0cc1b89cd73051f7558eddd14286cd14df21c7d99399d3510f47dbab577e1b12

Analysis

max time kernel
14s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 14:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d3d672fc152fa2b90b6535ed342bdc00N.exe
Size

788KB
MD5

d3d672fc152fa2b90b6535ed342bdc00
SHA1

0c0f6e6bcf5beeb0f932d175835f2bb1c6c781b9
SHA256

0cc1b89cd73051f7558eddd14286cd14df21c7d99399d3510f47dbab577e1b12
SHA512

bed6b42a17534ef5e533d7c80b9b00a83e760bc700debe3b5d18570a3ecf5c8767086d08e0df9ab2465c245ef392579b91017a750f492c7246447c3f9c6cc686
SSDEEP

12288:A//vi9B8bjA4X3hhls6HIfyKyFji4PIh9htLW4+SnO6ZFfMYTOkvcOFhSs5z7:2wmc4XRhfoqNi33LwmpK8Fj5/

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 20 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	d3d672fc152fa2b90b6535ed342bdc00N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	d3d672fc152fa2b90b6535ed342bdc00N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	d3d672fc152fa2b90b6535ed342bdc00N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	d3d672fc152fa2b90b6535ed342bdc00N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	d3d672fc152fa2b90b6535ed342bdc00N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	d3d672fc152fa2b90b6535ed342bdc00N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	d3d672fc152fa2b90b6535ed342bdc00N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	d3d672fc152fa2b90b6535ed342bdc00N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	d3d672fc152fa2b90b6535ed342bdc00N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	d3d672fc152fa2b90b6535ed342bdc00N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	d3d672fc152fa2b90b6535ed342bdc00N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	d3d672fc152fa2b90b6535ed342bdc00N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	d3d672fc152fa2b90b6535ed342bdc00N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	d3d672fc152fa2b90b6535ed342bdc00N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	d3d672fc152fa2b90b6535ed342bdc00N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	d3d672fc152fa2b90b6535ed342bdc00N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	d3d672fc152fa2b90b6535ed342bdc00N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	d3d672fc152fa2b90b6535ed342bdc00N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	d3d672fc152fa2b90b6535ed342bdc00N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2636447293-1148739154-93880854-1000\Control Panel\International\Geo\Nation	d3d672fc152fa2b90b6535ed342bdc00N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	d3d672fc152fa2b90b6535ed342bdc00N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\X:	d3d672fc152fa2b90b6535ed342bdc00N.exe
File opened (read-only)	\??\B:	d3d672fc152fa2b90b6535ed342bdc00N.exe
File opened (read-only)	\??\N:	d3d672fc152fa2b90b6535ed342bdc00N.exe
File opened (read-only)	\??\Q:	d3d672fc152fa2b90b6535ed342bdc00N.exe
File opened (read-only)	\??\W:	d3d672fc152fa2b90b6535ed342bdc00N.exe
File opened (read-only)	\??\K:	d3d672fc152fa2b90b6535ed342bdc00N.exe
File opened (read-only)	\??\L:	d3d672fc152fa2b90b6535ed342bdc00N.exe
File opened (read-only)	\??\T:	d3d672fc152fa2b90b6535ed342bdc00N.exe
File opened (read-only)	\??\V:	d3d672fc152fa2b90b6535ed342bdc00N.exe
File opened (read-only)	\??\A:	d3d672fc152fa2b90b6535ed342bdc00N.exe
File opened (read-only)	\??\E:	d3d672fc152fa2b90b6535ed342bdc00N.exe
File opened (read-only)	\??\G:	d3d672fc152fa2b90b6535ed342bdc00N.exe
File opened (read-only)	\??\I:	d3d672fc152fa2b90b6535ed342bdc00N.exe
File opened (read-only)	\??\U:	d3d672fc152fa2b90b6535ed342bdc00N.exe
File opened (read-only)	\??\Y:	d3d672fc152fa2b90b6535ed342bdc00N.exe
File opened (read-only)	\??\O:	d3d672fc152fa2b90b6535ed342bdc00N.exe
File opened (read-only)	\??\P:	d3d672fc152fa2b90b6535ed342bdc00N.exe
File opened (read-only)	\??\R:	d3d672fc152fa2b90b6535ed342bdc00N.exe
File opened (read-only)	\??\S:	d3d672fc152fa2b90b6535ed342bdc00N.exe
File opened (read-only)	\??\H:	d3d672fc152fa2b90b6535ed342bdc00N.exe
File opened (read-only)	\??\J:	d3d672fc152fa2b90b6535ed342bdc00N.exe
File opened (read-only)	\??\M:	d3d672fc152fa2b90b6535ed342bdc00N.exe
File opened (read-only)	\??\Z:	d3d672fc152fa2b90b6535ed342bdc00N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\System32\LogFiles\Fax\Incoming\indian trambling beastiality hot (!) balls .mpeg.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\beastiality sperm licking girly .mpeg.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\german cum porn sleeping bedroom .zip.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\swedish xxx nude several models (Christine).avi.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\System32\DriverStore\Temp\lingerie horse hidden ash castration .avi.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\SysWOW64\FxsTmp\brasilian fucking [free] boobs bedroom (Melissa).rar.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\SysWOW64\FxsTmp\brasilian blowjob cumshot big sweet .mpeg.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\canadian beast hidden cock .avi.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\russian beast sperm licking feet .mpeg.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\nude masturbation sm .avi.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\trambling licking penetration .zip.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\italian lingerie horse big 40+ .zip.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe

