e655c8c61a403dd0eed96a6b1a7efe5705393fec6e7ae498799c8c68c88a685e

Analysis

max time kernel
119s
max time network
17s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
11-09-2024 20:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

56d0c983a914902fb6a47bd70fd6a260N.exe
Size

1.2MB
MD5

56d0c983a914902fb6a47bd70fd6a260
SHA1

8d46fcb3c3c6461bfa83355d81cae10ac3356421
SHA256

e655c8c61a403dd0eed96a6b1a7efe5705393fec6e7ae498799c8c68c88a685e
SHA512

1e4e931022afbad49e24743870d019a4398192489aed08a31d6d655f291588d02fabfc331a39447c9d89eaf3238e49d886be0196cf6b9247281eedd07fc7a5a9
SSDEEP

24576:QAHnh+eWsN3skA4RV1Hom2KXcmtcajS3SKDvVXH62dxbT5:Hh+ZkldoPKsacajSC6Xd

Score

7^/10

discovery

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\benting.vbs	benting.exe

Executes dropped EXE 64 IoCs

pid	Process
1856	benting.exe
3000	benting.exe
2744	benting.exe
2796	benting.exe
2808	benting.exe
2508	benting.exe
2552	benting.exe
1140	benting.exe
316	benting.exe
2344	benting.exe
1892	benting.exe
2416	benting.exe
2728	benting.exe
1392	benting.exe
336	benting.exe
1276	benting.exe
1644	benting.exe
1588	benting.exe
608	benting.exe
2424	benting.exe
352	benting.exe
1636	benting.exe
2976	benting.exe
2064	benting.exe
1856	benting.exe
2056	benting.exe
2664	benting.exe
2624	benting.exe
2672	benting.exe
2560	benting.exe
2228	benting.exe
1852	benting.exe
1352	benting.exe
2456	benting.exe
1256	benting.exe
1036	benting.exe
2824	benting.exe
2736	benting.exe
2012	benting.exe
1696	benting.exe
2352	benting.exe
1672	benting.exe
328	benting.exe
1644	benting.exe
1456	benting.exe
812	benting.exe
1980	benting.exe
2180	benting.exe
2364	benting.exe
2848	benting.exe
1264	benting.exe
3020	benting.exe
3000	benting.exe
2700	benting.exe
2696	benting.exe
2784	benting.exe
2524	benting.exe
2528	benting.exe
1336	benting.exe
1744	benting.exe
1300	benting.exe
1432	benting.exe
1736	benting.exe
2256	benting.exe

