632a93c0aa21835c559c8ab3f37235cec56af61719cbb37e115ecd822bcfdbb3

Analysis

max time kernel
108s
max time network
113s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
20/07/2024, 17:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f303074b9e3f955524c3b47d7eb0bb70N.exe
Size

920KB
MD5

f303074b9e3f955524c3b47d7eb0bb70
SHA1

9ded5078c914a3d617237d3c7178aed75b16af04
SHA256

632a93c0aa21835c559c8ab3f37235cec56af61719cbb37e115ecd822bcfdbb3
SHA512

290601268fddc17d0706a1774db08d959e997634fd18bc06e4175854dd0a268b662a5b5b31d7633e3d3fb695bbcefb204aec35bf9fa02ad55b15f1ce609d6ed1
SSDEEP

24576:2wORH9uFgGf2w6qOkZOrHKhKq0pvhljvilP5cz:h6uFFf26dAk0pvhlvilPyz

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 23 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	f303074b9e3f955524c3b47d7eb0bb70N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	f303074b9e3f955524c3b47d7eb0bb70N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	f303074b9e3f955524c3b47d7eb0bb70N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	f303074b9e3f955524c3b47d7eb0bb70N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	f303074b9e3f955524c3b47d7eb0bb70N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	f303074b9e3f955524c3b47d7eb0bb70N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	f303074b9e3f955524c3b47d7eb0bb70N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	f303074b9e3f955524c3b47d7eb0bb70N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	f303074b9e3f955524c3b47d7eb0bb70N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	f303074b9e3f955524c3b47d7eb0bb70N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	f303074b9e3f955524c3b47d7eb0bb70N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	f303074b9e3f955524c3b47d7eb0bb70N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	f303074b9e3f955524c3b47d7eb0bb70N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	f303074b9e3f955524c3b47d7eb0bb70N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	f303074b9e3f955524c3b47d7eb0bb70N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	f303074b9e3f955524c3b47d7eb0bb70N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	f303074b9e3f955524c3b47d7eb0bb70N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	f303074b9e3f955524c3b47d7eb0bb70N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	f303074b9e3f955524c3b47d7eb0bb70N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	f303074b9e3f955524c3b47d7eb0bb70N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	f303074b9e3f955524c3b47d7eb0bb70N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	f303074b9e3f955524c3b47d7eb0bb70N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1176886754-713327781-2233697964-1000\Control Panel\International\Geo\Nation	f303074b9e3f955524c3b47d7eb0bb70N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	f303074b9e3f955524c3b47d7eb0bb70N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\B:	f303074b9e3f955524c3b47d7eb0bb70N.exe
File opened (read-only)	\??\N:	f303074b9e3f955524c3b47d7eb0bb70N.exe
File opened (read-only)	\??\O:	f303074b9e3f955524c3b47d7eb0bb70N.exe
File opened (read-only)	\??\P:	f303074b9e3f955524c3b47d7eb0bb70N.exe
File opened (read-only)	\??\Y:	f303074b9e3f955524c3b47d7eb0bb70N.exe
File opened (read-only)	\??\I:	f303074b9e3f955524c3b47d7eb0bb70N.exe
File opened (read-only)	\??\K:	f303074b9e3f955524c3b47d7eb0bb70N.exe
File opened (read-only)	\??\L:	f303074b9e3f955524c3b47d7eb0bb70N.exe
File opened (read-only)	\??\Q:	f303074b9e3f955524c3b47d7eb0bb70N.exe
File opened (read-only)	\??\W:	f303074b9e3f955524c3b47d7eb0bb70N.exe
File opened (read-only)	\??\R:	f303074b9e3f955524c3b47d7eb0bb70N.exe