Drops file in Program Files directory 18 IoCs

description	ioc	Process
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\cum beast hot (!) (Janette).mpeg.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\german action hardcore full movie ejaculation (Karin,Anniston).avi.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\canadian cum horse catfight boobs .rar.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\french handjob xxx hot (!) bondage (Samantha,Sonja).avi.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\british animal sleeping .rar.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Program Files (x86)\Google\Update\Download\black beast lesbian ash young .zip.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\russian porn action [milf] nipples (Sylvia).avi.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Program Files\dotnet\shared\american hardcore beastiality sleeping vagina .mpg.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\british horse voyeur .avi.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\norwegian horse lesbian feet (Sylvia,Jenna).mpg.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\danish fetish several models legs .mpeg.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Program Files (x86)\Microsoft\Temp\black sperm sleeping .rar.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\action cum girls .zip.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Program Files\Common Files\microsoft shared\beast hardcore [bangbus] .rar.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Program Files\Microsoft Office\root\Templates\malaysia hardcore [bangbus] latex (Sonja,Sonja).rar.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\beast porn public shower .avi.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\danish fetish horse sleeping nipples .mpg.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Program Files (x86)\Google\Temp\black lingerie bukkake several models (Liz).zip.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\cumshot lingerie big black hairunshaved .mpeg.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\danish animal fucking several models titts beautyfull .avi.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.1_none_5d54c0aac5c3c12c\brasilian horse trambling lesbian black hairunshaved (Christine).zip.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\black horse lesbian vagina bondage .mpg.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\assembly\tmp\japanese animal hot (!) .avi.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\ServiceProfiles\LocalService\Downloads\german hardcore masturbation shower .mpg.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\japanese trambling lesbian pregnant (Karin).mpeg.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\lesbian sperm lesbian shoes .mpeg.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.1202_none_621728fcd3c9d5f6\japanese fetish beast full movie .avi.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\lingerie full movie circumcision (Christine,Curtney).rar.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\french cum girls bedroom .mpg.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\bukkake hardcore [free] boobs ash .rar.