633e6b1336b03730N.exe
3796	07341af55df6d04b633e6b1336b03730N.exe
1852	07341af55df6d04b633e6b1336b03730N.exe
1852	07341af55df6d04b633e6b1336b03730N.exe
5020	07341af55df6d04b633e6b1336b03730N.exe
5020	07341af55df6d04b633e6b1336b03730N.exe
2120	07341af55df6d04b633e6b1336b03730N.exe
2120	07341af55df6d04b633e6b1336b03730N.exe
1824	07341af55df6d04b633e6b1336b03730N.exe
1824	07341af55df6d04b633e6b1336b03730N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1744 wrote to memory of 3360	1744	07341af55df6d04b633e6b1336b03730N.exe	87
PID 1744 wrote to memory of 3360	1744	07341af55df6d04b633e6b1336b03730N.exe	87
PID 1744 wrote to memory of 3360	1744	07341af55df6d04b633e6b1336b03730N.exe	87
PID 3360 wrote to memory of 3416	3360	07341af55df6d04b633e6b1336b03730N.exe	88
PID 3360 wrote to memory of 3416	3360	07341af55df6d04b633e6b1336b03730N.exe	88
PID 3360 wrote to memory of 3416	3360	07341af55df6d04b633e6b1336b03730N.exe	88
PID 1744 wrote to memory of 3664	1744	07341af55df6d04b633e6b1336b03730N.exe	89
PID 1744 wrote to memory of 3664	1744	07341af55df6d04b633e6b1336b03730N.exe	89
PID 1744 wrote to memory of 3664	1744	07341af55df6d04b633e6b1336b03730N.exe	89
PID 3360 wrote to memory of 1316	3360	07341af55df6d04b633e6b1336b03730N.exe	90
PID 3360 wrote to memory of 1316	3360	07341af55df6d04b633e6b1336b03730N.exe	90
PID 3360 wrote to memory of 1316	3360	07341af55df6d04b633e6b1336b03730N.exe	90
PID 1744 wrote to memory of 3796	1744	07341af55df6d04b633e6b1336b03730N.exe	91
PID 1744 wrote to memory of 3796	1744	07341af55df6d04b633e6b1336b03730N.exe	91
PID 1744 wrote to memory of 3796	1744	07341af55df6d04b633e6b1336b03730N.exe	91
PID 3416 wrote to memory of 1852	3416	07341af55df6d04b633e6b1336b03730N.exe	92
PID 3416 wrote to memory of 1852	3416	07341af55df6d04b633e6b1336b03730N.exe	92
PID 3416 wrote to memory of 1852	3416	07341af55df6d04b633e6b1336b03730N.exe	92
PID 3664 wrote to memory of 2120	3664	07341af55df6d04b633e6b1336b03730N.exe	93
PID 3664 wrote to memory of 2120	3664	07341af55df6d04b633e6b1336b03730N.exe	93
PID 3664 wrote to memory of 2120	3664	07341af55df6d04b633e6b1336b03730N.exe	93
PID 3360 wrote to memory of 3232	3360	07341af55df6d04b633e6b1336b03730N.exe	94
PID 3360 wrote to memory of 3232	3360	07341af55df6d04b633e6b1336b03730N.exe	94
PID 3360 wrote to memory of 3232	3360	07341af55df6d04b633e6b1336b03730N.exe	94
PID 1744 wrote to memory of 4820	1744	07341af55df6d04b633e6b1336b03730N.exe	95
PID 1744 wrote to memory of 4820	1744	07341af55df6d04b633e6b1336b03730N.exe	95
PID 1744 wrote to memory of 4820	1744	07341af55df6d04b633e6b1336b03730N.exe	95
PID 3416 wrote to memory of 5004	3416	07341af55df6d04b633e6b1336b03730N.exe	96
PID 3416 wrote to memory of 5004	3416	07341af55df6d04b633e6b1336b03730N.exe	96