File opened (read-only)	\??\S:	f303074b9e3f955524c3b47d7eb0bb70N.exe
File opened (read-only)	\??\T:	f303074b9e3f955524c3b47d7eb0bb70N.exe
File opened (read-only)	\??\E:	f303074b9e3f955524c3b47d7eb0bb70N.exe
File opened (read-only)	\??\G:	f303074b9e3f955524c3b47d7eb0bb70N.exe
File opened (read-only)	\??\H:	f303074b9e3f955524c3b47d7eb0bb70N.exe
File opened (read-only)	\??\J:	f303074b9e3f955524c3b47d7eb0bb70N.exe
File opened (read-only)	\??\M:	f303074b9e3f955524c3b47d7eb0bb70N.exe
File opened (read-only)	\??\U:	f303074b9e3f955524c3b47d7eb0bb70N.exe
File opened (read-only)	\??\V:	f303074b9e3f955524c3b47d7eb0bb70N.exe
File opened (read-only)	\??\Z:	f303074b9e3f955524c3b47d7eb0bb70N.exe
File opened (read-only)	\??\A:	f303074b9e3f955524c3b47d7eb0bb70N.exe
File opened (read-only)	\??\X:	f303074b9e3f955524c3b47d7eb0bb70N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\spanish sperm fucking uncut girly .mpg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\canadian fetish xxx public (Ashley,Ashley).mpg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\spanish lesbian voyeur vagina (Sonja).rar.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\SysWOW64\FxsTmp\swedish handjob blowjob big ash hairy (Samantha,Sylvia).mpeg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\british blowjob [bangbus] redhair .mpg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\sperm uncut .rar.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\german gay public shoes .avi.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\System32\DriverStore\Temp\swedish fucking licking .mpeg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\xxx action full movie wifey .mpeg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\SysWOW64\FxsTmp\swedish lingerie [milf] legs wifey .mpg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\horse fetish lesbian YEâPSè& (Ashley).mpeg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\cum trambling [milf] nipples YEâPSè& (Sylvia).mpeg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\Templates\bukkake kicking public redhair .mpg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\russian handjob sleeping legs .mpeg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\russian trambling licking glans beautyfull (Sonja).zip.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Program Files\dotnet\shared\asian sperm porn several models shower .avi.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\nude [milf] boots .rar.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\cum hardcore catfight nipples boots .avi.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\british bukkake girls 40+ .mpeg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Program Files (x86)\Google\Update\Download\porn fetish big feet hotel .zip.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\animal action uncut .zip.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\british horse hot (!) (Sonja).mpg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Program Files (x86)\Microsoft\Temp\indian trambling girls gorgeoushorny (Sonja,Curtney).mpeg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\black xxx beastiality public feet lady .avi.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Program Files (x86)\Google\Temp\black nude hidden ash hairy .mpeg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Program Files\Common Files\microsoft shared\italian lingerie gay full movie ash femdom .avi.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\canadian nude [milf] .zip.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\blowjob hidden nipples bedroom (Sonja,Sylvia).zip.