Malware Analysis Report

2024-11-30 22:22

Sample ID 241121-yk763azpan
Target 6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5
SHA256 6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5
Tags
formbook xloader v4qp discovery loader rat spyware stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5

Threat Level: Known bad

The file 6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5 was found to be: Known bad.

Malicious Activity Summary

formbook xloader v4qp discovery loader rat spyware stealer trojan

Xloader

Contains code to disable Windows Defender

Formbook family

Xloader family

Formbook

Xloader payload

Checks computer location settings

Suspicious use of SetThreadContext

Unsigned PE

System Location Discovery: System Language Discovery

Enumerates physical storage devices

Suspicious use of AdjustPrivilegeToken

Suspicious use of WriteProcessMemory

Suspicious behavior: EnumeratesProcesses

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-11-21 19:51

Signatures

Unsigned PE

Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-11-21 19:51

Reported

2024-11-21 19:54

Platform

win7-20240903-en

Max time kernel

150s

Max time network

122s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

Signatures

Formbook

trojan spyware stealer formbook

Formbook family

formbook

Xloader

loader xloader

Xloader family

xloader

Xloader payload

rat
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 2032 set thread context of 2384 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2540 set thread context of 1964 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2860 set thread context of 2720 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2880 set thread context of 2756 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2588 set thread context of 2636 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 3064 set thread context of 648 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 1368 set thread context of 2828 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2848 set thread context of 1512 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 3056 set thread context of 3040 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 1996 set thread context of 900 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 1640 set thread context of 540 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2188 set thread context of 1068 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 1720 set thread context of 1956 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 1148 set thread context of 608 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2448 set thread context of 2068 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2328 set thread context of 1540 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2552 set thread context of 1268 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2052 set thread context of 2180 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 884 set thread context of 2096 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 1556 set thread context of 1728 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2372 set thread context of 2560 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2780 set thread context of 2748 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2600 set thread context of 2996 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2872 set thread context of 2896 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2376 set thread context of 3068 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2240 set thread context of 2268 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 1948 set thread context of 2768 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2920 set thread context of 1744 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 1916 set thread context of 1952 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2280 set thread context of 1428 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 1500 set thread context of 1944 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 3000 set thread context of 1076 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 1712 set thread context of 1960 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 1612 set thread context of 792 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 1872 set thread context of 660 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2448 set thread context of 1120 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2100 set thread context of 1608 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2952 set thread context of 2672 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 1592 set thread context of 1756 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 1684 set thread context of 1728 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2128 set thread context of 2032 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2260 set thread context of 2716 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2996 set thread context of 2956 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2216 set thread context of 2644 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2304 set thread context of 1572 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 836 set thread context of 2012 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2532 set thread context of 2768 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 1708 set thread context of 2840 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 1072 set thread context of 1456 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2316 set thread context of 984 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 3008 set thread context of 2572 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 1352 set thread context of 1184 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 372 set thread context of 1532 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2408 set thread context of 1752 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2000 set thread context of 756 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 1852 set thread context of 832 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2448 set thread context of 2504 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 1748 set thread context of 1912 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 872 set thread context of 1680 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2696 set thread context of 1684 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2540 set thread context of 2128 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2752 set thread context of 2772 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2392 set thread context of 2960 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2800 set thread context of 2712 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 2032 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2032 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2032 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2032 wrote to memory of 2372 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2032 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2032 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2032 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2032 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2032 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2032 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2032 wrote to memory of 2384 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2032 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2032 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2032 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2032 wrote to memory of 2540 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2540 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2540 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2540 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2540 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2540 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2540 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2540 wrote to memory of 1964 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2540 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2540 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2540 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2540 wrote to memory of 2860 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2860 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2860 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2860 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2860 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2860 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2860 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2860 wrote to memory of 2720 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2860 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2860 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2860 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2860 wrote to memory of 2880 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2880 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2880 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2880 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2880 wrote to memory of 2216 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2880 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2880 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2880 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2880 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2880 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2880 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2880 wrote to memory of 2756 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2880 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2880 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2880 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2880 wrote to memory of 2588 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2588 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2588 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2588 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2588 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2588 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2588 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2588 wrote to memory of 2636 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2588 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2588 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2588 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2588 wrote to memory of 3064 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 3064 wrote to memory of 648 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