PID 3416 wrote to memory of 5004	3416	07341af55df6d04b633e6b1336b03730N.exe	96
PID 1316 wrote to memory of 4248	1316	07341af55df6d04b633e6b1336b03730N.exe	97
PID 1316 wrote to memory of 4248	1316	07341af55df6d04b633e6b1336b03730N.exe	97
PID 1316 wrote to memory of 4248	1316	07341af55df6d04b633e6b1336b03730N.exe	97
PID 3664 wrote to memory of 4612	3664	07341af55df6d04b633e6b1336b03730N.exe	98
PID 3664 wrote to memory of 4612	3664	07341af55df6d04b633e6b1336b03730N.exe	98
PID 3664 wrote to memory of 4612	3664	07341af55df6d04b633e6b1336b03730N.exe	98
PID 3796 wrote to memory of 1712	3796	07341af55df6d04b633e6b1336b03730N.exe	99
PID 3796 wrote to memory of 1712	3796	07341af55df6d04b633e6b1336b03730N.exe	99
PID 3796 wrote to memory of 1712	3796	07341af55df6d04b633e6b1336b03730N.exe	99
PID 1852 wrote to memory of 1512	1852	07341af55df6d04b633e6b1336b03730N.exe	100
PID 1852 wrote to memory of 1512	1852	07341af55df6d04b633e6b1336b03730N.exe	100
PID 1852 wrote to memory of 1512	1852	07341af55df6d04b633e6b1336b03730N.exe	100
PID 2120 wrote to memory of 5020	2120	07341af55df6d04b633e6b1336b03730N.exe	101
PID 2120 wrote to memory of 5020	2120	07341af55df6d04b633e6b1336b03730N.exe	101
PID 2120 wrote to memory of 5020	2120	07341af55df6d04b633e6b1336b03730N.exe	101
PID 3360 wrote to memory of 1824	3360	07341af55df6d04b633e6b1336b03730N.exe	102
PID 3360 wrote to memory of 1824	3360	07341af55df6d04b633e6b1336b03730N.exe	102
PID 3360 wrote to memory of 1824	3360	07341af55df6d04b633e6b1336b03730N.exe	102
PID 1744 wrote to memory of 4064	1744	07341af55df6d04b633e6b1336b03730N.exe	103
PID 1744 wrote to memory of 4064	1744	07341af55df6d04b633e6b1336b03730N.exe	103
PID 1744 wrote to memory of 4064	1744	07341af55df6d04b633e6b1336b03730N.exe	103
PID 1316 wrote to memory of 2828	1316	07341af55df6d04b633e6b1336b03730N.exe	104
PID 1316 wrote to memory of 2828	1316	07341af55df6d04b633e6b1336b03730N.exe	104
PID 1316 wrote to memory of 2828	1316	07341af55df6d04b633e6b1336b03730N.exe	104
PID 3416 wrote to memory of 3016	3416	07341af55df6d04b633e6b1336b03730N.exe	105
PID 3416 wrote to memory of 3016	3416	07341af55df6d04b633e6b1336b03730N.exe	105
PID 3416 wrote to memory of 3016	3416	07341af55df6d04b633e6b1336b03730N.exe	105
PID 3232 wrote to memory of 4172	3232	07341af55df6d04b633e6b1336b03730N.exe	106
PID 3232 wrote to memory of 4172	3232	07341af55df6d04b633e6b1336b03730N.exe	106
PID 3232 wrote to memory of 4172	3232	07341af55df6d04b633e6b1336b03730N.exe	106
PID 3664 wrote to memory of 216	3664	07341af55df6d04b633e6b1336b03730N.exe	107
PID 3664 wrote to memory of 216	3664	07341af55df6d04b633e6b1336b03730N.exe	107
PID 3664 wrote to memory of 216	3664	07341af55df6d04b633e6b1336b03730N.exe	107
PID 3796 wrote to memory of 1832	3796	07341af55df6d04b633e6b1336b03730N.exe	108