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\swedish beastiality beast full movie femdom .avi.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\fetish girls hole high heels .rar.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\sperm lingerie several models femdom (Sonja).mpg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_e79b400a6df5fd2c\canadian animal xxx big shower .rar.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_64\Temp\chinese handjob lesbian .avi.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\CbsTemp\russian hardcore horse masturbation shower .avi.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\PLA\Templates\indian beastiality licking gorgeoushorny (Sarah).mpg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.906_none_ef0e010d1381269b\japanese blowjob [free] fishy .zip.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\assembly\tmp\canadian porn animal masturbation feet .zip.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\american trambling public mistress (Gina).mpeg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\swedish animal bukkake lesbian glans mature (Curtney).mpg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\japanese hardcore blowjob uncut sweet .mpeg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\gang bang big .rar.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_62312bfbb33d478a\trambling [milf] ash YEâPSè& .rar.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\german blowjob masturbation latex .avi.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\cumshot uncut swallow .mpg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\indian sperm xxx uncut high heels .mpeg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\german beast action several models .zip.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\Downloaded Program Files\gang bang action sleeping hole granny .mpg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\brasilian trambling blowjob hidden hole granny (Sandy).zip.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\assembly\temp\swedish blowjob girls .mpeg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\brasilian nude uncut bedroom .mpg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\italian cumshot animal [milf] femdom (Anniston,Sandy).avi.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.964_none_1c1a193f5bfcf136\malaysia xxx lingerie uncut cock .rar.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\asian beastiality hidden titts upskirt .mpeg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\african cum full movie granny (Sonja).avi.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\german handjob kicking lesbian 50+ (Tatjana,Britney).zip.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\fetish hardcore public cock .zip.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-m..ineshared.resources_31bf3856ad364e35_10.0.19041.1_en-us_99ddc8ce8d3d6dac\asian kicking action [bangbus] gorgeoushorny (Sarah,Jenna).zip.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\animal horse hidden .zip.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\horse full movie .rar.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\french beastiality masturbation .mpeg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\japanese fucking hardcore voyeur .mpeg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.844_none_67b5915b5651dd8a\asian bukkake fucking voyeur cock .mpeg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\handjob hidden .avi.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\chinese lingerie animal public stockings (Sandy,Sarah).avi.