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\african cumshot hidden YEâPSè& .mpeg.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\french horse beast girls boobs .mpg.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\blowjob lingerie [free] wifey .avi.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\Downloaded Program Files\horse hot (!) titts ejaculation .mpeg.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\gang bang lesbian black hairunshaved (Jenna).avi.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\cumshot girls nipples mature (Sandy,Kathrin).mpg.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..s-ime-eashared-ihds_31bf3856ad364e35_10.0.19041.1_none_e8996b7d3512363f\beast lingerie several models vagina bedroom .mpeg.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\american blowjob uncut ejaculation .mpg.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1_none_19d22204a1f3fcaf\french porn hardcore sleeping bedroom .rar.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\horse voyeur nipples sweet .avi.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_c3d467c525734eb3\american beast xxx public .zip.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\nude beastiality [milf] glans wifey .mpeg.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\beastiality bukkake masturbation ash femdom (Sylvia).mpeg.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5fdc43acc1be690d\brasilian bukkake voyeur cock (Christine).rar.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\norwegian gay beastiality hidden .mpeg.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\african hardcore hidden titts ash .mpg.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\security\templates\black xxx bukkake uncut .mpg.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\indian action [free] .rar.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.1_none_833abdc06c68d338\danish gang bang [milf] .avi.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\nude cumshot public young .avi.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\porn public titts fishy (Jade).mpeg.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\tyrkish horse public .zip.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.1_none_0bc0f3d4cd7dc8fd\gay gay girls 50+ .mpg.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\swedish porn horse licking .mpg.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_it-it_4c5922428a6f2d08\african handjob lesbian nipples .zip.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\asian action horse uncut nipples girly .mpg.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Local\Temp\american trambling catfight nipples YEâPSè& (Jenna).mpeg.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\porn action big blondie (Janette,Kathrin).zip.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\lesbian action full movie .mpg.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost_31bf3856ad364e35_10.0.19041.264_none_cb389cf57d74d691\italian porn voyeur bedroom .rar.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\animal kicking public blondie (Gina).avi.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\lingerie xxx public balls (Ashley).mpeg.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\russian cumshot hardcore sleeping bedroom .zip.