e3a690718615cf8bf5414c097942ecf76b2d294801381848c140ab909b0aed63

Analysis

max time kernel
149s
max time network
120s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
21/08/2024, 09:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

quotation.exe
Size

1.3MB
MD5

347e851f26cedb5a5ab9eebb2064a32b
SHA1

ed45d95c46b594eaa6c752b492bdadabe65e35f0
SHA256

3ee5a0f95d5d8da1deb9757d957b519367b4850f1716a6bf1fb1129e385a007f
SHA512

fc41e6ea9c2f1002d89f82faeb3901b130087aa8528004f1b2545c8ba620309cb84a63b20fbf08ee133e6a3386f2d8dc24b65b576f29be887a6309efcef63f8d
SSDEEP

24576:mqDEvCTbMWu7rQYlBQcBiT6rprG8amDw9qlGZg3LMf3gPCTGE7F2F/xke:mTvC/MTQYxsWR7amDv8FtKk

Score

7^/10

discovery

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrome.vbs	chrome.exe

Executes dropped EXE 64 IoCs

pid	Process
2596	chrome.exe
2600	chrome.exe
2712	chrome.exe
2608	chrome.exe
2348	chrome.exe
2536	chrome.exe
2324	chrome.exe
1164	chrome.exe
2312	chrome.exe
1924	chrome.exe
1632	chrome.exe
832	chrome.exe
664	chrome.exe
344	chrome.exe
824	chrome.exe
1508	chrome.exe
1648	chrome.exe
1528	chrome.exe
2000	chrome.exe
1604	chrome.exe
2896	chrome.exe
2260	chrome.exe
1684	chrome.exe
2700	chrome.exe
2544	chrome.exe
2796	chrome.exe
2448	chrome.exe
2900	chrome.exe
1800	chrome.exe
2424	chrome.exe
2524	chrome.exe
1960	chrome.exe
1464	chrome.exe
2148	chrome.exe
1828	chrome.exe
1900	chrome.exe
2052	chrome.exe
1048	chrome.exe
1060	chrome.exe
892	chrome.exe
3024	chrome.exe
1564	chrome.exe
3016	chrome.exe
2880	chrome.exe
2928	chrome.exe
968	chrome.exe
1716	chrome.exe
1576	chrome.exe
2692	chrome.exe
2724	chrome.exe
2604	chrome.exe
2488	chrome.exe
552	chrome.exe
2504	chrome.exe
2532	chrome.exe
2760	chrome.exe
2144	chrome.exe
2328	chrome.exe
2416	chrome.exe
3048	chrome.exe
1076	chrome.exe
1364	chrome.exe
1420	chrome.exe
1384	chrome.exe