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\japanese fetish licking boobs shoes (Anniston).avi.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_10.0.19041.1_none_c6da8048542fddc7\italian gang bang horse licking cock fishy .avi.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-mccs-engineshared_31bf3856ad364e35_10.0.19041.746_none_d404daff82e97769\horse full movie circumcision .mpg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_89c0bf1761110f07\spanish beast porn voyeur glans stockings (Christine,Christine).mpeg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\danish sperm lesbian cock gorgeoushorny .zip.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\bukkake several models bondage .avi.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-nfs-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_fd7349c396c417ae\japanese animal porn full movie .rar.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\InputMethod\SHARED\indian blowjob full movie hole shoes .mpeg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\xxx beastiality several models .avi.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\lingerie kicking [bangbus] penetration (Jenna,Sylvia).rar.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\beastiality trambling hidden (Sandy,Gina).mpg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\japanese gay catfight .rar.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\japanese gang bang [milf] .zip.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\mssrv.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\security\templates\french bukkake uncut traffic .zip.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\action uncut Ôï .mpg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\brasilian lingerie xxx girls blondie .mpg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\canadian fetish cumshot voyeur .rar.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\black handjob [free] feet (Kathrin).mpg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\SoftwareDistribution\Download\porn handjob hidden .rar.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\swedish trambling lingerie uncut (Liz).avi.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\french trambling [bangbus] .rar.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-ime-eashared-ccshared_31bf3856ad364e35_10.0.19041.1_none_8c0b126c198fcf70\sperm porn uncut vagina .mpeg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\blowjob fucking voyeur traffic .mpg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\beastiality handjob sleeping (Sylvia,Liz).mpg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.1_none_f3b35d713ce0fc7f\asian beast public black hairunshaved .rar.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\norwegian beastiality hidden feet 50+ (Ashley).rar.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\asian sperm horse masturbation vagina .mpeg.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\fetish action voyeur cock swallow .zip.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\bukkake hardcore voyeur .avi.exe	f303074b9e3f955524c3b47d7eb0bb70N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3128	f303074b9e3f955524c3b47d7eb0bb70N.exe
3128	f303074b9e3f955524c3b47d7eb0bb70N.exe
2444	f303074b9e3f955524c3b47d7eb0bb70N.exe
2444	f303074b9e3f955524c3b47d7eb0bb70N.exe
3128	f303074b9e3f955524c3b47d7eb0bb70N.exe
3128	f303074b9e3f955524c3b47d7eb0bb70N.exe
2756	f303074b9e3f955524c3b47d7eb0bb70N.exe
2756	f303074b9e3f955524c3b47d7eb0bb70N.exe
4608	f303074b9e3f955524c3b47d7eb0bb70N.exe
4608	f303074b9e3f955524c3b47d7eb0bb70N.exe
3128	f303074b9e3f955524c3b47d7eb0bb70N.exe
3128	f303074b9e3f955524c3b47d7eb0bb70N.exe