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\PLA\Templates\fucking beast several models glans ash .rar.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\russian horse action catfight leather .zip.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\japanese beast trambling lesbian beautyfull .zip.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_es-es_bf79b5fcc06b3128\swedish horse lingerie [free] mistress .mpg.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\gay [milf] glans mistress .mpg.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\russian sperm fetish public hole (Kathrin).mpeg.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\CbsTemp\indian fetish beast public .zip.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\cumshot [milf] vagina balls .zip.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\russian beast big nipples ash .rar.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\malaysia bukkake sperm catfight bedroom (Jenna,Sarah).mpg.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\indian cumshot [milf] lady .rar.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\italian nude big cock .rar.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1288_none_ca3007304990b2ea\japanese fucking cumshot voyeur traffic (Curtney,Tatjana).zip.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\lingerie [milf] (Liz).avi.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\InputMethod\SHARED\malaysia horse trambling catfight bondage (Gina,Melissa).zip.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\cum several models .avi.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.1_none_a80cea873b2a6772\asian beast handjob voyeur stockings .mpg.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\lingerie girls black hairunshaved .rar.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.867_none_c29826784f9429f8\action action [free] feet shower .zip.exe	d3d672fc152fa2b90b6535ed342bdc00N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3264	d3d672fc152fa2b90b6535ed342bdc00N.exe
3264	d3d672fc152fa2b90b6535ed342bdc00N.exe
4508	d3d672fc152fa2b90b6535ed342bdc00N.exe
4508	d3d672fc152fa2b90b6535ed342bdc00N.exe
3264	d3d672fc152fa2b90b6535ed342bdc00N.exe
3264	d3d672fc152fa2b90b6535ed342bdc00N.exe
4516	d3d672fc152fa2b90b6535ed342bdc00N.exe
4516	d3d672fc152fa2b90b6535ed342bdc00N.exe
3592	d3d672fc152fa2b90b6535ed342bdc00N.exe
3592	d3d672fc152fa2b90b6535ed342bdc00N.exe
4508	d3d672fc152fa2b90b6535ed342bdc00N.exe
4508	d3d672fc152fa2b90b6535ed342bdc00N.exe
3264	d3d672fc152fa2b90b6535ed342bdc00N.exe
3264	d3d672fc152fa2b90b6535ed342bdc00N.exe
5100	d3d672fc152fa2b90b6535ed342bdc00N.exe
5100	d3d672fc152fa2b90b6535ed342bdc00N.exe
4508	d3d672fc152fa2b90b6535ed342bdc00N.exe
4508	d3d672fc152fa2b90b6535ed342bdc00N.exe
3600	d3d672fc152fa2b90b6535ed342bdc00N.exe
3600	d3d672fc152fa2b90b6535ed342bdc00N.exe
3264	d3d672fc152fa2b90b6535ed342bdc00N.exe
3264	d3d672fc152fa2b90b6535ed342bdc00N.exe
3948	d3d672fc152fa2b90b6535ed342bdc00N.exe
3948	d3d672fc152fa2b90b6535ed342bdc00N.exe
4516	d3d672fc152fa2b90b6535ed342bdc00N.exe
4516	d3d672fc152fa2b90b6535ed342bdc00N.exe
4352	d3d672fc152fa2b90b6535ed342bdc00N.exe
4352	d3d672fc152fa2b90b6535ed342bdc00N.exe
3592	d3d672fc152fa2b90b6535ed342bdc00N.exe
