510da872b991223204159a3a2db2c354990961a1131090fde23d9fde8c18c245

Analysis

max time kernel
149s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
03-01-2025 07:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

510DA872B991223204159A3A2DB2C354990961A1131090FDE23D9FDE8C18C245.exe
Size

1.4MB
MD5

27b2117dd7b51a94fabfa5b69f8e24cd
SHA1

75ae30e656f11222f42e4343c18b8651b5e091f2
SHA256

510da872b991223204159a3a2db2c354990961a1131090fde23d9fde8c18c245
SHA512

542524baf4d912f962c40dd3e873052cad2f2dda34bc8e3eb5a7561487a07abc1f1da87db5f239d65f9f7fa50845fba16639d85f0e5cddca0d35edee0bbec258
SSDEEP

24576:hAHnh+eWsN3skA4RV1Hom2KXMmHa3syoNcW9e4Lzt8kZ31p5:4h+ZkldoPK8Ya3+9v8kZ39

Score

7^/10

discovery

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\name.vbs	name.exe

Executes dropped EXE 64 IoCs

pid	Process
2996	name.exe
2788	name.exe
2576	name.exe
2808	name.exe
2556	name.exe
2592	name.exe
1548	name.exe
1256	name.exe
1344	name.exe
1524	name.exe
2912	name.exe
2400	name.exe
1080	name.exe
1632	name.exe
2884	name.exe
1312	name.exe
3004	name.exe
1036	name.exe
1540	name.exe
1580	name.exe
2104	name.exe
984	name.exe
300	name.exe
2124	name.exe
1652	name.exe
2744	name.exe
2548	name.exe
2792	name.exe
2780	name.exe
2716	name.exe
2572	name.exe
580	name.exe
852	name.exe
2064	name.exe
1624	name.exe
1920	name.exe
2760	name.exe
1864	name.exe
2416	name.exe
2236	name.exe
1692	name.exe
936	name.exe
1360	name.exe
1160	name.exe
3048	name.exe
1304	name.exe
1876	name.exe
756	name.exe
1020	name.exe
2444	name.exe
1604	name.exe
3036	name.exe
2648	name.exe
2724	name.exe
2596	name.exe
2928	name.exe
1216	name.exe
1372	name.exe
2364	name.exe
1484	name.exe
2000	name.exe
376	name.exe
2580	name.exe
1948	name.exe

Loads dropped DLL 2 IoCs

pid	Process
1576	510DA872B991223204159A3A2DB2C354990961A1131090FDE23D9FDE8C18C245.exe
2996	name.exe