Loads dropped DLL 1 IoCs

pid	Process
1960	56d0c983a914902fb6a47bd70fd6a260N.exe

AutoIT Executable 21 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/memory/1960-0-0x00000000002B0000-0x00000000003F5000-memory.dmp	autoit_exe
behavioral1/files/0x000700000001922c-13.dat	autoit_exe
behavioral1/memory/1856-17-0x0000000000AE0000-0x0000000000C25000-memory.dmp	autoit_exe
behavioral1/memory/3000-33-0x0000000000AE0000-0x0000000000C25000-memory.dmp	autoit_exe
behavioral1/memory/2744-47-0x0000000000AE0000-0x0000000000C25000-memory.dmp	autoit_exe
behavioral1/memory/2796-61-0x0000000000AE0000-0x0000000000C25000-memory.dmp	autoit_exe
behavioral1/memory/2552-103-0x0000000000AE0000-0x0000000000C25000-memory.dmp	autoit_exe
behavioral1/memory/2344-145-0x0000000000AE0000-0x0000000000C25000-memory.dmp	autoit_exe
behavioral1/memory/1892-159-0x0000000000AE0000-0x0000000000C25000-memory.dmp	autoit_exe
behavioral1/memory/1392-201-0x0000000000AE0000-0x0000000000C25000-memory.dmp	autoit_exe
behavioral1/memory/336-215-0x0000000000AE0000-0x0000000000C25000-memory.dmp	autoit_exe
behavioral1/memory/1276-229-0x0000000000AE0000-0x0000000000C25000-memory.dmp	autoit_exe
behavioral1/memory/608-271-0x0000000000AE0000-0x0000000000C25000-memory.dmp	autoit_exe
behavioral1/memory/2424-285-0x0000000000AE0000-0x0000000000C25000-memory.dmp	autoit_exe
behavioral1/memory/352-299-0x0000000000AE0000-0x0000000000C25000-memory.dmp	autoit_exe
behavioral1/memory/1636-311-0x0000000000AE0000-0x0000000000C25000-memory.dmp	autoit_exe
behavioral1/memory/2624-377-0x0000000000AE0000-0x0000000000C25000-memory.dmp	autoit_exe
behavioral1/memory/2672-388-0x0000000000AE0000-0x0000000000C25000-memory.dmp	autoit_exe
behavioral1/memory/2560-399-0x0000000000AE0000-0x0000000000C25000-memory.dmp	autoit_exe
behavioral1/memory/1852-421-0x0000000000AE0000-0x0000000000C25000-memory.dmp	autoit_exe
behavioral1/memory/1980-586-0x0000000000AE0000-0x0000000000C25000-memory.dmp	autoit_exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	benting.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1960 wrote to memory of 1856	1960	56d0c983a914902fb6a47bd70fd6a260N.exe	30
PID 1960 wrote to memory of 1856	1960	56d0c983a914902fb6a47bd70fd6a260N.exe	30
PID 1960 wrote to memory of 1856	1960	56d0c983a914902fb6a47bd70fd6a260N.exe	30
PID 1960 wrote to memory of 1856	1960	56d0c983a914902fb6a47bd70fd6a260N.exe	30
PID 1856 wrote to memory of 3000	1856	benting.exe	31
PID 1856 wrote to memory of 3000	1856	benting.exe	31
PID 1856 wrote to memory of 3000	1856	benting.exe	31
PID 1856 wrote to memory of 3000	1856	benting.exe	31
PID 3000 wrote to memory of 2744	3000	benting.exe	32
PID 3000 wrote to memory of 2744	3000	benting.exe	32
PID 3000 wrote to memory of 2744	3000	benting.exe	32
PID 3000 wrote to memory of 2744	3000	benting.exe	32
PID 2744 wrote to memory of 2796	2744	benting.exe	33
PID 2744 wrote to memory of 2796	2744	benting.exe	33
PID 2744 wrote to memory of 2796	2744	benting.exe	33
PID 2744 wrote to memory of 2796	2744	benting.exe	33
PID 2796 wrote to memory of 2808	2796	benting.exe	34
PID 2796 wrote to memory of 2808	2796	benting.exe	34
PID 2796 wrote to memory of 2808	2796	benting.exe	34
PID 2796 wrote to memory of 2808	2796	benting.exe	34
PID 2808 wrote to memory of 2508	2808	benting.exe	35
PID 2808 wrote to memory of 2508	2808	benting.exe	35
PID 2808 wrote to memory of 2508	2808	benting.exe	35
PID 2808 wrote to memory of 2508	2808	benting.exe	35
PID 2508 wrote to memory of 2552	2508	benting.exe	36
PID 2508 wrote to memory of 2552	2508	benting.exe	36
PID 2508 wrote to memory of 2552	2508	benting.exe	36
PID 2508 wrote to memory of 2552	2508	benting.exe	36
PID 2552 wrote to memory of 1140	2552	benting.exe	37
PID 2552 wrote to memory of 1140	2552	benting.exe	37
PID 2552 wrote to memory of 1140	2552	benting.exe	37
PID 2552 wrote to memory of 1140	2552	benting.exe	37
PID 1140 wrote to memory of 316	1140	benting.exe	38
PID 1140 wrote to memory of 316	1140	benting.exe	38
PID 1140 wrote to memory of 316	1140	benting.exe	38
PID 1140 wrote to memory of 316	1140	benting.exe	38
PID 316 wrote to memory of 2344	316	benting.exe	40
PID 316 wrote to memory of 2344	316	benting.exe	40
PID 316 wrote to memory of 2344	316	benting.exe	40
PID 316 wrote to memory of 2344	316	benting.exe	40
PID 2344 wrote to memory of 1892	2344	benting.exe	41
PID 2344 wrote to memory of 1892	2344	benting.exe	41
PID 2344 wrote to memory of 1892	2344	benting.exe	41
PID 2344 wrote to memory of 1892	2344	benting.exe	41
PID 1892 wrote to memory of 2416	1892	benting.exe	42
PID 1892 wrote to memory of 2416	1892	benting.exe	42
PID 1892 wrote to memory of 2416	1892	benting.exe	42
PID 1892 wrote to memory of 2416	1892	benting.exe	42
PID 2416 wrote to memory of 2728	2416	benting.exe	43
PID 2416 wrote to memory of 2728	2416	benting.exe	43
PID 2416 wrote to memory of 2728	2416	benting.exe	43
PID 2416 wrote to memory of 2728	2416	benting.exe	43
PID 2728 wrote to memory of 1392	2728	benting.exe	44
PID 2728 wrote to memory of 1392	2728	benting.exe	44
PID 2728 wrote to memory of 1392	2728	benting.exe	44
PID 2728 wrote to memory of 1392	2728	benting.exe	44
PID 1392 wrote to memory of 336	1392	benting.exe	45
PID 1392 wrote to memory of 336	1392	benting.exe	45
PID 1392 wrote to memory of 336	1392	benting.exe	45
PID 1392 wrote to memory of 336	1392	benting.exe	45
PID 336 wrote to memory of 1276	336	benting.exe	46
PID 336 wrote to memory of 1276	336	benting.exe	46
PID 336 wrote to memory of 1276	336	benting.exe	46
PID 336 wrote to memory of 1276	336	benting.exe	46