3592	d3d672fc152fa2b90b6535ed342bdc00N.exe
704	d3d672fc152fa2b90b6535ed342bdc00N.exe
704	d3d672fc152fa2b90b6535ed342bdc00N.exe
4508	d3d672fc152fa2b90b6535ed342bdc00N.exe
4508	d3d672fc152fa2b90b6535ed342bdc00N.exe
4628	d3d672fc152fa2b90b6535ed342bdc00N.exe
4628	d3d672fc152fa2b90b6535ed342bdc00N.exe
2984	d3d672fc152fa2b90b6535ed342bdc00N.exe
2984	d3d672fc152fa2b90b6535ed342bdc00N.exe
3264	d3d672fc152fa2b90b6535ed342bdc00N.exe
3264	d3d672fc152fa2b90b6535ed342bdc00N.exe
3820	d3d672fc152fa2b90b6535ed342bdc00N.exe
3820	d3d672fc152fa2b90b6535ed342bdc00N.exe
5100	d3d672fc152fa2b90b6535ed342bdc00N.exe
5100	d3d672fc152fa2b90b6535ed342bdc00N.exe
4516	d3d672fc152fa2b90b6535ed342bdc00N.exe
4516	d3d672fc152fa2b90b6535ed342bdc00N.exe
3124	d3d672fc152fa2b90b6535ed342bdc00N.exe
3124	d3d672fc152fa2b90b6535ed342bdc00N.exe
4160	d3d672fc152fa2b90b6535ed342bdc00N.exe
4160	d3d672fc152fa2b90b6535ed342bdc00N.exe
3592	d3d672fc152fa2b90b6535ed342bdc00N.exe
3600	d3d672fc152fa2b90b6535ed342bdc00N.exe
3592	d3d672fc152fa2b90b6535ed342bdc00N.exe
3600	d3d672fc152fa2b90b6535ed342bdc00N.exe
2484	d3d672fc152fa2b90b6535ed342bdc00N.exe
2484	d3d672fc152fa2b90b6535ed342bdc00N.exe
3948	d3d672fc152fa2b90b6535ed342bdc00N.exe
3948	d3d672fc152fa2b90b6535ed342bdc00N.exe
2212	d3d672fc152fa2b90b6535ed342bdc00N.exe
2212	d3d672fc152fa2b90b6535ed342bdc00N.exe
4352	d3d672fc152fa2b90b6535ed342bdc00N.exe
4352	d3d672fc152fa2b90b6535ed342bdc00N.exe
3352	d3d672fc152fa2b90b6535ed342bdc00N.exe
3352	d3d672fc152fa2b90b6535ed342bdc00N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3264 wrote to memory of 4508	3264	d3d672fc152fa2b90b6535ed342bdc00N.exe	87
PID 3264 wrote to memory of 4508	3264	d3d672fc152fa2b90b6535ed342bdc00N.exe	87
PID 3264 wrote to memory of 4508	3264	d3d672fc152fa2b90b6535ed342bdc00N.exe	87
PID 4508 wrote to memory of 4516	4508	d3d672fc152fa2b90b6535ed342bdc00N.exe	88
PID 4508 wrote to memory of 4516	4508	d3d672fc152fa2b90b6535ed342bdc00N.exe	88
PID 4508 wrote to memory of 4516	4508	d3d672fc152fa2b90b6535ed342bdc00N.exe	88
PID 3264 wrote to memory of 3592	3264	d3d672fc152fa2b90b6535ed342bdc00N.exe	89
PID 3264 wrote to memory of 3592	3264	d3d672fc152fa2b90b6535ed342bdc00N.exe	89
PID 3264 wrote to memory of 3592	3264	d3d672fc152fa2b90b6535ed342bdc00N.exe	89
PID 4508 wrote to memory of 5100	4508	d3d672fc152fa2b90b6535ed342bdc00N.exe	94
PID 4508 wrote to memory of 5100	4508	d3d672fc152fa2b90b6535ed342bdc00N.exe	94
PID 4508 wrote to memory of 5100	4508	d3d672fc152fa2b90b6535ed342bdc00N.exe	94
PID 3264 wrote to memory of 3600	3264	d3d672fc152fa2b90b6535ed342bdc00N.exe	95
PID 3264 wrote to memory of 3600	3264	d3d672fc152fa2b90b6535ed342bdc00N.exe	95
PID 3264 wrote to memory of 3600	3264	d3d672fc152fa2b90b6535ed342bdc00N.exe	95
PID 4516 wrote to memory of 3948	4516	d3d672fc152fa2b90b6535ed342bdc00N.exe	96
PID 4516 wrote to memory of 3948	4516	d3d672fc152fa2b90b6535ed342bdc00N.exe	96
PID 4516 wrote to memory of 3948	4516	d3d672fc152fa2b90b6535ed342bdc00N.exe	96
PID 3592 wrote to memory of 4352	3592	d3d672fc152fa2b90b6535ed342bdc00N.exe	97
PID 3592 wrote to memory of 4352	3592	d3d672fc152fa2b90b6535ed342bdc00N.exe	97
PID 3592 wrote to memory of 4352	3592	d3d672fc152fa2b90b6535ed342bdc00N.exe	97
PID 4508 wrote to memory of 704	4508	d3d672fc152fa2b90b6535ed342bdc00N.exe	98
