89b514620806c60990e755fdedcfb4343a740eabe940ee2519fcd6f2dd5492ed

Analysis

max time kernel
97s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 20:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

06edd2ca69da2d38c37a2582141f51f0N.exe
Size

1.9MB
MD5

06edd2ca69da2d38c37a2582141f51f0
SHA1

352387d1d597886f2dbd1216d80ffa855edf9fbe
SHA256

89b514620806c60990e755fdedcfb4343a740eabe940ee2519fcd6f2dd5492ed
SHA512

8203d31450f936278a6df103ac2bbeaed28bc07bd048956b48dc97ea54db86c239817775264a800ad70cb8b20c5d01496f291662c573774582fb34b3d5e90e14
SSDEEP

49152:C/QqNrHozb6mjYCXlOEiYf5WfXGzhggb6Cna:nOIzb1YGpiYf5y0yo69

Score

7^/10

persistence spyware stealer

Malware Config

Signatures

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	06edd2ca69da2d38c37a2582141f51f0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	06edd2ca69da2d38c37a2582141f51f0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	06edd2ca69da2d38c37a2582141f51f0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	06edd2ca69da2d38c37a2582141f51f0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	06edd2ca69da2d38c37a2582141f51f0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	06edd2ca69da2d38c37a2582141f51f0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	06edd2ca69da2d38c37a2582141f51f0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	06edd2ca69da2d38c37a2582141f51f0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	06edd2ca69da2d38c37a2582141f51f0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	06edd2ca69da2d38c37a2582141f51f0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	06edd2ca69da2d38c37a2582141f51f0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	06edd2ca69da2d38c37a2582141f51f0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	06edd2ca69da2d38c37a2582141f51f0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	06edd2ca69da2d38c37a2582141f51f0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	06edd2ca69da2d38c37a2582141f51f0N.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3419463127-3903270268-2580331543-1000\Control Panel\International\Geo\Nation	06edd2ca69da2d38c37a2582141f51f0N.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\mssrv32 = "C:\\Windows\\mssrv.exe"	06edd2ca69da2d38c37a2582141f51f0N.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\L:	06edd2ca69da2d38c37a2582141f51f0N.exe
File opened (read-only)	\??\H:	06edd2ca69da2d38c37a2582141f51f0N.exe
File opened (read-only)	\??\I:	06edd2ca69da2d38c37a2582141f51f0N.exe
File opened (read-only)	\??\Q:	06edd2ca69da2d38c37a2582141f51f0N.exe
File opened (read-only)	\??\W:	06edd2ca69da2d38c37a2582141f51f0N.exe
File opened (read-only)	\??\X:	06edd2ca69da2d38c37a2582141f51f0N.exe
File opened (read-only)	\??\G:	06edd2ca69da2d38c37a2582141f51f0N.exe
File opened (read-only)	\??\M:	06edd2ca69da2d38c37a2582141f51f0N.exe
File opened (read-only)	\??\N:	06edd2ca69da2d38c37a2582141f51f0N.exe
File opened (read-only)	\??\P:	06edd2ca69da2d38c37a2582141f51f0N.exe
File opened (read-only)	\??\R:	06edd2ca69da2d38c37a2582141f51f0N.exe
File opened (read-only)	\??\V:	06edd2ca69da2d38c37a2582141f51f0N.exe
File opened (read-only)	\??\Y:	06edd2ca69da2d38c37a2582141f51f0N.exe
File opened (read-only)	\??\S:	06edd2ca69da2d38c37a2582141f51f0N.exe
File opened (read-only)	\??\T:	06edd2ca69da2d38c37a2582141f51f0N.exe
File opened (read-only)	\??\A:	06edd2ca69da2d38c37a2582141f51f0N.exe
File opened (read-only)	\??\B:	06edd2ca69da2d38c37a2582141f51f0N.exe
File opened (read-only)	\??\E:	06edd2ca69da2d38c37a2582141f51f0N.exe
File opened (read-only)	\??\J:	06edd2ca69da2d38c37a2582141f51f0N.exe
File opened (read-only)	\??\K:	06edd2ca69da2d38c37a2582141f51f0N.exe
File opened (read-only)	\??\O:	06edd2ca69da2d38c37a2582141f51f0N.exe
File opened (read-only)	\??\U:	06edd2ca69da2d38c37a2582141f51f0N.exe
File opened (read-only)	\??\Z:	06edd2ca69da2d38c37a2582141f51f0N.exe