2444	f303074b9e3f955524c3b47d7eb0bb70N.exe
2444	f303074b9e3f955524c3b47d7eb0bb70N.exe
444	f303074b9e3f955524c3b47d7eb0bb70N.exe
444	f303074b9e3f955524c3b47d7eb0bb70N.exe
2956	f303074b9e3f955524c3b47d7eb0bb70N.exe
2956	f303074b9e3f955524c3b47d7eb0bb70N.exe
4464	f303074b9e3f955524c3b47d7eb0bb70N.exe
4464	f303074b9e3f955524c3b47d7eb0bb70N.exe
3128	f303074b9e3f955524c3b47d7eb0bb70N.exe
2444	f303074b9e3f955524c3b47d7eb0bb70N.exe
3128	f303074b9e3f955524c3b47d7eb0bb70N.exe
2444	f303074b9e3f955524c3b47d7eb0bb70N.exe
4608	f303074b9e3f955524c3b47d7eb0bb70N.exe
4608	f303074b9e3f955524c3b47d7eb0bb70N.exe
2756	f303074b9e3f955524c3b47d7eb0bb70N.exe
2756	f303074b9e3f955524c3b47d7eb0bb70N.exe
3856	f303074b9e3f955524c3b47d7eb0bb70N.exe
3856	f303074b9e3f955524c3b47d7eb0bb70N.exe
4596	f303074b9e3f955524c3b47d7eb0bb70N.exe
4596	f303074b9e3f955524c3b47d7eb0bb70N.exe
4428	f303074b9e3f955524c3b47d7eb0bb70N.exe
4428	f303074b9e3f955524c3b47d7eb0bb70N.exe
3128	f303074b9e3f955524c3b47d7eb0bb70N.exe
3128	f303074b9e3f955524c3b47d7eb0bb70N.exe
2308	f303074b9e3f955524c3b47d7eb0bb70N.exe
2308	f303074b9e3f955524c3b47d7eb0bb70N.exe
2444	f303074b9e3f955524c3b47d7eb0bb70N.exe
2444	f303074b9e3f955524c3b47d7eb0bb70N.exe
4468	f303074b9e3f955524c3b47d7eb0bb70N.exe
4468	f303074b9e3f955524c3b47d7eb0bb70N.exe
2756	f303074b9e3f955524c3b47d7eb0bb70N.exe
2756	f303074b9e3f955524c3b47d7eb0bb70N.exe
4608	f303074b9e3f955524c3b47d7eb0bb70N.exe
3024	f303074b9e3f955524c3b47d7eb0bb70N.exe
4608	f303074b9e3f955524c3b47d7eb0bb70N.exe
3024	f303074b9e3f955524c3b47d7eb0bb70N.exe
3384	f303074b9e3f955524c3b47d7eb0bb70N.exe
3384	f303074b9e3f955524c3b47d7eb0bb70N.exe
444	f303074b9e3f955524c3b47d7eb0bb70N.exe
444	f303074b9e3f955524c3b47d7eb0bb70N.exe
4464	f303074b9e3f955524c3b47d7eb0bb70N.exe
4464	f303074b9e3f955524c3b47d7eb0bb70N.exe
4908	f303074b9e3f955524c3b47d7eb0bb70N.exe
4908	f303074b9e3f955524c3b47d7eb0bb70N.exe
2956	f303074b9e3f955524c3b47d7eb0bb70N.exe
2956	f303074b9e3f955524c3b47d7eb0bb70N.exe
4324	f303074b9e3f955524c3b47d7eb0bb70N.exe
4324	f303074b9e3f955524c3b47d7eb0bb70N.exe
3128	f303074b9e3f955524c3b47d7eb0bb70N.exe
3128	f303074b9e3f955524c3b47d7eb0bb70N.exe
4672	f303074b9e3f955524c3b47d7eb0bb70N.exe
4672	f303074b9e3f955524c3b47d7eb0bb70N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3128 wrote to memory of 2444	3128	f303074b9e3f955524c3b47d7eb0bb70N.exe	87
PID 3128 wrote to memory of 2444	3128	f303074b9e3f955524c3b47d7eb0bb70N.exe	87
PID 3128 wrote to memory of 2444	3128	f303074b9e3f955524c3b47d7eb0bb70N.exe	87
PID 2444 wrote to memory of 4608	2444	f303074b9e3f955524c3b47d7eb0bb70N.exe	92
PID 2444 wrote to memory of 4608	2444	f303074b9e3f955524c3b47d7eb0bb70N.exe	92
PID 2444 wrote to memory of 4608	2444	f303074b9e3f955524c3b47d7eb0bb70N.exe	92
PID 3128 wrote to memory of 2756	3128	f303074b9e3f955524c3b47d7eb0bb70N.exe	93
PID 3128 wrote to memory of 2756	3128	f303074b9e3f955524c3b47d7eb0bb70N.exe	93
PID 3128 wrote to memory of 2756	3128	f303074b9e3f955524c3b47d7eb0bb70N.exe	93
PID 3128 wrote to memory of 444	3128	f303074b9e3f955524c3b47d7eb0bb70N.exe	94
PID 3128 wrote to memory of 444	3128	f303074b9e3f955524c3b47d7eb0bb70N.exe	94
PID 3128 wrote to memory of 444	3128	f303074b9e3f955524c3b47d7eb0bb70N.exe	94
PID 2444 wrote to memory of 4464	2444	f303074b9e3f955524c3b47d7eb0bb70N.exe	95
PID 2444 wrote to memory of 4464	2444	f303074b9e3f955524c3b47d7eb0bb70N.exe	95
PID 2444 wrote to memory of 4464	2444	f303074b9e3f955524c3b47d7eb0bb70N.exe	95
PID 4608 wrote to memory of 2956	4608	f303074b9e3f955524c3b47d7eb0bb70N.exe	96
PID 4608 wrote to memory of 2956	4608	f303074b9e3f955524c3b47d7eb0bb70N.exe	96
PID 4608 wrote to memory of 2956	4608	f303074b9e3f955524c3b47d7eb0bb70N.exe	96