C:\Users\Admin\AppData\Local\Temp\56d0c983a914902fb6a47bd70fd6a260N.exe
"C:\Users\Admin\AppData\Local\Temp\56d0c983a914902fb6a47bd70fd6a260N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1960
- C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
  "C:\Users\Admin\AppData\Local\Temp\56d0c983a914902fb6a47bd70fd6a260N.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1856
- - C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
    "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of WriteProcessMemory
    PID:3000
  - - C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
      "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:2744
    - - C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:2796
      - C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        8⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        9⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        10⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:316
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        11⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        12⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        13⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        14⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:2728
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        15⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        16⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:336
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        17⤵
        Executes dropped EXE
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        18⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        19⤵
        Executes dropped EXE
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        20⤵
        Executes dropped EXE
        
        PID:608
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        21⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        22⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:352
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        23⤵
        Executes dropped EXE
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        24⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        25⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        26⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1856
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        27⤵
        Executes dropped EXE
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        28⤵
        Executes dropped EXE
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        29⤵
        Executes dropped EXE
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        30⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        31⤵
        Executes dropped EXE
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        32⤵
        Executes dropped EXE
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        33⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        34⤵
        Executes dropped EXE
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        35⤵
        Executes dropped EXE
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        36⤵
        Executes dropped EXE
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        37⤵
        Executes dropped EXE
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        38⤵
        Executes dropped EXE
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        39⤵
        Executes dropped EXE
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        40⤵
        Executes dropped EXE
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        41⤵
        Executes dropped EXE
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        42⤵
        Executes dropped EXE
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        43⤵
        Executes dropped EXE
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        44⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:328
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        45⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        46⤵
        Executes dropped EXE
        
        PID:1456
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        47⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:812
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        48⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        49⤵
        Executes dropped EXE
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        50⤵
        Executes dropped EXE
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        51⤵
        Executes dropped EXE
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        52⤵
        Executes dropped EXE
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        53⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        54⤵
        Executes dropped EXE
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        55⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        56⤵
        Executes dropped EXE
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        57⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        58⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        59⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        60⤵
        Executes dropped EXE
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        61⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        62⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        63⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        64⤵
        Executes dropped EXE
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        65⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        66⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        67⤵
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        68⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        69⤵
        
        PID:2044
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        70⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        71⤵
        System Location Discovery: System Language Discovery
        
        PID:868
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        72⤵
        System Location Discovery: System Language Discovery
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        73⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        74⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        75⤵
        System Location Discovery: System Language Discovery
        
        PID:1988
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        76⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        77⤵
        System Location Discovery: System Language Discovery
        