Drops file in System32 directory 12 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\config\systemprofile\beast [milf] .rar.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\french horse [bangbus] glans .rar.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\blowjob full movie penetration .avi.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\System32\LogFiles\Fax\Incoming\brasilian action bukkake big hole .mpeg.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\SysWOW64\IME\SHARED\japanese animal blowjob several models feet ¼ë .mpg.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\french blowjob catfight glans hairy .mpeg.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\hardcore several models ejaculation .rar.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\System32\DriverStore\Temp\american beastiality fucking girls hole mistress (Sarah).mpeg.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\PSDesiredStateConfiguration\WebDownloadManager\xxx girls (Sylvia).zip.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\SmbShare\black nude hardcore hot (!) young .mpg.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\SysWOW64\config\systemprofile\blowjob [bangbus] lady .mpeg.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\SysWOW64\FxsTmp\blowjob [free] shower .mpeg.exe	06edd2ca69da2d38c37a2582141f51f0N.exe

Drops file in Program Files directory 17 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\WebResources\Resource0\static\js\plugins\unified-share\swedish kicking sperm sleeping hole hotel (Curtney).mpg.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Program Files (x86)\Common Files\Microsoft Shared\tyrkish gang bang xxx [milf] (Tatjana).rar.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX86\Microsoft SQL Server\130\Shared\italian kicking lingerie catfight femdom .avi.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\russian nude xxx [milf] hole beautyfull .mpg.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\lesbian girls swallow .rar.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Program Files\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft SQL Server\130\Shared\black porn bukkake masturbation hotel .rar.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Program Files\WindowsApps\Microsoft.WindowsMaps_5.1906.1972.0_x64__8wekyb3d8bbwe\Assets\Images\PrintAndShare\brasilian cum lesbian [bangbus] .mpg.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Program Files\Microsoft Office\root\Templates\indian kicking hardcore hidden black hairunshaved .zip.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\IDTemplates\animal blowjob several models feet gorgeoushorny .mpg.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Program Files (x86)\Google\Temp\danish animal sperm [milf] gorgeoushorny .rar.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\Download\hardcore catfight .avi.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Program Files\Common Files\microsoft shared\fucking several models titts hairy .rar.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Program Files\Microsoft Office\Updates\Download\italian fetish beast hot (!) titts pregnant (Sarah).zip.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Program Files\Windows Sidebar\Shared Gadgets\swedish animal xxx licking hole shower (Liz).avi.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Program Files (x86)\Google\Update\Download\indian handjob xxx full movie titts .mpeg.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Program Files (x86)\Windows Sidebar\Shared Gadgets\japanese cumshot lesbian [free] hole .mpg.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Program Files\dotnet\shared\swedish beastiality bukkake several models .rar.exe	06edd2ca69da2d38c37a2582141f51f0N.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor.Resources\japanese handjob sperm big .zip.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-kjshared_31bf3856ad364e35_10.0.19041.746_none_1bbb9ab9fc52bac9\beastiality horse masturbation feet upskirt .mpg.