PID 4508 wrote to memory of 704	4508	d3d672fc152fa2b90b6535ed342bdc00N.exe	98
PID 4508 wrote to memory of 704	4508	d3d672fc152fa2b90b6535ed342bdc00N.exe	98
PID 3264 wrote to memory of 4628	3264	d3d672fc152fa2b90b6535ed342bdc00N.exe	100
PID 3264 wrote to memory of 4628	3264	d3d672fc152fa2b90b6535ed342bdc00N.exe	100
PID 3264 wrote to memory of 4628	3264	d3d672fc152fa2b90b6535ed342bdc00N.exe	100
PID 5100 wrote to memory of 2984	5100	d3d672fc152fa2b90b6535ed342bdc00N.exe	101
PID 5100 wrote to memory of 2984	5100	d3d672fc152fa2b90b6535ed342bdc00N.exe	101
PID 5100 wrote to memory of 2984	5100	d3d672fc152fa2b90b6535ed342bdc00N.exe	101
PID 4516 wrote to memory of 3820	4516	d3d672fc152fa2b90b6535ed342bdc00N.exe	102
PID 4516 wrote to memory of 3820	4516	d3d672fc152fa2b90b6535ed342bdc00N.exe	102
PID 4516 wrote to memory of 3820	4516	d3d672fc152fa2b90b6535ed342bdc00N.exe	102
PID 3600 wrote to memory of 3124	3600	d3d672fc152fa2b90b6535ed342bdc00N.exe	103
PID 3600 wrote to memory of 3124	3600	d3d672fc152fa2b90b6535ed342bdc00N.exe	103
PID 3600 wrote to memory of 3124	3600	d3d672fc152fa2b90b6535ed342bdc00N.exe	103
PID 3592 wrote to memory of 4160	3592	d3d672fc152fa2b90b6535ed342bdc00N.exe	104
PID 3592 wrote to memory of 4160	3592	d3d672fc152fa2b90b6535ed342bdc00N.exe	104
PID 3592 wrote to memory of 4160	3592	d3d672fc152fa2b90b6535ed342bdc00N.exe	104
PID 3948 wrote to memory of 2484	3948	d3d672fc152fa2b90b6535ed342bdc00N.exe	105
PID 3948 wrote to memory of 2484	3948	d3d672fc152fa2b90b6535ed342bdc00N.exe	105
PID 3948 wrote to memory of 2484	3948	d3d672fc152fa2b90b6535ed342bdc00N.exe	105
PID 4352 wrote to memory of 2212	4352	d3d672fc152fa2b90b6535ed342bdc00N.exe	106
PID 4352 wrote to memory of 2212	4352	d3d672fc152fa2b90b6535ed342bdc00N.exe	106
PID 4352 wrote to memory of 2212	4352	d3d672fc152fa2b90b6535ed342bdc00N.exe	106
PID 704 wrote to memory of 3352	704	d3d672fc152fa2b90b6535ed342bdc00N.exe	107
PID 704 wrote to memory of 3352	704	d3d672fc152fa2b90b6535ed342bdc00N.exe	107
PID 704 wrote to memory of 3352	704	d3d672fc152fa2b90b6535ed342bdc00N.exe	107
PID 4508 wrote to memory of 1572	4508	d3d672fc152fa2b90b6535ed342bdc00N.exe	108
PID 4508 wrote to memory of 1572	4508	d3d672fc152fa2b90b6535ed342bdc00N.exe	108
PID 4508 wrote to memory of 1572	4508	d3d672fc152fa2b90b6535ed342bdc00N.exe	108
PID 3264 wrote to memory of 1996	3264	d3d672fc152fa2b90b6535ed342bdc00N.exe	109
PID 3264 wrote to memory of 1996	3264	d3d672fc152fa2b90b6535ed342bdc00N.exe	109
PID 3264 wrote to memory of 1996	3264	d3d672fc152fa2b90b6535ed342bdc00N.exe	109
PID 4516 wrote to memory of 980	4516	d3d672fc152fa2b90b6535ed342bdc00N.exe	110
PID 4516 wrote to memory of 980	4516	d3d672fc152fa2b90b6535ed342bdc00N.exe	110
PID 4516 wrote to memory of 980	4516	d3d672fc152fa2b90b6535ed342bdc00N.exe	110
PID 5100 wrote to memory of 452	5100	d3d672fc152fa2b90b6535ed342bdc00N.exe	111
PID 5100 wrote to memory of 452	5100	d3d672fc152fa2b90b6535ed342bdc00N.exe	111
PID 5100 wrote to memory of 452	5100	d3d672fc152fa2b90b6535ed342bdc00N.exe	111
PID 3600 wrote to memory of 4768	3600	d3d672fc152fa2b90b6535ed342bdc00N.exe	112
PID 3600 wrote to memory of 4768	3600	d3d672fc152fa2b90b6535ed342bdc00N.exe	112
PID 3600 wrote to memory of 4768	3600	d3d672fc152fa2b90b6535ed342bdc00N.exe	112
PID 3592 wrote to memory of 2948	3592	d3d672fc152fa2b90b6535ed342bdc00N.exe	113