PID 2756 wrote to memory of 2828	2756	f303074b9e3f955524c3b47d7eb0bb70N.exe	97
PID 2756 wrote to memory of 2828	2756	f303074b9e3f955524c3b47d7eb0bb70N.exe	97
PID 2756 wrote to memory of 2828	2756	f303074b9e3f955524c3b47d7eb0bb70N.exe	97
PID 3128 wrote to memory of 3856	3128	f303074b9e3f955524c3b47d7eb0bb70N.exe	99
PID 3128 wrote to memory of 3856	3128	f303074b9e3f955524c3b47d7eb0bb70N.exe	99
PID 3128 wrote to memory of 3856	3128	f303074b9e3f955524c3b47d7eb0bb70N.exe	99
PID 2444 wrote to memory of 4428	2444	f303074b9e3f955524c3b47d7eb0bb70N.exe	100
PID 2444 wrote to memory of 4428	2444	f303074b9e3f955524c3b47d7eb0bb70N.exe	100
PID 2444 wrote to memory of 4428	2444	f303074b9e3f955524c3b47d7eb0bb70N.exe	100
PID 2756 wrote to memory of 4596	2756	f303074b9e3f955524c3b47d7eb0bb70N.exe	101
PID 2756 wrote to memory of 4596	2756	f303074b9e3f955524c3b47d7eb0bb70N.exe	101
PID 2756 wrote to memory of 4596	2756	f303074b9e3f955524c3b47d7eb0bb70N.exe	101
PID 4608 wrote to memory of 2308	4608	f303074b9e3f955524c3b47d7eb0bb70N.exe	102
PID 4608 wrote to memory of 2308	4608	f303074b9e3f955524c3b47d7eb0bb70N.exe	102
PID 4608 wrote to memory of 2308	4608	f303074b9e3f955524c3b47d7eb0bb70N.exe	102
PID 444 wrote to memory of 4468	444	f303074b9e3f955524c3b47d7eb0bb70N.exe	103
PID 444 wrote to memory of 4468	444	f303074b9e3f955524c3b47d7eb0bb70N.exe	103
PID 444 wrote to memory of 4468	444	f303074b9e3f955524c3b47d7eb0bb70N.exe	103
PID 4464 wrote to memory of 3024	4464	f303074b9e3f955524c3b47d7eb0bb70N.exe	104
PID 4464 wrote to memory of 3024	4464	f303074b9e3f955524c3b47d7eb0bb70N.exe	104
PID 4464 wrote to memory of 3024	4464	f303074b9e3f955524c3b47d7eb0bb70N.exe	104
PID 2956 wrote to memory of 3384	2956	f303074b9e3f955524c3b47d7eb0bb70N.exe	105
PID 2956 wrote to memory of 3384	2956	f303074b9e3f955524c3b47d7eb0bb70N.exe	105
PID 2956 wrote to memory of 3384	2956	f303074b9e3f955524c3b47d7eb0bb70N.exe	105
PID 3128 wrote to memory of 4324	3128	f303074b9e3f955524c3b47d7eb0bb70N.exe	108
PID 3128 wrote to memory of 4324	3128	f303074b9e3f955524c3b47d7eb0bb70N.exe	108
PID 3128 wrote to memory of 4324	3128	f303074b9e3f955524c3b47d7eb0bb70N.exe	108
PID 2444 wrote to memory of 4672	2444	f303074b9e3f955524c3b47d7eb0bb70N.exe	109
PID 2444 wrote to memory of 4672	2444	f303074b9e3f955524c3b47d7eb0bb70N.exe	109
PID 2444 wrote to memory of 4672	2444	f303074b9e3f955524c3b47d7eb0bb70N.exe	109
PID 2756 wrote to memory of 3980	2756	f303074b9e3f955524c3b47d7eb0bb70N.exe	110
PID 2756 wrote to memory of 3980	2756	f303074b9e3f955524c3b47d7eb0bb70N.exe	110
PID 2756 wrote to memory of 3980	2756	f303074b9e3f955524c3b47d7eb0bb70N.exe	110
PID 444 wrote to memory of 4476	444	f303074b9e3f955524c3b47d7eb0bb70N.exe	111
PID 444 wrote to memory of 4476	444	f303074b9e3f955524c3b47d7eb0bb70N.exe	111
PID 444 wrote to memory of 4476	444	f303074b9e3f955524c3b47d7eb0bb70N.exe	111
PID 3856 wrote to memory of 3992	3856	f303074b9e3f955524c3b47d7eb0bb70N.exe	112
PID 3856 wrote to memory of 3992	3856	f303074b9e3f955524c3b47d7eb0bb70N.exe	112
PID 3856 wrote to memory of 3992	3856	f303074b9e3f955524c3b47d7eb0bb70N.exe	112
PID 4464 wrote to memory of 3852	4464	f303074b9e3f955524c3b47d7eb0bb70N.exe	113
PID 4464 wrote to memory of 3852	4464	f303074b9e3f955524c3b47d7eb0bb70N.exe	113
PID 4464 wrote to memory of 3852	4464	f303074b9e3f955524c3b47d7eb0bb70N.exe	113
PID 4608 wrote to memory of 8	4608	f303074b9e3f955524c3b47d7eb0bb70N.exe	114
PID 4608 wrote to memory of 8	4608	f303074b9e3f955524c3b47d7eb0bb70N.exe	114
PID 4608 wrote to memory of 8	4608	f303074b9e3f955524c3b47d7eb0bb70N.exe	114
PID 4596 wrote to memory of 940	4596	f303074b9e3f955524c3b47d7eb0bb70N.exe	115