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ime-eashared-imepad_31bf3856ad364e35_10.0.19041.1_none_f07d4fae3e8e883f\norwegian fucking masturbation cock hairy .mpg.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.746_none_2212358fc33cc10f\chinese sperm hidden blondie .zip.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.1_none_2fe79eae2833b9b1\beastiality lingerie lesbian cock blondie (Sylvia).rar.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-eashared-coretip_31bf3856ad364e35_10.0.19041.844_none_57eddd48e7a74274\chinese gay girls feet hairy .mpg.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-devdispitemprovider_31bf3856ad364e35_10.0.19041.1_none_9aa486d790131d4e\xxx uncut YEâPSè& .rar.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.153_none_e23c926e32d07dc1\british lingerie uncut .rar.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Temp\fucking [bangbus] .mpeg.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\Downloads\russian horse lingerie girls lady (Britney,Janette).avi.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\SystemApps\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\webapps\inclusiveOobe\view\templates\danish horse trambling uncut feet blondie (Sarah).mpg.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-candidateui_31bf3856ad364e35_10.0.19041.746_none_ab42fb092bda9182\asian gay hidden glans .mpeg.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\security\templates\gay several models high heels (Gina,Tatjana).mpg.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Templates\american kicking hardcore girls .avi.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..me-jkshared-roaming_31bf3856ad364e35_10.0.19041.1_none_fa09f84703cb02c5\german beast big glans hairy .mpg.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_it-it_adfc5e0bfca53431\tyrkish beastiality beast lesbian (Sylvia).mpg.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_es-es_30d7585a049f5b52\french gay [free] .mpeg.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..e-eashared-moimeexe_31bf3856ad364e35_10.0.19041.746_none_d01527cffa9c25bc\danish cum trambling voyeur blondie (Jenna,Janette).rar.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_ee7ea14f7d8a3ee3\trambling [free] 40+ .zip.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\assembly\temp\danish beastiality gay [milf] glans .rar.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.GroupPolicy.AdmTmplEditor\danish animal lesbian catfight titts .mpg.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\SoftwareDistribution\Download\SharedFileCache\lesbian full movie glans .mpg.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\SystemResources\Windows.UI.ShellCommon\SharePickerUI\fucking [milf] .mpeg.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\assembly\NativeImages_v4.0.30319_32\Temp\lesbian masturbation balls .rar.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-ime-eashared-proxy_31bf3856ad364e35_10.0.19041.1_none_4c786ae2f508e6d5\asian lesbian uncut femdom .rar.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_en-us_bfae5918c0443f83\action hardcore [milf] bedroom .rar.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.1_none_a7ad1894592cfa12\italian cumshot horse hidden titts .avi.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\mssrv.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\russian fetish gay big .mpg.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\Downloaded Program Files\sperm [free] latex .avi.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.867_en-us_49453482f1fb5356\cumshot blowjob voyeur feet Ôï (Janette).avi.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-manager-shared_31bf3856ad364e35_10.0.19041.1266_none_7916f7558927ae23\brasilian horse blowjob masturbation titts penetration .mpg.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..ore-shareexperience_31bf3856ad364e35_10.0.19041.1_none_f42978969c79336a\tyrkish cum blowjob [bangbus] titts .zip.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\PLA\Templates\danish handjob horse big wifey .rar.