Processes

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

Network

N/A

Files

memory/2032-0-0x00000000741C1000-0x00000000741C2000-memory.dmp

memory/2032-1-0x00000000741C0000-0x000000007476B000-memory.dmp

memory/2032-2-0x00000000741C0000-0x000000007476B000-memory.dmp

memory/2384-3-0x0000000000400000-0x000000000042C000-memory.dmp

memory/2384-5-0x0000000000400000-0x000000000042C000-memory.dmp

memory/2384-7-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

memory/2384-10-0x0000000000400000-0x000000000042C000-memory.dmp

memory/2384-11-0x0000000000A40000-0x0000000000D43000-memory.dmp

memory/2032-12-0x00000000741C0000-0x000000007476B000-memory.dmp

memory/2540-13-0x00000000741C1000-0x00000000741C2000-memory.dmp

memory/2540-14-0x00000000741C0000-0x000000007476B000-memory.dmp

memory/2540-15-0x00000000741C0000-0x000000007476B000-memory.dmp

memory/1964-24-0x0000000000A00000-0x0000000000D03000-memory.dmp

memory/1964-23-0x0000000000401000-0x000000000042C000-memory.dmp

memory/2540-25-0x00000000741C0000-0x000000007476B000-memory.dmp

memory/2384-44-0x0000000000A40000-0x0000000000D43000-memory.dmp

Analysis: behavioral2

Detonation Overview

Submitted

2024-11-21 19:51

Reported

2024-11-21 19:54

Platform

win10v2004-20241007-en

Max time kernel

92s

Max time network

141s

Command Line

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

Signatures

Contains code to disable Windows Defender

Description Indicator Process Target
N/A N/A N/A N/A

Formbook

trojan spyware stealer formbook

Formbook family

formbook

Xloader

loader xloader

Xloader family

xloader

Xloader payload

rat
Description Indicator Process Target
N/A N/A N/A N/A

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 4996 set thread context of 4360 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 3732 set thread context of 1200 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 8 set thread context of 3468 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 1112 set thread context of 3172 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 736 set thread context of 1108 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 1140 set thread context of 1096 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 3880 set thread context of 4708 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 3244 set thread context of 1348 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 5056 set thread context of 1744 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2708 set thread context of 4480 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 3936 set thread context of 2856 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 4336 set thread context of 1040 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 1372 set thread context of 4132 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2716 set thread context of 2564 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 3500 set thread context of 3636 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 3928 set thread context of 1984 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 4108 set thread context of 1036 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2804 set thread context of 1120 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2328 set thread context of 5084 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 2304 set thread context of 3972 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 5000 set thread context of 4156 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 3844 set thread context of 4732 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 4996 wrote to memory of 4360 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 4996 wrote to memory of 4360 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 4996 wrote to memory of 4360 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 4996 wrote to memory of 4360 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 4996 wrote to memory of 4360 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 4996 wrote to memory of 4360 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 4996 wrote to memory of 3732 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 4996 wrote to memory of 3732 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 4996 wrote to memory of 3732 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 3732 wrote to memory of 1200 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 3732 wrote to memory of 1200 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 3732 wrote to memory of 1200 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 3732 wrote to memory of 1200 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 3732 wrote to memory of 1200 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 3732 wrote to memory of 1200 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 3732 wrote to memory of 8 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 3732 wrote to memory of 8 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 3732 wrote to memory of 8 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 8 wrote to memory of 3468 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 8 wrote to memory of 3468 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 8 wrote to memory of 3468 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 8 wrote to memory of 3468 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 8 wrote to memory of 3468 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 8 wrote to memory of 3468 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 8 wrote to memory of 1112 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 8 wrote to memory of 1112 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 8 wrote to memory of 1112 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 1112 wrote to memory of 3172 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 1112 wrote to memory of 3172 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 1112 wrote to memory of 3172 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 1112 wrote to memory of 3172 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 1112 wrote to memory of 3172 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 1112 wrote to memory of 3172 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 1112 wrote to memory of 736 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 1112 wrote to memory of 736 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 1112 wrote to memory of 736 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 736 wrote to memory of 1108 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 736 wrote to memory of 1108 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 736 wrote to memory of 1108 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 736 wrote to memory of 1108 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 736 wrote to memory of 1108 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 736 wrote to memory of 1108 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 736 wrote to memory of 1140 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 736 wrote to memory of 1140 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 736 wrote to memory of 1140 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 1140 wrote to memory of 1096 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 1140 wrote to memory of 1096 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 1140 wrote to memory of 1096 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 1140 wrote to memory of 1096 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 1140 wrote to memory of 1096 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 1140 wrote to memory of 1096 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 1140 wrote to memory of 3880 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 1140 wrote to memory of 3880 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 1140 wrote to memory of 3880 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 3880 wrote to memory of 4708 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 3880 wrote to memory of 4708 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 3880 wrote to memory of 4708 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 3880 wrote to memory of 4708 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 3880 wrote to memory of 4708 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 3880 wrote to memory of 4708 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 3880 wrote to memory of 3244 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 3880 wrote to memory of 3244 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 3880 wrote to memory of 3244 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe
PID 3244 wrote to memory of 3288 N/A C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