C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
"C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1744
- C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
  "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3360
- - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
    "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3416
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:1852
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:1512
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        7⤵
        
        PID:5944
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        8⤵
        
        PID:9720
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        9⤵
        
        PID:7696
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        8⤵
        
        PID:13212
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        8⤵
        
        PID:15052
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        8⤵
        
        PID:20648
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        7⤵
        
        PID:7264
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        8⤵
        
        PID:15396
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        8⤵
        
        PID:20004
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        7⤵
        
        PID:9704
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        8⤵
        
        PID:21548
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        7⤵
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        7⤵
        
        PID:19780
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:4596
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        7⤵
        
        PID:8264
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        7⤵
        
        PID:11368
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        8⤵
        
        PID:20984
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        7⤵
        
        PID:15312
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        7⤵
        
        PID:19720
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:6220
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        7⤵
        
        PID:11700
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        8⤵
        
        PID:21888
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        7⤵
        
        PID:16768
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        7⤵
        
        PID:22200
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:8424
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:12212
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        7⤵
        
        PID:20416
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:15220
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:19488
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:2240
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:6028
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        7⤵
        
        PID:9544
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        8⤵
        
        PID:25660
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        7⤵
        
        PID:12840
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        7⤵
        
        PID:15108
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        7⤵
        
        PID:20012
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:7660
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        7⤵
        
        PID:14936
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        7⤵
        
        PID:19788
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:9828
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:756
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:19852
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:2520
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:8340
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:11532
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:16736
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:22444
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:6452
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:11716
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        7⤵
        
        PID:3460
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:16776
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:22348
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:8548
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:7816
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:12360
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:20672
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:15156
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:19764
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:5004
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:3180
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:5776
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        7⤵
        
        PID:9292
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        8⤵
        
        PID:25832
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        7⤵
        
        PID:13100
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        7⤵
        
        PID:15076
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        7⤵
        
        PID:19504
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:7080
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        7⤵
        
        PID:16680
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        7⤵
        
        PID:22428
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:9948
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:16712
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:22160
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:4028
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:7988
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        7⤵
        
        PID:15984
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        7⤵
        
        PID:20508
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:10816
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:644
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:20060
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:6236
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:11864
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:14980
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:19380
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:8508
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:9896
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:12240
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:22536
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:15212
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:19472
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:3016
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:5836
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:8492
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:12272
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        7⤵
        
        PID:20424
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:15196
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:4040
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:7028
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:16652
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:22136
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:9920
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:7628
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:16720
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:22168
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:1276
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:8400
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:12176
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:20884
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:15236
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:20472
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:6228
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:11736
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:21512
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:16792
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:22372
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:8516
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:25716
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:12256
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:4444
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:15204
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:20448
- - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
    "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1316
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4248
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:2784
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:5924
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        7⤵
        
        PID:9352
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        7⤵
        
        PID:13188
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        7⤵
        
        PID:15044
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        7⤵
        
        PID:19268
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:7036
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        7⤵
        
        PID:15412
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        7⤵
        
        PID:20432
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:9928
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:16704
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:22176
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:1612
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:7768
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        7⤵
        
        PID:15372
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        7⤵
        
        PID:20068
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:10612
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        7⤵
        
        PID:22404
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:3364
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:19736
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:6244
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:11824
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        7⤵
        
        PID:20908
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:16808
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:22396
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:8556
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:12368
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:20040
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:15172
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:20456
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:2828
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:5844
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:9408
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:13228
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:15036
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:17824
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:7216
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:15544
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:20632
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:10096
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:12512
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:15552
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:20640
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:1648
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:8128
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:16020
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:20664
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:11092
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:14084
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:19876
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:6300
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:11296
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:21520
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:15320
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:19696
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:8272
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:11388
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:23444
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:15276
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:20052
- - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
    "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3232
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:4172
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:5880
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:9396
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        7⤵
        
        PID:8060
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:13084
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:15084
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:19512
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:7256
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:15484
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:20484
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:10088
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:15492
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:19752
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:1720
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:8100
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:16824
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:22420
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:10996
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:4752
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:19728
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:6276
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:11544
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:22544
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:16728
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:22192
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:8416
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:12168
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:5104
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:15244
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:19464
- - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
    "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1824
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:6064
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:9712
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:14480
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:13540
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:15004
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:19244
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:7584
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:15388
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:20372
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:10248
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:22520
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:14988
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:19224
- - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
    "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
    3⤵
    PID:4208
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:9344
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:13092
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:15092
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:19480
- - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
    "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
    3⤵
    PID:6268
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:11840
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:20960
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:16816
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:22380
- - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
    "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
    3⤵
    PID:8452
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:12528
- - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
    "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
    3⤵
    PID:12248
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:20688
- - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
    "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
    3⤵
    PID:14964
- - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
    "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
    3⤵
    PID:19196
- C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
  "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3664
- - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
    "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2120
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:5020
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:3824
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:5932
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        7⤵
        