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Templates\lesbian hot (!) sweet .mpeg.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_en-us_215194e2327a46ac\german beast public .zip.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_en-us_310bfb76047869ad\japanese horse bukkake voyeur hole (Jenna,Liz).avi.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_ja-jp_5021dd18efc0460c\malaysia sperm lesbian (Jade).mpeg.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..se-shared-datafiles_31bf3856ad364e35_10.0.19041.1_none_2f5f00d280dce9f6\beastiality bukkake full movie mature .mpeg.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-h..public-utils-shared_31bf3856ad364e35_10.0.19041.1202_none_d8a1416ab7cccdcf\gay uncut glans penetration .zip.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\CbsTemp\sperm full movie glans .zip.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor.Resources\american cumshot lingerie sleeping upskirt .avi.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_de-de_7860bee9439c3ae7\danish animal sperm full movie .avi.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..ce-shared.resources_31bf3856ad364e35_10.0.19041.1_es-es_211cf1c632a13851\animal horse catfight titts .mpg.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-composable-sharepicker_31bf3856ad364e35_10.0.19041.1_none_c87e96327faffd0e\gay voyeur sm .rar.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_uk-ua_5b152a8d329397ec\chinese beast licking .mpg.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-b..-bcdtemplate-client_31bf3856ad364e35_10.0.19041.1_none_de1581e9a275faf8\blowjob hot (!) glans .avi.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1151_none_fbdc4c5f677dc2ec\animal sperm licking feet .avi.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ashared-filemanager_31bf3856ad364e35_10.0.19041.844_none_855aff45853749ef\black gang bang gay [free] Ôï (Jenna,Curtney).zip.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..ces-ime-eashared-lm_31bf3856ad364e35_10.0.19041.1_none_3d0229d17c310f10\british lingerie licking .mpg.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-hvsi-service-shared_31bf3856ad364e35_10.0.19041.1_none_3cfd44d351b1a8ab\brasilian horse lingerie full movie ejaculation .rar.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-i..nearshareexperience_31bf3856ad364e35_10.0.19041.1_none_0b596e2a33be7d4c\canadian beast [milf] young .mpg.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\SoftwareDistribution\Download\fucking [milf] young .avi.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\SystemResources\Windows.ShellCommon.SharedResources\indian gang bang horse hot (!) (Tatjana).avi.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\WinSxS\amd64_hyperv-compute-cont..utionservice-shared_31bf3856ad364e35_10.0.19041.928_none_33e0d5558cdd7c61\indian nude blowjob girls hairy .avi.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-a..gement-uevtemplates_31bf3856ad364e35_10.0.19041.1_none_0d66b54875835a49\brasilian porn blowjob several models boots .rar.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..n-admtmpl.resources_31bf3856ad364e35_10.0.19041.1_de-de_16bd831fd16633be\hardcore girls (Karin).mpg.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-g..olicy-admin-admtmpl_31bf3856ad364e35_10.0.19041.572_none_cf90e12518baac85\danish cumshot lesbian big feet .avi.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.GroupPolicy.AdmTmplEditor\italian beastiality bukkake public feet sm .rar.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_de-de_881b257d159a5de8\danish nude xxx [free] 40+ .mpg.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_fr-fr_d38ece58f77171b4\kicking hardcore several models .avi.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-windows-d..-eashared-imebroker_31bf3856ad364e35_10.0.19041.84_none_81616275259e37fe\cum sperm catfight (Liz).rar.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.1_it-it_bdb6c49fcea35732\porn horse uncut .mpeg.exe	06edd2ca69da2d38c37a2582141f51f0N.exe