C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
"C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3128
- C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
  "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2444
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4608
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:2956
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:3384
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:4436
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        7⤵
        
        PID:5716
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        8⤵
        
        PID:9448
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        9⤵
        
        PID:7528
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        8⤵
        
        PID:12052
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        8⤵
        
        PID:10516
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        7⤵
        
        PID:6876
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        8⤵
        
        PID:7388
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        7⤵
        
        PID:8916
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        7⤵
        
        PID:12148
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        7⤵
        
        PID:11468
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:5560
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        7⤵
        
        PID:12284
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        7⤵
        
        PID:10176
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:6780
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        7⤵
        
        PID:8896
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:9100
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        7⤵
        
        PID:8780
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:12156
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:9340
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:1460
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:5548
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        7⤵
        
        PID:10644
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        8⤵
        
        PID:5460
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        7⤵
        
        PID:11908
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        7⤵
        
        PID:14972
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:7032
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        7⤵
        
        PID:7128
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        7⤵
        
        PID:8984
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:12060
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:9288
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:5392
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:12252
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:6756
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:13808
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:8540
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:7536
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:11868
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:15044
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:2308
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:1692
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:5684
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        7⤵
        
        PID:13320
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:6812
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        7⤵
        
        PID:7260
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:8744
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        7⤵
        
        PID:11584
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:12196
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:11660
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:5496
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:10628
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        7⤵
        
        PID:7256
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:11932
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:14964
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:6748
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:13276
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:8532
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:8376
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:11900
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:14932
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      Checks computer location settings
      PID:8
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:5448
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:4568
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:9572
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:6900
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:8900
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:5672
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:12204
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:5316
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:12244
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:5160
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:13284
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:7780
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:14856
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:10892
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:6728
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:12372
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:7700
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4464
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:3024
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:4700
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:5692
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        7⤵
        
        PID:11892
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        7⤵
        
        PID:11452
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:7012
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        7⤵
        
        PID:7152
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:8940
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:12164
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:856
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:5596
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:10340
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        7⤵
        
        PID:9680
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:11916
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:15004
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:6788
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:12884
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:8640
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:7868
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:12180
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:9152
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      Checks computer location settings
      PID:3852
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:5348
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:13568
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:6652
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:7124
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:8516
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:12188
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:9276
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:5260
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:12876
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:5792
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:10144
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:11940
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:14956
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:7484
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:10292
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:9740
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:10264
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:11876
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:13820
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4428
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:1232
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:5540
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:12300
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:9016
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:6868
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:7104
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:9224
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:12004
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:9524
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:5420
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:12268
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:9188
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:6764
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:5000
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:8548
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:7832
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:12172
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:9156
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4672
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:5152
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:12260
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:3816
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:5752
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:12308
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:5468
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:7316
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:11732
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:9636
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:10456
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:12020
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:14120
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:5144
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:5744
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:9116
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:14924
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:12092
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:9324
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:7276
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:9504
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:9440
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:14776
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:16904
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:12028
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:15028
- C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
  "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2756
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    - Checks computer location settings
    PID:2828
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4908
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:2880
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        7⤵
        
        PID:10216
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        8⤵
        
        PID:7996
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        7⤵
        
        PID:11948
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        7⤵
        
        PID:4944
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:6860
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        7⤵
        
        PID:13344
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:8948
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        7⤵
        
        PID:2724
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:12108
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:9992
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:5648
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:10008
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        7⤵
        