        PID:9600
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        7⤵
        
        PID:13108
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        7⤵
        
        PID:14944
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        7⤵
        
        PID:19176
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:7232
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        7⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        7⤵
        
        PID:19796
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:10104
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:15452
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:920
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:3984
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        7⤵
        
        PID:15268
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        7⤵
        
        PID:19844
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:10532
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        7⤵
        
        PID:21528
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:4564
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:19756
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:6212
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:11832
        
        C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        7⤵
        
        PID:2664
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:16800
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:22388
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:8564
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:7720
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:12376
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:4388
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:15164
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:19340
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:2276
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:5768
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:8852
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:12716
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:15116
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:19276
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:4348
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:15436
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:4288
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:10060
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:16664
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:22340
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:3456
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:8120
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:16096
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:5008
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:10964
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:1820
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:19868
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:6724
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:13332
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:15060
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:18880
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:8848
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:11420
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:12800
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:15100
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:19676
- - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
    "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4612
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:2116
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:5888
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:9332
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:13148
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:14972
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:19404
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:7208
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:15404
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:20156
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:10080
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:15972
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:20612
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:3792
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:8288
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:11396
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:22804
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:14952
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:19184
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:6252
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:11376
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:15304
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:19704
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:8928
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:12708
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:20680
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:15124
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:19520
- - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
    "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
    3⤵
    PID:216
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:5852
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:9752
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:3992
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:13384
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:15012
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:17460
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:7180
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:15364
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:20044
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:10052
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:13452
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:16672
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:22364
- - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
    "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
    3⤵
    PID:1660
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:7740
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:10440
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:15348
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:19712
- - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
    "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
    3⤵
    PID:6600
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:12328
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:20408
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:15180
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:19496
- - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
    "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
    3⤵
    PID:9016
- - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
    "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
    3⤵
    PID:12572
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:20400
- - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
    "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
    3⤵
    PID:15132
- - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
    "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
    3⤵
    PID:20164
- C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
  "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3796
- - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
    "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:1712
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:4376
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:6056
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:9484
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:13164
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:15028
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:19576
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:7564
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:15380
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:20076
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:9572
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:3116
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:20500
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:2960
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:8392
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:25652
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:12220
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:2384
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:15228
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:20440
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:6260
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:11560
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:4176
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:16752
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:22220
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:8736
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:12564
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:18272
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:25224
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:15140
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:4972
- - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
    "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
    3⤵
    PID:1832
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:5760
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:8332
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:11552
      - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        6⤵
        
        PID:20032
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:16744
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:22412
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:7116
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:16292
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:22184
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:9956
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:21536
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:16688
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:22144
- - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
    "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
    3⤵
    PID:1964
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:8196
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:16004
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:21964
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:10448
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:15340
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:19860
- - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
    "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
    3⤵
    PID:6292
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:11880
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:20940
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:15260
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:4732
- - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
    "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
    3⤵
    PID:8728
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:20176
- - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
    "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
    3⤵
    PID:11992
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:20900
- - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
    "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
    3⤵
    PID:15188
- - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
    "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
    3⤵
    PID:4944
- C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
  "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:4820
- - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
    "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
    3⤵
    PID:5080
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:5916
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:9360
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:13156
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:14996
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:19396
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:7248
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:15428
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:20492
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:10156
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:20656
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:14928
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:19772
- - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
    "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
    3⤵
    PID:3436
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:7552
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:10068
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:11596
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:15356
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:19836
- - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
    "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
    3⤵
    PID:6360
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:11708
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:20892
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:16760
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:22436
- - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
    "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
    3⤵
    PID:8720
- - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
    "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
    3⤵
    PID:12532
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:20700
- - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
    "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
    3⤵
    PID:15148
- - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
    "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
    3⤵
    PID:20464
- C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
  "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
  2⤵
  PID:4064
- - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
    "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
    3⤵
    PID:5828
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:9312
    - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
        5⤵
        