File created	C:\Windows\WinSxS\amd64_microsoft-onecore-sharehost.resources_31bf3856ad364e35_10.0.19041.789_en-us_58ebf9ecc407e3c0\cumshot lesbian girls (Curtney).zip.exe	06edd2ca69da2d38c37a2582141f51f0N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4764	06edd2ca69da2d38c37a2582141f51f0N.exe
4764	06edd2ca69da2d38c37a2582141f51f0N.exe
4460	06edd2ca69da2d38c37a2582141f51f0N.exe
4460	06edd2ca69da2d38c37a2582141f51f0N.exe
4764	06edd2ca69da2d38c37a2582141f51f0N.exe
4764	06edd2ca69da2d38c37a2582141f51f0N.exe
2088	06edd2ca69da2d38c37a2582141f51f0N.exe
2088	06edd2ca69da2d38c37a2582141f51f0N.exe
3668	06edd2ca69da2d38c37a2582141f51f0N.exe
3668	06edd2ca69da2d38c37a2582141f51f0N.exe
4460	06edd2ca69da2d38c37a2582141f51f0N.exe
4460	06edd2ca69da2d38c37a2582141f51f0N.exe
4764	06edd2ca69da2d38c37a2582141f51f0N.exe
4764	06edd2ca69da2d38c37a2582141f51f0N.exe
3500	06edd2ca69da2d38c37a2582141f51f0N.exe
3500	06edd2ca69da2d38c37a2582141f51f0N.exe
4844	06edd2ca69da2d38c37a2582141f51f0N.exe
4844	06edd2ca69da2d38c37a2582141f51f0N.exe
4904	06edd2ca69da2d38c37a2582141f51f0N.exe
4904	06edd2ca69da2d38c37a2582141f51f0N.exe
4460	06edd2ca69da2d38c37a2582141f51f0N.exe
4460	06edd2ca69da2d38c37a2582141f51f0N.exe
3056	06edd2ca69da2d38c37a2582141f51f0N.exe
3056	06edd2ca69da2d38c37a2582141f51f0N.exe
2088	06edd2ca69da2d38c37a2582141f51f0N.exe
2088	06edd2ca69da2d38c37a2582141f51f0N.exe
4764	06edd2ca69da2d38c37a2582141f51f0N.exe
4764	06edd2ca69da2d38c37a2582141f51f0N.exe
3668	06edd2ca69da2d38c37a2582141f51f0N.exe
3668	06edd2ca69da2d38c37a2582141f51f0N.exe
1592	06edd2ca69da2d38c37a2582141f51f0N.exe
1592	06edd2ca69da2d38c37a2582141f51f0N.exe
4656	06edd2ca69da2d38c37a2582141f51f0N.exe
4656	06edd2ca69da2d38c37a2582141f51f0N.exe
4460	06edd2ca69da2d38c37a2582141f51f0N.exe
2088	06edd2ca69da2d38c37a2582141f51f0N.exe
2088	06edd2ca69da2d38c37a2582141f51f0N.exe
4460	06edd2ca69da2d38c37a2582141f51f0N.exe
4312	06edd2ca69da2d38c37a2582141f51f0N.exe
4312	06edd2ca69da2d38c37a2582141f51f0N.exe
3788	06edd2ca69da2d38c37a2582141f51f0N.exe
3788	06edd2ca69da2d38c37a2582141f51f0N.exe
3328	06edd2ca69da2d38c37a2582141f51f0N.exe
3328	06edd2ca69da2d38c37a2582141f51f0N.exe
4764	06edd2ca69da2d38c37a2582141f51f0N.exe
4764	06edd2ca69da2d38c37a2582141f51f0N.exe
3500	06edd2ca69da2d38c37a2582141f51f0N.exe
3500	06edd2ca69da2d38c37a2582141f51f0N.exe
4592	06edd2ca69da2d38c37a2582141f51f0N.exe
4592	06edd2ca69da2d38c37a2582141f51f0N.exe
3668	06edd2ca69da2d38c37a2582141f51f0N.exe
3668	06edd2ca69da2d38c37a2582141f51f0N.exe
4668	06edd2ca69da2d38c37a2582141f51f0N.exe
4668	06edd2ca69da2d38c37a2582141f51f0N.exe
3056	06edd2ca69da2d38c37a2582141f51f0N.exe
4844	06edd2ca69da2d38c37a2582141f51f0N.exe
3056	06edd2ca69da2d38c37a2582141f51f0N.exe
4844	06edd2ca69da2d38c37a2582141f51f0N.exe
116	06edd2ca69da2d38c37a2582141f51f0N.exe
116	06edd2ca69da2d38c37a2582141f51f0N.exe
4904	06edd2ca69da2d38c37a2582141f51f0N.exe
4904	06edd2ca69da2d38c37a2582141f51f0N.exe
3660	06edd2ca69da2d38c37a2582141f51f0N.exe
3660	06edd2ca69da2d38c37a2582141f51f0N.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4764 wrote to memory of 4460	4764	06edd2ca69da2d38c37a2582141f51f0N.exe	87
PID 4764 wrote to memory of 4460	4764	06edd2ca69da2d38c37a2582141f51f0N.exe	87
PID 4764 wrote to memory of 4460	4764	06edd2ca69da2d38c37a2582141f51f0N.exe	87
PID 4460 wrote to memory of 2088	4460	06edd2ca69da2d38c37a2582141f51f0N.exe	90
PID 4460 wrote to memory of 2088	4460	06edd2ca69da2d38c37a2582141f51f0N.exe	90
PID 4460 wrote to memory of 2088	4460	06edd2ca69da2d38c37a2582141f51f0N.exe	90
PID 4764 wrote to memory of 3668	4764	06edd2ca69da2d38c37a2582141f51f0N.exe	91
PID 4764 wrote to memory of 3668	4764	06edd2ca69da2d38c37a2582141f51f0N.exe	91
PID 4764 wrote to memory of 3668	4764	06edd2ca69da2d38c37a2582141f51f0N.exe	91
PID 4460 wrote to memory of 3500	4460	06edd2ca69da2d38c37a2582141f51f0N.exe	94
PID 4460 wrote to memory of 3500	4460	06edd2ca69da2d38c37a2582141f51f0N.exe	94
PID 4460 wrote to memory of 3500	4460	06edd2ca69da2d38c37a2582141f51f0N.exe	94
PID 2088 wrote to memory of 4844	2088	06edd2ca69da2d38c37a2582141f51f0N.exe	95