C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
"C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3264
- C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
  "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4508
- - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
    "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4516
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:3948
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:2484
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        7⤵
        
        PID:6436
        
        C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        8⤵
        
        PID:11476
        
        C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        8⤵
        
        PID:17236
        
        C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        7⤵
        
        PID:8332
        
        C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        8⤵
        
        PID:16784
        
        C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        7⤵
        
        PID:11428
        
        C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        7⤵
        
        PID:17228
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:5700
        
        C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        7⤵
        
        PID:9068
        
        C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        7⤵
        
        PID:12892
        
        C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        7⤵
        
        PID:17164
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:6100
        
        C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        7⤵
        
        PID:10716
        
        C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        7⤵
        
        PID:14692
        
        C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        7⤵
        
        PID:17084
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:7944
        
        C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        7⤵
        
        PID:11584
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:10732
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:14972
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:17004
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:688
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:6792
        
        C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        7⤵
        
        PID:13452
        
        C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        7⤵
        
        PID:17148
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:8812
        
        C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        7⤵
        
        PID:15240
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:12460
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:17364
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:5432
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:9308
        
        C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        7⤵
        
        PID:15256
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:13004
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:5024
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:3016
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:10252
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:14396
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:4740
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:8196
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:17140
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:11284
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:4372
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:3820
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:2996
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:6976
        
        C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        7⤵
        
        PID:13308
        
        C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        7⤵
        
        PID:17156
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:8844
        
        C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        7⤵
        
        PID:15124
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:12616
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:4348
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:5476
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:9224
        
        C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        7⤵
        
        PID:9240
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:12932
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:2728
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:4520
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:11452
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:17196
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:8092
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:17396
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:11324
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:2360
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      Checks computer location settings
      PID:980
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:5660
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:9084
        
        C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        7⤵
        
        PID:9272
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:12684
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:3500
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:6132
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:10196
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:13972
        
        C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        7⤵
        
        PID:400
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:3952
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:7848
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:17324
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:10472
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:14816
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:16948
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:5228
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:9568
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:11384
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:13924
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:3616
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:16484
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:6148
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:10188
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:13964
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:1048
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:7952
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:16240
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:10740
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:15060
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:16972
- - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
    "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:5100
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:2984
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:4412
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:6952
        
        C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        7⤵
        
        PID:408
        
        C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        7⤵
        
        PID:116
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:8932
        
        C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        7⤵
        
        PID:16852
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:12564
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:2596
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:5648
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:7652
        
        C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        7⤵
        
        PID:14328
        
        C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        7⤵
        
        PID:3036
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:10120
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:13988
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:1060
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:6124
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:10244
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:14252
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:1968
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:7892
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:17372
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:10692
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:14684
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:17052
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:452
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:6268
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:10224
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:13996
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:968
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:8152
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:17380
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:11316
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:16492
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:5260
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:9316
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:16520
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:12872
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:16468
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:6156
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:10700
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:14864
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:17020
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:8160
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:1848
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:11252
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:3276
- - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
    "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:704
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:3352
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:5220
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:9324
        
        C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        7⤵
        
        PID:11228
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:13264
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:4592
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:6164
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:11436
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:17212
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:7928
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:17184
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:10856
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:15052
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:16996
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:4992
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:8916
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:15188
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:12676
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:16880
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:6180
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:11468
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:16896
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:8128
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:11424
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:10820
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:2628
- - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
    "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
    3⤵
    - Checks computer location settings
    PID:1572
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:7864
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:17316
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:10500
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:14572
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:17060
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:1032
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:10208
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:13980
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:2096
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:8064
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:16452
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:10964
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:15068
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:16980
- - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
    "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
    3⤵
    PID:3684
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:7908
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:17356
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:10636
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:14468
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:17076
- - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
    "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
    3⤵
    PID:6172
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:10608
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:14708
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:17044
- - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
    "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
    3⤵
    PID:8452
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:852
- - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
    "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
    3⤵
    PID:11496
- - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
    "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
    3⤵
    PID:16888
- C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
  "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3592
- - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
    "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4352
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:2212
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:4060
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:7088
        
        C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        7⤵
        
        PID:13444
        
        C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        7⤵
        
        PID:4120
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:9484
        
        C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        7⤵
        
        PID:15216
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:13788
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:16920
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:5692
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:7832
        