        PID:9748
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:13172
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:15068
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:20604
- - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
    "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
    3⤵
    PID:7200
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:15420
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:19592
- - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
    "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
    3⤵
    PID:9964
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:22232
- - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
    "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
    3⤵
    PID:16696
- - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
    "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
    3⤵
    PID:22152
- C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
  "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
  2⤵
  PID:3740
- - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
    "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
    3⤵
    PID:9320
- - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
    "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
    3⤵
    PID:13180
- - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
    "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
    3⤵
    PID:15020
- - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
    "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
    3⤵
    PID:19284
- C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
  "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
  2⤵
  PID:6284
- - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
    "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
    3⤵
    PID:11796
  - - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
      "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
      4⤵
      PID:21928
- - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
    "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
    3⤵
    PID:16784
- - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
    "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
    3⤵
    PID:22356
- C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
  "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
  2⤵
  PID:8500
- - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
    "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
    3⤵
    PID:25760
- C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
  "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
  2⤵
  PID:12048
- - C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
    "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
    3⤵
    PID:20028
- C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
  "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
  2⤵
  PID:15252
- C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe
  "C:\Users\Admin\AppData\Local\Temp\07341af55df6d04b633e6b1336b03730N.exe"
  2⤵
  PID:4924

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\black fucking [free] .avi.exe

Filesize
712KB

MD5
22b4b9e5d9e016384b04f7a50fbd0137

SHA1
1e3da95599675d22f575bfb5ad87aed95e80c803

SHA256
6e52174fe31688c42d90fe72d31ac1a25aae25316fb20f2771112db9dd12ea4a

SHA512
ab1c4661311e1de4fae3e317ae6613a5707444e97da62f3f4490627fd4b3253a5ddaa3940c98dee3f7fdf1df17c09bf9ab4435e2293d59f4d9f99c6486a8f525

Download Submit
C:\debug.txt

Filesize
146B

MD5
5bfda25950d4c6040b915a9f3de230df

SHA1
a39a34f533dae9d352e11cca2d4773b4edd0b7b1

SHA256
2c4805c002ac71c990874d846df7f0c3b6443aa3edc280308af6f2128228948d

SHA512
dd2e240c01d59545b0a77960fd4f073621071f11fe223dd20fd70ac987cf3043c4ddcc70b86b5f570d67e5d28b7be46363dd219575781aa07456fbcdd1c9823f

Download Submit
memory/216-239-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1316-216-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1512-232-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1612-247-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1660-249-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1720-251-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1744-0-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1824-233-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1832-237-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1852-217-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/1964-250-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2120-218-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2240-238-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2276-241-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2520-248-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/2784-243-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3016-235-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3180-242-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3416-186-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3436-245-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3740-246-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/3792-244-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4064-234-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4172-236-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4248-230-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/4612-231-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5004-229-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5080-240-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5760-252-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5776-253-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5828-254-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5836-255-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5880-256-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5888-257-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5916-258-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5932-260-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/5944-259-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6056-261-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6064-262-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6212-267-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6252-265-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6260-264-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6276-266-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6292-268-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6300-263-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6360-270-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/6452-269-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7028-271-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7036-272-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7080-273-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7200-274-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7208-275-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7216-276-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7232-277-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7248-278-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7256-279-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7264-280-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7584-281-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7660-282-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7740-287-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/7988-283-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8120-284-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8128-285-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8196-286-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8264-288-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8288-289-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8332-290-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8392-291-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8424-297-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8452-292-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8492-293-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8500-294-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8508-295-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8516-296-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8548-300-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8556-302-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8564-298-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8720-299-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8728-301-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/8928-303-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9016-304-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9292-305-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9312-306-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9344-307-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9352-308-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9360-309-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9396-310-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9484-312-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9544-313-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9600-314-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9712-315-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9720-316-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9920-317-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9928-318-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/9948-319-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download
memory/10052-320-0x0000000000400000-0x000000000042B000-memory.dmp

Filesize
172KB

Download