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/files/0x000f00000001537c-12.dat	autoit_exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	510DA872B991223204159A3A2DB2C354990961A1131090FDE23D9FDE8C18C245.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1576	510DA872B991223204159A3A2DB2C354990961A1131090FDE23D9FDE8C18C245.exe
1576	510DA872B991223204159A3A2DB2C354990961A1131090FDE23D9FDE8C18C245.exe
2996	name.exe
2996	name.exe
2788	name.exe
2788	name.exe
2576	name.exe
2576	name.exe
2808	name.exe
2808	name.exe
2556	name.exe
2556	name.exe
2592	name.exe
2592	name.exe
1548	name.exe
1548	name.exe
1256	name.exe
1256	name.exe
1344	name.exe
1344	name.exe
1524	name.exe
1524	name.exe
2912	name.exe
2912	name.exe
2400	name.exe
2400	name.exe
1080	name.exe
1080	name.exe
1632	name.exe
1632	name.exe
2884	name.exe
2884	name.exe
1312	name.exe
1312	name.exe
3004	name.exe
3004	name.exe
1036	name.exe
1036	name.exe
1540	name.exe
1540	name.exe
1580	name.exe
1580	name.exe
2104	name.exe
2104	name.exe
984	name.exe
984	name.exe
300	name.exe
300	name.exe
2124	name.exe
2124	name.exe
1652	name.exe
1652	name.exe
2744	name.exe
2744	name.exe
2548	name.exe
2548	name.exe
2792	name.exe
2792	name.exe
2780	name.exe
2780	name.exe
2716	name.exe
2716	name.exe
2572	name.exe
2572	name.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1576	510DA872B991223204159A3A2DB2C354990961A1131090FDE23D9FDE8C18C245.exe
1576	510DA872B991223204159A3A2DB2C354990961A1131090FDE23D9FDE8C18C245.exe
2996	name.exe
2996	name.exe
2788	name.exe
2788	name.exe
2576	name.exe
2576	name.exe
2808	name.exe
2808	name.exe
2556	name.exe
2556	name.exe
2592	name.exe
2592	name.exe
1548	name.exe
1548	name.exe
1256	name.exe
1256	name.exe
1344	name.exe
1344	name.exe
1524	name.exe
1524	name.exe
2912	name.exe
2912	name.exe
2400	name.exe
2400	name.exe
1080	name.exe
1080	name.exe
1632	name.exe
1632	name.exe
2884	name.exe
2884	name.exe
1312	name.exe
1312	name.exe
3004	name.exe
3004	name.exe
1036	name.exe
1036	name.exe
1540	name.exe
1540	name.exe
1580	name.exe
1580	name.exe
2104	name.exe
2104	name.exe
984	name.exe
984	name.exe
300	name.exe
300	name.exe
2124	name.exe
2124	name.exe
1652	name.exe
1652	name.exe
2744	name.exe
2744	name.exe
2548	name.exe
2548	name.exe
2792	name.exe
2792	name.exe
2780	name.exe
2780	name.exe
2716	name.exe
2716	name.exe
2572	name.exe
2572	name.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1576 wrote to memory of 2996	1576	510DA872B991223204159A3A2DB2C354990961A1131090FDE23D9FDE8C18C245.exe	31
PID 1576 wrote to memory of 2996	1576	510DA872B991223204159A3A2DB2C354990961A1131090FDE23D9FDE8C18C245.exe	31
PID 1576 wrote to memory of 2996	1576	510DA872B991223204159A3A2DB2C354990961A1131090FDE23D9FDE8C18C245.exe	31
PID 1576 wrote to memory of 2996	1576	510DA872B991223204159A3A2DB2C354990961A1131090FDE23D9FDE8C18C245.exe	31
PID 2996 wrote to memory of 2788	2996	name.exe	32
PID 2996 wrote to memory of 2788	2996	name.exe	32
PID 2996 wrote to memory of 2788	2996	name.exe	32
PID 2996 wrote to memory of 2788	2996	name.exe	32
PID 2788 wrote to memory of 2576	2788	name.exe	33
PID 2788 wrote to memory of 2576	2788	name.exe	33
PID 2788 wrote to memory of 2576	2788	name.exe	33
PID 2788 wrote to memory of 2576	2788	name.exe	33
PID 2576 wrote to memory of 2808	2576	name.exe	34
PID 2576 wrote to memory of 2808	2576	name.exe	34
PID 2576 wrote to memory of 2808	2576	name.exe	34
PID 2576 wrote to memory of 2808	2576	name.exe	34
PID 2808 wrote to memory of 2556	2808	name.exe	35
PID 2808 wrote to memory of 2556	2808	name.exe	35
PID 2808 wrote to memory of 2556	2808	name.exe	35
PID 2808 wrote to memory of 2556	2808	name.exe	35
PID 2556 wrote to memory of 2592	2556	name.exe	36
PID 2556 wrote to memory of 2592	2556	name.exe	36
PID 2556 wrote to memory of 2592	2556	name.exe	36
PID 2556 wrote to memory of 2592	2556	name.exe	36
PID 2592 wrote to memory of 1548	2592	name.exe	37
PID 2592 wrote to memory of 1548	2592	name.exe	37
PID 2592 wrote to memory of 1548	2592	name.exe	37
PID 2592 wrote to memory of 1548	2592	name.exe	37
PID 1548 wrote to memory of 1256	1548	name.exe	38
PID 1548 wrote to memory of 1256	1548	name.exe	38
PID 1548 wrote to memory of 1256	1548	name.exe	38
PID 1548 wrote to memory of 1256	1548	name.exe	38
PID 1256 wrote to memory of 1344	1256	name.exe	39
PID 1256 wrote to memory of 1344	1256	name.exe	39
PID 1256 wrote to memory of 1344	1256	name.exe	39
PID 1256 wrote to memory of 1344	1256	name.exe	39
PID 1344 wrote to memory of 1524	1344	name.exe	40
PID 1344 wrote to memory of 1524	1344	name.exe	40
PID 1344 wrote to memory of 1524	1344	name.exe	40
PID 1344 wrote to memory of 1524	1344	name.exe	40
PID 1524 wrote to memory of 2912	1524	name.exe	41
PID 1524 wrote to memory of 2912	1524	name.exe	41
PID 1524 wrote to memory of 2912	1524	name.exe	41
PID 1524 wrote to memory of 2912	1524	name.exe	41
PID 2912 wrote to memory of 2400	2912	name.exe	42
PID 2912 wrote to memory of 2400	2912	name.exe	42
PID 2912 wrote to memory of 2400	2912	name.exe	42
PID 2912 wrote to memory of 2400	2912	name.exe	42
PID 2400 wrote to memory of 1080	2400	name.exe	43
PID 2400 wrote to memory of 1080	2400	name.exe	43
PID 2400 wrote to memory of 1080	2400	name.exe	43
PID 2400 wrote to memory of 1080	2400	name.exe	43
PID 1080 wrote to memory of 1632	1080	name.exe	44
PID 1080 wrote to memory of 1632	1080	name.exe	44
PID 1080 wrote to memory of 1632	1080	name.exe	44
PID 1080 wrote to memory of 1632	1080	name.exe	44
PID 1632 wrote to memory of 2884	1632	name.exe	45
PID 1632 wrote to memory of 2884	1632	name.exe	45
PID 1632 wrote to memory of 2884	1632	name.exe	45
PID 1632 wrote to memory of 2884	1632	name.exe	45
PID 2884 wrote to memory of 1312	2884	name.exe	46
PID 2884 wrote to memory of 1312	2884	name.exe	46
PID 2884 wrote to memory of 1312	2884	name.exe	46
PID 2884 wrote to memory of 1312	2884	name.exe	46