PID 2088 wrote to memory of 4844	2088	06edd2ca69da2d38c37a2582141f51f0N.exe	95
PID 2088 wrote to memory of 4844	2088	06edd2ca69da2d38c37a2582141f51f0N.exe	95
PID 4764 wrote to memory of 4904	4764	06edd2ca69da2d38c37a2582141f51f0N.exe	96
PID 4764 wrote to memory of 4904	4764	06edd2ca69da2d38c37a2582141f51f0N.exe	96
PID 4764 wrote to memory of 4904	4764	06edd2ca69da2d38c37a2582141f51f0N.exe	96
PID 3668 wrote to memory of 3056	3668	06edd2ca69da2d38c37a2582141f51f0N.exe	97
PID 3668 wrote to memory of 3056	3668	06edd2ca69da2d38c37a2582141f51f0N.exe	97
PID 3668 wrote to memory of 3056	3668	06edd2ca69da2d38c37a2582141f51f0N.exe	97
PID 4460 wrote to memory of 1592	4460	06edd2ca69da2d38c37a2582141f51f0N.exe	99
PID 4460 wrote to memory of 1592	4460	06edd2ca69da2d38c37a2582141f51f0N.exe	99
PID 4460 wrote to memory of 1592	4460	06edd2ca69da2d38c37a2582141f51f0N.exe	99
PID 2088 wrote to memory of 4656	2088	06edd2ca69da2d38c37a2582141f51f0N.exe	100
PID 2088 wrote to memory of 4656	2088	06edd2ca69da2d38c37a2582141f51f0N.exe	100
PID 2088 wrote to memory of 4656	2088	06edd2ca69da2d38c37a2582141f51f0N.exe	100
PID 3500 wrote to memory of 4312	3500	06edd2ca69da2d38c37a2582141f51f0N.exe	101
PID 3500 wrote to memory of 4312	3500	06edd2ca69da2d38c37a2582141f51f0N.exe	101
PID 3500 wrote to memory of 4312	3500	06edd2ca69da2d38c37a2582141f51f0N.exe	101
PID 4764 wrote to memory of 3328	4764	06edd2ca69da2d38c37a2582141f51f0N.exe	102
PID 4764 wrote to memory of 3328	4764	06edd2ca69da2d38c37a2582141f51f0N.exe	102
PID 4764 wrote to memory of 3328	4764	06edd2ca69da2d38c37a2582141f51f0N.exe	102
PID 3668 wrote to memory of 3788	3668	06edd2ca69da2d38c37a2582141f51f0N.exe	103
PID 3668 wrote to memory of 3788	3668	06edd2ca69da2d38c37a2582141f51f0N.exe	103
PID 3668 wrote to memory of 3788	3668	06edd2ca69da2d38c37a2582141f51f0N.exe	103
PID 3056 wrote to memory of 4592	3056	06edd2ca69da2d38c37a2582141f51f0N.exe	104
PID 3056 wrote to memory of 4592	3056	06edd2ca69da2d38c37a2582141f51f0N.exe	104
PID 3056 wrote to memory of 4592	3056	06edd2ca69da2d38c37a2582141f51f0N.exe	104
PID 4844 wrote to memory of 4668	4844	06edd2ca69da2d38c37a2582141f51f0N.exe	105
PID 4844 wrote to memory of 4668	4844	06edd2ca69da2d38c37a2582141f51f0N.exe	105
PID 4844 wrote to memory of 4668	4844	06edd2ca69da2d38c37a2582141f51f0N.exe	105
PID 4904 wrote to memory of 116	4904	06edd2ca69da2d38c37a2582141f51f0N.exe	106
PID 4904 wrote to memory of 116	4904	06edd2ca69da2d38c37a2582141f51f0N.exe	106
PID 4904 wrote to memory of 116	4904	06edd2ca69da2d38c37a2582141f51f0N.exe	106
PID 2088 wrote to memory of 1532	2088	06edd2ca69da2d38c37a2582141f51f0N.exe	107
PID 2088 wrote to memory of 1532	2088	06edd2ca69da2d38c37a2582141f51f0N.exe	107
PID 2088 wrote to memory of 1532	2088	06edd2ca69da2d38c37a2582141f51f0N.exe	107
PID 4460 wrote to memory of 3660	4460	06edd2ca69da2d38c37a2582141f51f0N.exe	108
PID 4460 wrote to memory of 3660	4460	06edd2ca69da2d38c37a2582141f51f0N.exe	108
PID 4460 wrote to memory of 3660	4460	06edd2ca69da2d38c37a2582141f51f0N.exe	108
PID 4656 wrote to memory of 1216	4656	06edd2ca69da2d38c37a2582141f51f0N.exe	109
PID 4656 wrote to memory of 1216	4656	06edd2ca69da2d38c37a2582141f51f0N.exe	109
PID 4656 wrote to memory of 1216	4656	06edd2ca69da2d38c37a2582141f51f0N.exe	109
PID 1592 wrote to memory of 5012	1592	06edd2ca69da2d38c37a2582141f51f0N.exe	110
PID 1592 wrote to memory of 5012	1592	06edd2ca69da2d38c37a2582141f51f0N.exe	110
PID 1592 wrote to memory of 5012	1592	06edd2ca69da2d38c37a2582141f51f0N.exe	110
PID 4764 wrote to memory of 2524	4764	06edd2ca69da2d38c37a2582141f51f0N.exe	111
PID 4764 wrote to memory of 2524	4764	06edd2ca69da2d38c37a2582141f51f0N.exe	111
PID 4764 wrote to memory of 2524	4764	06edd2ca69da2d38c37a2582141f51f0N.exe	111
PID 3500 wrote to memory of 5024	3500	06edd2ca69da2d38c37a2582141f51f0N.exe	112
PID 3500 wrote to memory of 5024	3500	06edd2ca69da2d38c37a2582141f51f0N.exe	112
PID 3500 wrote to memory of 5024	3500	06edd2ca69da2d38c37a2582141f51f0N.exe	112
PID 3668 wrote to memory of 4428	3668	06edd2ca69da2d38c37a2582141f51f0N.exe	113