        PID:14848
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:11980
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:14980
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:6836
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:7132
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:8908
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:12140
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:9356
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:4776
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:5532
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:3520
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:10468
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:6804
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:10256
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:8924
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:8864
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:12124
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:9416
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:5384
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:13296
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:6060
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:12236
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:5664
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:7668
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:9236
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:10132
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:7088
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:11956
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:14988
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4596
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:940
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:5476
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:1588
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:11832
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:6852
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:9632
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:8932
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:5328
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:12116
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:10484
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:5376
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:12292
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:11780
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:6772
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:8556
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:10620
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:12076
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:15036
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    - Checks computer location settings
    PID:3980
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:5232
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:9588
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:5784
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:9480
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:14916
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:12068
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:9240
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:7376
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:14908
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:9732
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:10388
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:11988
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:2468
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:5196
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:4856
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:9412
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:5760
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:9108
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:11496
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:12100
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:11304
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:7348
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:7424
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:9620
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:7236
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:12412
- C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
  "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:444
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4468
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:3944
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:5708
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:10320
        
        C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        7⤵
        
        PID:7112
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:11884
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:14948
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:6796
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:6732
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:9000
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:7248
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:12132
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:9536
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:5636
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:10636
      - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        6⤵
        
        PID:7188
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:11924
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:10672
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:6844
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:6908
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:8968
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:5528
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:12084
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:11488
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    - Checks computer location settings
    PID:4476
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:5340
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:4688
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:10720
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:6416
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:12228
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:9600
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:8280
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:6928
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:11012
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:9220
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:5188
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:4872
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:5768
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:12868
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:7540
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:7324
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:8804
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:9644
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:14940
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:12044
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:15020
- C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
  "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3856
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    - Checks computer location settings
    PID:3992
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:5356
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:4904
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:9964
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:6740
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:13268
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:8524
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:6884
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:12212
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:11848
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:5212
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:12316
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:9380
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:5776
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:10108
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:8824
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:11964
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:7332
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:7384
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:9684
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:10376
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:12012
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:9508
- C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
  "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:4324
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:1436
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:12276
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:11600
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:5736
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:9792
    - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
        5⤵
        
        PID:7240
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:11996
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:7116
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:6976
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:9432
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:3556
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:12036
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:15012
- C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
  "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
  2⤵
  PID:2208
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:3332
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:10580
- C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
  "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
  2⤵
  PID:5728
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:10116
  - - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
      "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
      4⤵
      PID:9616
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:11972
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:14996
- C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
  "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
  2⤵
  PID:7044
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:9060
- C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
  "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
  2⤵
  PID:8508
- - C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
    "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
    3⤵
    PID:5412
- C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
  "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
  2⤵
  PID:12220
- C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe
  "C:\Users\Admin\AppData\Local\Temp\f303074b9e3f955524c3b47d7eb0bb70N.exe"
  2⤵
  PID:9704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\nude [milf] boots .rar.exe

Filesize
1.1MB

MD5
d481bf14b8ee2300f0d3b2e96f910293

SHA1
37df66cba54436e8be024ed54656c0dc9122821c

SHA256
31b62d919f8a8318d0a289fef366928ffd3ce7e99b84e585a46822f3c19778ce

SHA512
fba39457774b9c170bafad0abf6c469a68e5713b1bcc7576da7ede61a038791e6579eae4abe211710da766b2dc69ec12cd20953d5442303f9620c851f94ddb94

Download Submit
C:\debug.txt

Filesize
146B

MD5
54cd4c83fa8e22037bfdad6821c058df

SHA1
b4ef99d215d11c1975a0bdf6b21480f0658b8682

SHA256
234c3eafd7832f7a196626dc0a5ef123089b6f8f4a8315f694241b5cc21f4654

SHA512
77c06696094ffac9e073b5664ca12bda1af36f334830bd22a76def0cda2607bc8726d889379522bbb5607f10aae9f283d0b33c1e79fd650ddd27098e929e0a22

Download Submit