C:\Users\Admin\AppData\Local\Temp\510DA872B991223204159A3A2DB2C354990961A1131090FDE23D9FDE8C18C245.exe
"C:\Users\Admin\AppData\Local\Temp\510DA872B991223204159A3A2DB2C354990961A1131090FDE23D9FDE8C18C245.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1576
- C:\Users\Admin\AppData\Local\directory\name.exe
  "C:\Users\Admin\AppData\Local\Temp\510DA872B991223204159A3A2DB2C354990961A1131090FDE23D9FDE8C18C245.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2996
- - C:\Users\Admin\AppData\Local\directory\name.exe
    "C:\Users\Admin\AppData\Local\directory\name.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2788
  - - C:\Users\Admin\AppData\Local\directory\name.exe
      "C:\Users\Admin\AppData\Local\directory\name.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:2576
    - - C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2808
      - C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        8⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        9⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        10⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        11⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        12⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        13⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        14⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        15⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        16⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        17⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        18⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        19⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        20⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        21⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        22⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2104
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        23⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:984
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        24⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:300
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        25⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        26⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        27⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        28⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        29⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        30⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        31⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        32⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        33⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:580
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        34⤵
        Executes dropped EXE
        
        PID:852
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        35⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        36⤵
        Executes dropped EXE
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        37⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        38⤵
        Executes dropped EXE
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        39⤵
        Executes dropped EXE
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        40⤵
        Executes dropped EXE
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        41⤵
        Executes dropped EXE
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        42⤵
        Executes dropped EXE
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        43⤵
        Executes dropped EXE
        
        PID:936
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        44⤵
        Executes dropped EXE
        
        PID:1360
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        45⤵
        Executes dropped EXE
        
        PID:1160
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        46⤵
        Executes dropped EXE
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        47⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        48⤵
        Executes dropped EXE
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        49⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:756
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        50⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1020
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        51⤵
        Executes dropped EXE
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        52⤵
        Executes dropped EXE
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        53⤵
        Executes dropped EXE
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        54⤵
        Executes dropped EXE
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        55⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        56⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        57⤵
        Executes dropped EXE
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        58⤵
        Executes dropped EXE
        
        PID:1216
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        59⤵
        Executes dropped EXE
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        60⤵
        Executes dropped EXE
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        61⤵
        Executes dropped EXE
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        62⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        63⤵
        Executes dropped EXE
        
        PID:376
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        64⤵
        Executes dropped EXE
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        65⤵
        Executes dropped EXE
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        66⤵
        System Location Discovery: System Language Discovery
        
        PID:448
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        67⤵
        
        PID:596
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        68⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        69⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        70⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        71⤵
        System Location Discovery: System Language Discovery
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        72⤵
        System Location Discovery: System Language Discovery
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        73⤵
        System Location Discovery: System Language Discovery
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        74⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        75⤵
        System Location Discovery: System Language Discovery
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        76⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        77⤵
        System Location Discovery: System Language Discovery
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        78⤵
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        79⤵
        System Location Discovery: System Language Discovery
        
        PID:2336
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        80⤵
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        81⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        82⤵
        