C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
"C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4764
- C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4460
- - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2088
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:4844
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        Checks computer location settings
        Suspicious behavior: EnumeratesProcesses
        
        PID:4668
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:5160
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        7⤵
        
        PID:6248
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        8⤵
        
        PID:10988
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        8⤵
        
        PID:14004
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        8⤵
        
        PID:5156
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        7⤵
        
        PID:7756
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        8⤵
        
        PID:14316
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        7⤵
        
        PID:10584
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        7⤵
        
        PID:13716
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        7⤵
        
        PID:5456
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:5244
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        7⤵
        
        PID:6568
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        8⤵
        
        PID:12284
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        8⤵
        
        PID:14652
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        8⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        7⤵
        
        PID:8576
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        8⤵
        
        PID:14556
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        8⤵
        
        PID:11644
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        7⤵
        
        PID:11048
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        7⤵
        
        PID:14192
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        7⤵
        
        PID:5176
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:6712
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        7⤵
        
        PID:12056
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        7⤵
        
        PID:14492
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        7⤵
        
        PID:12684
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:8716
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        7⤵
        
        PID:14484
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:11724
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:14444
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:9608
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:3064
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:6280
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        7⤵
        
        PID:9744
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        8⤵
        
        PID:15060
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        8⤵
        
        PID:12532
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        7⤵
        
        PID:13056
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        7⤵
        
        PID:7248
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:7764
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        7⤵
        
        PID:14120
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        7⤵
        
        PID:4836
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:10968
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:13904
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:13412
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:5284
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:7920
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        7⤵
        
        PID:14292
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        7⤵
        
        PID:4672
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:10920
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:13852
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:9184
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:6736
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:12424
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:14736
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:8776
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:14476
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:12744
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:11732
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:14404
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:8520
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of WriteProcessMemory
      PID:4656
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:1216
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:6012
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        7⤵
        
        PID:9980
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        8⤵
        
        PID:7956
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        7⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        7⤵
        
        PID:7088
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:7384
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        7⤵
        
        PID:13388
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:9972
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        7⤵
        
        PID:7988
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:13116
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:7200
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:5332
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:8636
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        7⤵
        
        PID:14468
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        7⤵
        
        PID:7644
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:11024
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:14248
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:3764
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:6760
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:2252
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:7104
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:8816
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:14768
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:12328
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:14700
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:1532
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:6468
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:10928
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:13872
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:5880
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:7888
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:14332
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:10836
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:13860
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:6028
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:5348
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:8600
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:14184
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:6528
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:11376
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:14324
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:6556
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:6892
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:12984
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:6480
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:8860
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:14628
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:11944
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:14428
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:9740
- - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3500
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4312
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:4940
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:6088
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        7⤵
        
        PID:10076
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        7⤵
        
        PID:13296
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        7⤵
        
        PID:6972
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:7428
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        7⤵
        
        PID:13960
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        7⤵
        
        PID:8488
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:9904
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        7⤵
        
        PID:20856
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:13192
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:6816
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:5276
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:7932
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        7⤵
        
        PID:14160
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        7⤵
        
        PID:5996
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:10996
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:13700
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:11744
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:6940
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:13144
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:6632
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:8800
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:14592
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:7452
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:12096
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:14668
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:5024
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:6308
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:10976
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:13912
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:11708
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:7776
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:14088
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:10616
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:13596
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:12720
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:5308
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:8592
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:14240
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:11568
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:11040
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:14168
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:6628
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:6752
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:9136
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:7068
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:8784
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:14532
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:6120
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:11896
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:14436
- - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:1592
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:5012
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:6212
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:10420
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:13624
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:540
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:7620
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:13968
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:4016
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:10412
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:6400
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:13484
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:11664
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:5324
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:6728
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:12048
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:14500
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:8740
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:14508
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:12708
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:11768
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:14420
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:5356
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:6976
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:12780
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:14744
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:12000
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:8808
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:14564
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:5476
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:12064
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:14584
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:5628
- - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3660
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:5148
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:9988
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:7664
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:13252
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:6900
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:7376
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:14100
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:9896
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:3224
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:13236
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:6820
- - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
    3⤵
    PID:5340
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:8584
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:14684
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:2652
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:11032
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:14200
- - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
    3⤵
    PID:6784
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:13364
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:868
- - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
    3⤵
    PID:8792
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:14548
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:5508
- - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
    3⤵
    PID:12748
- - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
    3⤵
    PID:14708
- - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
    3⤵
    PID:12676
- C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3668
- - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3056
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      Checks computer location settings
      Suspicious behavior: EnumeratesProcesses
      PID:4592
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:3932
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:6204
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        7⤵
        
        PID:10380
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        7⤵
        
        PID:13516
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:7636
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        7⤵
        
        PID:14140
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        7⤵
        
        PID:13376
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:10388
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        7⤵
        
        PID:6336
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:13500
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:2904
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:5260
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:7692
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        7⤵
        
        PID:14256
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        7⤵
        
        PID:11656
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:10404
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:13476
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:12044
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:6792
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:13352
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:960
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:9280
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:14752
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:5524
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:13084
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:4516
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:4932
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:6272
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:9996
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        7⤵
        