        PID:756
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        78⤵
        System Location Discovery: System Language Discovery
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        79⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        80⤵
        System Location Discovery: System Language Discovery
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        81⤵
        System Location Discovery: System Language Discovery
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        82⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        83⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        84⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        85⤵
        System Location Discovery: System Language Discovery
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        86⤵
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        87⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        88⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        89⤵
        System Location Discovery: System Language Discovery
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        90⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        91⤵
        System Location Discovery: System Language Discovery
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        92⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        93⤵
        System Location Discovery: System Language Discovery
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        94⤵
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        95⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        96⤵
        System Location Discovery: System Language Discovery
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        97⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        98⤵
        System Location Discovery: System Language Discovery
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        99⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        100⤵
        System Location Discovery: System Language Discovery
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        101⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        102⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        103⤵
        System Location Discovery: System Language Discovery
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        104⤵
        System Location Discovery: System Language Discovery
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        105⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        106⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        107⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        108⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        109⤵
        System Location Discovery: System Language Discovery
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        110⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        111⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        112⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        113⤵
        System Location Discovery: System Language Discovery
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        114⤵
        System Location Discovery: System Language Discovery
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        115⤵
        
        PID:276
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        116⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        117⤵
        System Location Discovery: System Language Discovery
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        118⤵
        System Location Discovery: System Language Discovery
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        119⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        120⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        121⤵
        System Location Discovery: System Language Discovery
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        122⤵
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        123⤵
        
        PID:2020
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        124⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        125⤵
        System Location Discovery: System Language Discovery
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        126⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        127⤵
        
        PID:604
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        128⤵
        System Location Discovery: System Language Discovery
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        129⤵
        System Location Discovery: System Language Discovery
        
        PID:916
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        130⤵
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        131⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        132⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        133⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        134⤵
        System Location Discovery: System Language Discovery
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        135⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        136⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        137⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        138⤵
        
        PID:1836
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        139⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        140⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        141⤵
        System Location Discovery: System Language Discovery
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        142⤵
        System Location Discovery: System Language Discovery
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        143⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        144⤵
        
        PID:2472
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        145⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        146⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        147⤵
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        148⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        149⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        150⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        151⤵
        System Location Discovery: System Language Discovery
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        152⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        153⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        154⤵
        System Location Discovery: System Language Discovery
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        155⤵
        System Location Discovery: System Language Discovery
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        156⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        157⤵
        
        PID:604
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        158⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        159⤵
        
        PID:1276
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        160⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        161⤵
        
        PID:1444
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        162⤵
        
        PID:796
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        163⤵
        System Location Discovery: System Language Discovery
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        164⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        165⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        166⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        167⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        168⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        169⤵
        System Location Discovery: System Language Discovery
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        170⤵
        System Location Discovery: System Language Discovery
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        171⤵
        
        PID:984
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        172⤵
        System Location Discovery: System Language Discovery
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        173⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        174⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        175⤵
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        176⤵
        System Location Discovery: System Language Discovery
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        177⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe
        
        "C:\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe"
        178⤵
        
        PID:2456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\autB339.tmp

Filesize
425KB

MD5
1dce0a54a882f98e0ca75b60f86cca0a

SHA1
7643c94c58aacc4ab4c25f6df4cad4dea3162e92

SHA256
9b262473539a6e7017cb1bb9883e70b71395318b5fa4eb512199b15a3c9c56a7

SHA512
10131d92050130ef2219d6754099742a81e4d3ced60f20d24d43120b26f41caa2f0f9e1b73b0a4740a45c91f9e6005402794d7e8e7b77eaf9c816f4d95c748d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\autB368.tmp

Filesize
9KB

MD5
a716315190a52c2f6b2320481afb2c3d

SHA1
65a5b39f396adbfe935a04a03c36de49a3419176

SHA256
8c75a94f086c6b81b5c319edff5dd62ff8e8ba07d440676b552ac3051ad24a9e

SHA512
cb2166de8aaca95d3f00baa872beddf07de7045d67b69abf515535fb5b2eaffdfbc9a662a291cd033dd544bfffa65ec375f61d2d9df59bd0b7c3824cd4ff362a