        PID:1204
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        83⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        84⤵
        System Location Discovery: System Language Discovery
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        85⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        86⤵
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        87⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        88⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        89⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        90⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        91⤵
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        92⤵
        System Location Discovery: System Language Discovery
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        93⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        94⤵
        System Location Discovery: System Language Discovery
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        95⤵
        System Location Discovery: System Language Discovery
        
        PID:2568
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        96⤵
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        97⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        98⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        99⤵
        System Location Discovery: System Language Discovery
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        100⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        101⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        102⤵
        
        PID:2208
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        103⤵
        System Location Discovery: System Language Discovery
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        104⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        105⤵
        System Location Discovery: System Language Discovery
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        106⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        107⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        108⤵
        System Location Discovery: System Language Discovery
        
        PID:2624
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        109⤵
        System Location Discovery: System Language Discovery
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        110⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        111⤵
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        112⤵
        System Location Discovery: System Language Discovery
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        113⤵
        
        PID:1696
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        114⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        115⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        116⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        117⤵
        
        PID:1368
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        118⤵
        System Location Discovery: System Language Discovery
        
        PID:684
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        119⤵
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        120⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        121⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        122⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        123⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        124⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        125⤵
        System Location Discovery: System Language Discovery
        
        PID:1824
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        126⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        127⤵
        System Location Discovery: System Language Discovery
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        128⤵
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        129⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        130⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        131⤵
        
        PID:740
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        132⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        133⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        134⤵
        
        PID:1152
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        135⤵
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        136⤵
        System Location Discovery: System Language Discovery
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        137⤵
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        138⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        139⤵
        
        PID:380
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        140⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        141⤵
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        142⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        143⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        144⤵
        System Location Discovery: System Language Discovery
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        145⤵
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        146⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        147⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        148⤵
        System Location Discovery: System Language Discovery
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        149⤵
        System Location Discovery: System Language Discovery
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        150⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        151⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        152⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        153⤵
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        154⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        155⤵
        System Location Discovery: System Language Discovery
        
        PID:492
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        156⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        157⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        158⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        159⤵
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        160⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        161⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        162⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        163⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        164⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        165⤵
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        166⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        167⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        168⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        169⤵
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        170⤵
        System Location Discovery: System Language Discovery
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        171⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        172⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        173⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        174⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        175⤵
        
        PID:1424
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        176⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        177⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        178⤵
        System Location Discovery: System Language Discovery
        
        PID:912
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        179⤵
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        180⤵
        System Location Discovery: System Language Discovery
        
        PID:2684
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        181⤵
        
        PID:288
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        182⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        183⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        184⤵
        System Location Discovery: System Language Discovery
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        185⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        186⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        187⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        188⤵
        System Location Discovery: System Language Discovery
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        189⤵
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        190⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        191⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        192⤵
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        193⤵
        System Location Discovery: System Language Discovery
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        194⤵
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        195⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        196⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        197⤵
        System Location Discovery: System Language Discovery
        
        PID:3104
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        198⤵
        
        PID:3152
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        199⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        200⤵
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        201⤵
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        202⤵
        System Location Discovery: System Language Discovery
        
        PID:3356
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        203⤵
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        204⤵
        
        PID:3456
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        205⤵
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        206⤵
        
        PID:3556
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        207⤵
        
        PID:3604
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        208⤵
        System Location Discovery: System Language Discovery
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        209⤵
        System Location Discovery: System Language Discovery
        
        PID:3704
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        210⤵
        
        PID:3752
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        211⤵
        
        PID:3804
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        212⤵
        System Location Discovery: System Language Discovery
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        213⤵
        
        PID:3904
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        214⤵
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        215⤵
        
        PID:4008
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        216⤵
        
        PID:4056
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        217⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        218⤵
        
        PID:3132
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        219⤵
        System Location Discovery: System Language Discovery
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        220⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        221⤵
        
        PID:3312
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        222⤵
        
        PID:3372
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        223⤵
        System Location Discovery: System Language Discovery
        
        PID:3428
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        224⤵
        System Location Discovery: System Language Discovery
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        225⤵
        System Location Discovery: System Language Discovery
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        226⤵
        System Location Discovery: System Language Discovery
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        227⤵
        System Location Discovery: System Language Discovery
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        228⤵
        
        PID:3732
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        229⤵
        
        PID:3784
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        230⤵
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        231⤵
        System Location Discovery: System Language Discovery
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        232⤵
        
        PID:3964
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        233⤵
        
        PID:4024
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        234⤵
        
        PID:4080
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        235⤵
        
        PID:3116
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        236⤵
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        237⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        238⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        239⤵
        