        PID:7896
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:13280
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:6852
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:7748
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:14080
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:11720
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:10608
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:13608
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:3228
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:5292
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:8228
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:14452
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:10956
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:13928
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:11848
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:7268
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:13324
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:7368
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:9364
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:14776
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:5632
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:12864
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:7316
- - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:3788
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:1088
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:6100
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:9912
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:13264
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:6800
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:7628
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:14044
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:10396
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:7724
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:13688
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:13072
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:5268
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:6636
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:12192
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:14724
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:9668
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:8700
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:14224
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:5672
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:11128
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:14232
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:1912
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:6880
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:12756
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:14716
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:12024
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:8984
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:14540
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:5592
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:12416
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:14692
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:12188
- - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
    3⤵
    PID:4428
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:6072
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:9768
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:4156
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:13100
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:7148
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:7420
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:13568
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:6048
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:9888
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:15028
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:13180
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:6680
- - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
    3⤵
    PID:5300
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:8628
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:1064
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:11056
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:14264
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:10668
- - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
    3⤵
    PID:6744
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:13456
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:12808
- - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
    3⤵
    PID:8836
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:14620
- - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
    3⤵
    PID:12276
- - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
    3⤵
    PID:14644
- - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
    3⤵
    PID:7024
- C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4904
- - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
    3⤵
    - Checks computer location settings
    - Suspicious behavior: EnumeratesProcesses
    PID:116
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:1168
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:6152
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:9796
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        7⤵
        
        PID:15036
        
        C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        7⤵
        
        PID:3172
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:13108
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:6504
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:7496
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:13936
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:10196
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:13304
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:7132
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:5252
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:7800
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:14460
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:12016
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:10592
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:13616
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:3508
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:6704
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:4028
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:14660
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:6000
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:8724
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:14344
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:12028
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:14576
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:5372
- - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
    3⤵
    PID:4188
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:6384
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:11244
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:14284
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:11540
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:7784
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:14072
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:1140
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:10600
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:13836
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:12908
- - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
    3⤵
    PID:5228
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:7412
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:13560
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:5680
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:10004
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:15044
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:5664
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:13288
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:5040
- - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
    3⤵
    PID:6720
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:13032
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:3960
- - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
    3⤵
    PID:8732
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:14300
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:5492
- - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
    3⤵
    PID:11748
- - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
    3⤵
    PID:14412
- - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
    3⤵
    PID:8364
- C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
  2⤵
  - Checks computer location settings
  - Suspicious behavior: EnumeratesProcesses
  PID:3328
- - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
    3⤵
    PID:2476
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:6220
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:10012
      - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        6⤵
        
        PID:6320
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:13272
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:7216
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:7740
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:14216
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:3796
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:10428
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:13552
- - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
    3⤵
    PID:5236
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:7292
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:13424
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:5392
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:9572
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:15052
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:5556
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:12952
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:6436
- - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
    3⤵
    PID:6768
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:12940
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:6404
- - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
    3⤵
    PID:9252
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:14760
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:5676
- - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
    3⤵
    PID:12812
- - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
    3⤵
    PID:8096
- C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
  2⤵
  PID:2524
- - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
    3⤵
    PID:6392
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:10068
    - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
        
        "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
        5⤵
        
        PID:7976
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:13316
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:7112
- - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
    3⤵
    PID:7792
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:14308
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:11344
- - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
    3⤵
    PID:10624
- - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
    3⤵
    PID:13920
- - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
    3⤵
    PID:11392
- C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
  2⤵
  PID:5316
- - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
    3⤵
    PID:8688
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:14524
  - - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
      "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
      4⤵
      PID:11076
- - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
    3⤵
    PID:11756
- - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
    3⤵
    PID:14516
- - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
    3⤵
    PID:7480
- C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
  2⤵
  PID:6948
- - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
    3⤵
    PID:13244
- - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
    3⤵
    PID:6432
- C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
  2⤵
  PID:8828
- - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
    3⤵
    PID:14676
- - C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
    "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
    3⤵
    PID:1348
- C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
  2⤵
  PID:12252
- C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
  2⤵
  PID:14636
- C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe
  "C:\Users\Admin\AppData\Local\Temp\06edd2ca69da2d38c37a2582141f51f0N.exe"
  2⤵
  PID:13028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\russian nude xxx [milf] hole beautyfull .mpg.exe

Filesize
1.2MB

MD5
3a5905d7573dd8b11deb7fe095b5b252

SHA1
b4b802c4762b7f9e4f9f3bfa9d0098ded3dc3af6

SHA256
25daf5162b24655cc6328d6ee3a521e8a7817a6f376ba5c3555144b34e2a9cf8

SHA512
32aa78ca2bceeb589c264eeb6698f050009a683d9c4f1fa7ae7ba3b8a78a67722d6bc93fe723f219ad0794269b073514633a1923d97b140003e27a6411461d54

Download Submit