Download Submit
C:\Users\Admin\AppData\Local\Temp\savager

Filesize
482KB

MD5
83774efdf39c8d5c3f15057665acea11

SHA1
0f03ee694baa8144e4c0eca715a22d718cdb41df

SHA256
3d883f57be91217631420299b45d3fb892f521bc76d4da4354ab194646c4256c

SHA512
583fc5eafe3886054bbee2d462a18693e2d29cbac3d830922e0631bef757d1d6c00425262b3466292779d3806f1c41711d297df81a0e2f1d48d69cb9f731e3a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\syphilous

Filesize
29KB

MD5
7a91016af63268db84ed7dd43644664f

SHA1
a33732e73a3e532dff76aed5aa2ef499b7ece1a2

SHA256
3653ab75d26e909e863ff48e2fbdaa01ba1835a0245483a3a5f4d373063e4b97

SHA512
b2a0ca61f77ab4f35e7fd75d8191aa21dbbe5a1bd20b5aa2b79b600dcae3f174222f3b1a485fe30cf739eb3c419e29278f68d5cdaf6cbf883dd3f05c58523b62

Download Submit
\Users\Admin\AppData\Local\hepatoduodenostomy\benting.exe

Filesize
1.2MB

MD5
56d0c983a914902fb6a47bd70fd6a260

SHA1
8d46fcb3c3c6461bfa83355d81cae10ac3356421

SHA256
e655c8c61a403dd0eed96a6b1a7efe5705393fec6e7ae498799c8c68c88a685e

SHA512
1e4e931022afbad49e24743870d019a4398192489aed08a31d6d655f291588d02fabfc331a39447c9d89eaf3238e49d886be0196cf6b9247281eedd07fc7a5a9

Download Submit
memory/336-215-0x0000000000AE0000-0x0000000000C25000-memory.dmp

Filesize
1.3MB

Download
memory/352-299-0x0000000000AE0000-0x0000000000C25000-memory.dmp

Filesize
1.3MB

Download
memory/608-271-0x0000000000AE0000-0x0000000000C25000-memory.dmp

Filesize
1.3MB

Download
memory/1276-229-0x0000000000AE0000-0x0000000000C25000-memory.dmp

Filesize
1.3MB

Download
memory/1392-201-0x0000000000AE0000-0x0000000000C25000-memory.dmp

Filesize
1.3MB

Download
memory/1636-311-0x0000000000AE0000-0x0000000000C25000-memory.dmp

Filesize
1.3MB

Download
memory/1852-421-0x0000000000AE0000-0x0000000000C25000-memory.dmp

Filesize
1.3MB

Download
memory/1856-17-0x0000000000AE0000-0x0000000000C25000-memory.dmp

Filesize
1.3MB

Download
memory/1892-159-0x0000000000AE0000-0x0000000000C25000-memory.dmp

Filesize
1.3MB

Download
memory/1960-0-0x00000000002B0000-0x00000000003F5000-memory.dmp

Filesize
1.3MB

Download
memory/1960-11-0x00000000001D0000-0x00000000001D4000-memory.dmp

Filesize
16KB

Download
memory/1980-586-0x0000000000AE0000-0x0000000000C25000-memory.dmp

Filesize
1.3MB

Download
memory/2344-145-0x0000000000AE0000-0x0000000000C25000-memory.dmp

Filesize
1.3MB

Download
memory/2424-285-0x0000000000AE0000-0x0000000000C25000-memory.dmp

Filesize
1.3MB

Download
memory/2552-103-0x0000000000AE0000-0x0000000000C25000-memory.dmp

Filesize
1.3MB

Download
memory/2560-399-0x0000000000AE0000-0x0000000000C25000-memory.dmp

Filesize
1.3MB

Download
memory/2624-377-0x0000000000AE0000-0x0000000000C25000-memory.dmp

Filesize
1.3MB

Download
memory/2672-388-0x0000000000AE0000-0x0000000000C25000-memory.dmp

Filesize
1.3MB

Download
memory/2744-47-0x0000000000AE0000-0x0000000000C25000-memory.dmp

Filesize
1.3MB

Download
memory/2796-61-0x0000000000AE0000-0x0000000000C25000-memory.dmp

Filesize
1.3MB

Download
memory/3000-33-0x0000000000AE0000-0x0000000000C25000-memory.dmp

Filesize
1.3MB

Download