        PID:3352
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        240⤵
        
        PID:3480
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        241⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        242⤵
        System Location Discovery: System Language Discovery
        
        PID:3632
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        243⤵
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        244⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        245⤵
        System Location Discovery: System Language Discovery
        
        PID:3836
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        246⤵
        
        PID:3920
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        247⤵
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        248⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        249⤵
        
        PID:3084
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        250⤵
        
        PID:3168
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        251⤵
        System Location Discovery: System Language Discovery
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        252⤵
        
        PID:3336
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        253⤵
        System Location Discovery: System Language Discovery
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        254⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        255⤵
        System Location Discovery: System Language Discovery
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        256⤵
        
        PID:3668
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        257⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        258⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        259⤵
        
        PID:3940
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        260⤵
        
        PID:4016
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        261⤵
        
        PID:4092
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        262⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        263⤵
        
        PID:3280
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        264⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        265⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        266⤵
        
        PID:3540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\autE89A.tmp

Filesize
414KB

MD5
914332b9bbda9f05ba02b1cc1a857a03

SHA1
c2e5dca6c62aa15427fc92066ef5f4948f6487c4

SHA256
05223be39a24bbabf5ad3fbaff565df1d37a38689de429ea8893bf7c79121087

SHA512
c0fffef0494285a35bcc1d01510605878095775eaa3ba58ff5c38b53c554d05b6b301b134a83b33b8d1f1ac4e3ad14e7f637aaecca8e8bacad80780afc71128f

Download Submit
C:\Users\Admin\AppData\Local\Temp\autE8BB.tmp

Filesize
9KB

MD5
7c40927bbb75742a1657a25f712afae3

SHA1
f3527f9c6351f4509e5c6093bf44ae39967b7da1

SHA256
241a4a312466edb1c2f1ddc38dd80390c4f4d681fc691cb084df928d7861b34e

SHA512
5844e2623c935c54349df5cef69dd4c5ca4eb93ac489f1f1b08cd8f4345f339c68c9e65c607252df5a6542e6a417137776f8056b774a5bf2865136b0c14702c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\juvenilely

Filesize
483KB

MD5
b00cdc73b7aaf7283f7858abf7cab1f1

SHA1
43ba26efdf019843b2461265f088b9465c3fd5a1

SHA256
39f7439b761835e406dcff3096e4bdb1393ce7aaf2011f4996a3155c6a9ca761

SHA512
af562e160af17d479db3811ea5874b0cff13c0000786dd38257b50f45bcd712898b76127af3b08fead1e9292806cfa997a30704a08444128a68ca342ea02cc1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\juvenilely

Filesize
128KB

MD5
3cd768cdb517a3ffdfd760c8fbb66742

SHA1
ef4c795a4bdd0443dd773f9f0b85599ec4197177

SHA256
5901dec83b55973abaa1ddb483bc5e51b6241abdffab678bc7c9ba3c850c0522

SHA512
a6164f87198c7ec42d92d89be953d298f2b928e63a109ac332a704787633ad2e10d3dd7ba76a3c5f39fb6eb905acea5b41f00d1e5e9dc6d2ea6ab8d3950b2908

Download Submit
C:\Users\Admin\AppData\Local\Temp\schoolma

Filesize
28KB

MD5
9a216d069231fd79533ec521d9abf0e8

SHA1
32eb60eceecc28e8aa843756bdd6d8dd64393be1

SHA256
5b21b502a369f554ef6bf2697602d148a9b45786f5aaa0eb51d74d1be789b0e1

SHA512
d7e6a1b691beb497570b6d1ae57e9de1d13583124b582484f60bbcfa4652ce18432bf823423434ff50aa04433f10c54b6be1d9572e4ed8a408d3e812f1a267db

Download Submit
\Users\Admin\AppData\Local\directory\name.exe

Filesize
1.4MB

MD5
27b2117dd7b51a94fabfa5b69f8e24cd

SHA1
75ae30e656f11222f42e4343c18b8651b5e091f2

SHA256
510da872b991223204159a3a2db2c354990961a1131090fde23d9fde8c18c245

SHA512
542524baf4d912f962c40dd3e873052cad2f2dda34bc8e3eb5a7561487a07abc1f1da87db5f239d65f9f7fa50845fba16639d85f0e5cddca0d35edee0bbec258

Download Submit
memory/1576-10-0x0000000000120000-0x0000000000124000-memory.dmp

Filesize
16KB

Download