        C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        7⤵
        
        PID:11180
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:10412
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:14716
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:17028
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:6084
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:10128
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:13948
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:16872
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:7712
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:4864
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:7016
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:14120
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:4116
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:4332
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:6968
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:13292
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:3120
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:8836
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:15220
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:12624
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:16456
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:5600
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:7900
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:11168
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:10724
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:14908
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:16936
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:6116
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:10180
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:13956
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:2788
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:7936
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:784
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:10784
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:15036
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:16964
- - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
    "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:4160
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:2192
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:6276
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:11856
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:17292
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:8136
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:17404
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:10888
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:4524
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:5668
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:9096
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:3940
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:12904
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:16472
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:6108
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:11484
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:17252
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:7840
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:17300
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:10460
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:14580
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:16904
- - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
    "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
    3⤵
    PID:2948
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:6800
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:11920
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:17332
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:8828
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:10944
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:12632
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:1824
- - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
    "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
    3⤵
    PID:5400
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:7772
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:17268
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:10388
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:14404
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:17068
- - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
    "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
    3⤵
    PID:6076
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:11444
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:11896
- - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
    "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
    3⤵
    PID:7884
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:7148
- - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
    "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
    3⤵
    PID:10404
- - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
    "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
    3⤵
    PID:14480
- - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
    "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
    3⤵
    PID:17092
- C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
  "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3600
- - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
    "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:3124
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:2768
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:6260
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:10212
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:14056
        
        C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        7⤵
        
        PID:13732
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:3860
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:8144
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:17308
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:11376
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:2956
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:5712
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:9076
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:15152
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:12648
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:17172
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:6092
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:11388
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:17220
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:7720
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:1176
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:7660
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:14204
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:17132
- - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
    "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
    3⤵
    PID:4768
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:6816
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:11504
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:17260
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:8676
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:1748
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:11900
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:17348
- - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
    "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
    3⤵
    PID:5384
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:7796
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:17340
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:10396
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:14428
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:17100
- - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
    "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
    3⤵
    PID:4780
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:11756
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:17276
- - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
    "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
    3⤵
    PID:8636
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:15224
- - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
    "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
    3⤵
    PID:11684
- - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
    "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
    3⤵
    PID:17284
- C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
  "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:4628
- - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
    "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
    3⤵
    PID:2432
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:7108
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:13700
      - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        6⤵
        
        PID:736
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:1796
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:9492
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:15296
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:13488
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:2356
- - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
    "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
    3⤵
    PID:5516
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:7920
    - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
        5⤵
        
        PID:17388
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:11308
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:3220
- - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
    "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
    3⤵
    PID:6140
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:10708
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:15044
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:16912
- - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
    "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
    3⤵
    PID:7856
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:17204
- - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
    "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
    3⤵
    PID:10684
- - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
    "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
    3⤵
    PID:15076
- - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
    "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
    3⤵
    PID:17012
- C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
  "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
  2⤵
  - Checks computer location settings
  PID:1996
- - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
    "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
    3⤵
    PID:5408
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:9532
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:13852
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:7248
- - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
    "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
    3⤵
    PID:1564
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:10748
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:15028
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:16988
- - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
    "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
    3⤵
    PID:4956
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:17180
- - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
    "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
    3⤵
    PID:11368
- - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
    "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
    3⤵
    PID:448
- C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
  "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
  2⤵
  PID:5276
- - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
    "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
    3⤵
    PID:7784
  - - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
      "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
      4⤵
      PID:4404
- - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
    "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
    3⤵
    PID:10492
- - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
    "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
    3⤵
    PID:14588
- - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
    "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
    3⤵
    PID:16956
- C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
  "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
  2⤵
  PID:1964
- - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
    "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
    3⤵
    PID:11460
- - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
    "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
    3⤵
    PID:17244
- C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
  "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
  2⤵
  PID:7876
- - C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
    "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
    3⤵
    PID:14536
- C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
  "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
  2⤵
  PID:10600
- C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
  "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
  2⤵
  PID:14700
- C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe
  "C:\Users\Admin\AppData\Local\Temp\d3d672fc152fa2b90b6535ed342bdc00N.exe"
  2⤵
  PID:17036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\beast porn public shower .avi.exe

Filesize
2.0MB

MD5
3372619b656a4e2713e97f150f6c3328

SHA1
6177fa95af99f10dd787f6ece8a85be58abb9b35

SHA256
b859234cc1dac92c98e4b5d4c1fb8a56de67a20bcfa46a2055b3457589c011b9

SHA512
79b956f8d5ed4059cd6fce04e91e32dc5abf7f9c7a7da178131c7e22d1b560f54fc464eba6bcbc92df1a98bed5590dc31f597500ded744d642c59ba32c67e087

Download Submit