Processes

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

C:\Users\Admin\AppData\Local\Temp\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe

"{path}"

Network

Country Destination Domain Proto
US 8.8.8.8:53 97.17.167.52.in-addr.arpa udp
US 8.8.8.8:53 172.214.232.199.in-addr.arpa udp
US 8.8.8.8:53 71.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 200.163.202.172.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 107.36.72.23.in-addr.arpa udp
US 8.8.8.8:53 172.210.232.199.in-addr.arpa udp

Files

memory/4996-0-0x0000000074E32000-0x0000000074E33000-memory.dmp

memory/4996-1-0x0000000074E30000-0x00000000753E1000-memory.dmp

memory/4996-2-0x0000000074E30000-0x00000000753E1000-memory.dmp

memory/4360-3-0x0000000000400000-0x000000000042C000-memory.dmp

memory/4360-4-0x0000000001870000-0x0000000001BBA000-memory.dmp

memory/4996-7-0x0000000074E30000-0x00000000753E1000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\6672b26a03db7ec5d61e90ce7827c422cb6a8a942cc1c77f92f97e263a35d8e5.exe.log

MD5 9c4b66f77f12558c48b620ddfb44029d
SHA1 446651db643b943ec37b9b3599655e211a4bc73e
SHA256 42f723d18283fda6a0904046cc29ee8d10e562d20c7615259a46ae9c0e4c9708
SHA512 983aed0ec15a79b716ac6dc080146e4ed098c117c31167053fb5971649dc621d1db5292fdd76f3010f094b75d57ea0bdb35bc829c6ba37e4d276b266361dee8e

memory/3732-10-0x0000000074E30000-0x00000000753E1000-memory.dmp

memory/3732-9-0x0000000074E32000-0x0000000074E34000-memory.dmp

memory/3732-8-0x00000000011D0000-0x00000000011E0000-memory.dmp

memory/1200-12-0x0000000001510000-0x000000000185A000-memory.dmp

memory/8-14-0x0000000074E32000-0x0000000074E33000-memory.dmp

memory/8-15-0x0000000074E30000-0x00000000753E1000-memory.dmp

memory/3732-13-0x0000000074E30000-0x00000000753E1000-memory.dmp

memory/8-16-0x0000000074E30000-0x00000000753E1000-memory.dmp

memory/8-18-0x0000000074E30000-0x00000000753E1000-memory.dmp

memory/1200-21-0x0000000001510000-0x000000000185A000-memory.dmp

memory/4744-29-0x00000000754E0000-0x00000000754E8000-memory.dmp