Loads dropped DLL 1 IoCs

pid	Process
2972	quotation.exe

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/files/0x0008000000016859-60.dat	autoit_exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2972	quotation.exe
2972	quotation.exe
2596	chrome.exe
2596	chrome.exe
2600	chrome.exe
2600	chrome.exe
2712	chrome.exe
2712	chrome.exe
2608	chrome.exe
2608	chrome.exe
2348	chrome.exe
2348	chrome.exe
2536	chrome.exe
2536	chrome.exe
2324	chrome.exe
2324	chrome.exe
1164	chrome.exe
1164	chrome.exe
2312	chrome.exe
2312	chrome.exe
1924	chrome.exe
1924	chrome.exe
1632	chrome.exe
1632	chrome.exe
832	chrome.exe
832	chrome.exe
664	chrome.exe
664	chrome.exe
344	chrome.exe
344	chrome.exe
824	chrome.exe
824	chrome.exe
1508	chrome.exe
1508	chrome.exe
1648	chrome.exe
1648	chrome.exe
1528	chrome.exe
1528	chrome.exe
2000	chrome.exe
2000	chrome.exe
1604	chrome.exe
1604	chrome.exe
2896	chrome.exe
2896	chrome.exe
2260	chrome.exe
2260	chrome.exe
1684	chrome.exe
1684	chrome.exe
2700	chrome.exe
2700	chrome.exe
2544	chrome.exe
2544	chrome.exe
2796	chrome.exe
2796	chrome.exe
2448	chrome.exe
2448	chrome.exe
2900	chrome.exe
2900	chrome.exe
1800	chrome.exe
1800	chrome.exe
2424	chrome.exe
2424	chrome.exe
2524	chrome.exe
2524	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2972	quotation.exe
2972	quotation.exe
2596	chrome.exe
2596	chrome.exe
2600	chrome.exe
2600	chrome.exe
2712	chrome.exe
2712	chrome.exe
2608	chrome.exe
2608	chrome.exe
2348	chrome.exe
2348	chrome.exe
2536	chrome.exe
2536	chrome.exe
2324	chrome.exe
2324	chrome.exe
1164	chrome.exe
1164	chrome.exe
2312	chrome.exe
2312	chrome.exe
1924	chrome.exe
1924	chrome.exe
1632	chrome.exe
1632	chrome.exe
832	chrome.exe
832	chrome.exe
664	chrome.exe
664	chrome.exe
344	chrome.exe
344	chrome.exe
824	chrome.exe
824	chrome.exe
1508	chrome.exe
1508	chrome.exe
1648	chrome.exe
1648	chrome.exe
1528	chrome.exe
1528	chrome.exe
2000	chrome.exe
2000	chrome.exe
1604	chrome.exe
1604	chrome.exe
2896	chrome.exe
2896	chrome.exe
2260	chrome.exe
2260	chrome.exe
1684	chrome.exe
1684	chrome.exe
2700	chrome.exe
2700	chrome.exe
2544	chrome.exe
2544	chrome.exe
2796	chrome.exe
2796	chrome.exe
2448	chrome.exe
2448	chrome.exe
2900	chrome.exe
2900	chrome.exe
1800	chrome.exe
1800	chrome.exe
2424	chrome.exe
2424	chrome.exe
2524	chrome.exe
2524	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2972 wrote to memory of 2596	2972	quotation.exe	29
PID 2972 wrote to memory of 2596	2972	quotation.exe	29
PID 2972 wrote to memory of 2596	2972	quotation.exe	29
PID 2972 wrote to memory of 2596	2972	quotation.exe	29
PID 2596 wrote to memory of 2600	2596	chrome.exe	30
PID 2596 wrote to memory of 2600	2596	chrome.exe	30
PID 2596 wrote to memory of 2600	2596	chrome.exe	30
PID 2596 wrote to memory of 2600	2596	chrome.exe	30
PID 2600 wrote to memory of 2712	2600	chrome.exe	31
PID 2600 wrote to memory of 2712	2600	chrome.exe	31
PID 2600 wrote to memory of 2712	2600	chrome.exe	31
PID 2600 wrote to memory of 2712	2600	chrome.exe	31
PID 2712 wrote to memory of 2608	2712	chrome.exe	32
PID 2712 wrote to memory of 2608	2712	chrome.exe	32
PID 2712 wrote to memory of 2608	2712	chrome.exe	32
PID 2712 wrote to memory of 2608	2712	chrome.exe	32
PID 2608 wrote to memory of 2348	2608	chrome.exe	33
PID 2608 wrote to memory of 2348	2608	chrome.exe	33
PID 2608 wrote to memory of 2348	2608	chrome.exe	33
PID 2608 wrote to memory of 2348	2608	chrome.exe	33
PID 2348 wrote to memory of 2536	2348	chrome.exe	34
PID 2348 wrote to memory of 2536	2348	chrome.exe	34
PID 2348 wrote to memory of 2536	2348	chrome.exe	34
PID 2348 wrote to memory of 2536	2348	chrome.exe	34
PID 2536 wrote to memory of 2324	2536	chrome.exe	35
PID 2536 wrote to memory of 2324	2536	chrome.exe	35
PID 2536 wrote to memory of 2324	2536	chrome.exe	35
PID 2536 wrote to memory of 2324	2536	chrome.exe	35
PID 2324 wrote to memory of 1164	2324	chrome.exe	36
PID 2324 wrote to memory of 1164	2324	chrome.exe	36
PID 2324 wrote to memory of 1164	2324	chrome.exe	36
PID 2324 wrote to memory of 1164	2324	chrome.exe	36
PID 1164 wrote to memory of 2312	1164	chrome.exe	37
PID 1164 wrote to memory of 2312	1164	chrome.exe	37
PID 1164 wrote to memory of 2312	1164	chrome.exe	37
PID 1164 wrote to memory of 2312	1164	chrome.exe	37
PID 2312 wrote to memory of 1924	2312	chrome.exe	38
PID 2312 wrote to memory of 1924	2312	chrome.exe	38
PID 2312 wrote to memory of 1924	2312	chrome.exe	38
PID 2312 wrote to memory of 1924	2312	chrome.exe	38
PID 1924 wrote to memory of 1632	1924	chrome.exe	39
PID 1924 wrote to memory of 1632	1924	chrome.exe	39
PID 1924 wrote to memory of 1632	1924	chrome.exe	39
PID 1924 wrote to memory of 1632	1924	chrome.exe	39
PID 1632 wrote to memory of 832	1632	chrome.exe	40
PID 1632 wrote to memory of 832	1632	chrome.exe	40
PID 1632 wrote to memory of 832	1632	chrome.exe	40
PID 1632 wrote to memory of 832	1632	chrome.exe	40
PID 832 wrote to memory of 664	832	chrome.exe	41
PID 832 wrote to memory of 664	832	chrome.exe	41
PID 832 wrote to memory of 664	832	chrome.exe	41
PID 832 wrote to memory of 664	832	chrome.exe	41
PID 664 wrote to memory of 344	664	chrome.exe	42
PID 664 wrote to memory of 344	664	chrome.exe	42
PID 664 wrote to memory of 344	664	chrome.exe	42
PID 664 wrote to memory of 344	664	chrome.exe	42
PID 344 wrote to memory of 824	344	chrome.exe	43
PID 344 wrote to memory of 824	344	chrome.exe	43
PID 344 wrote to memory of 824	344	chrome.exe	43
PID 344 wrote to memory of 824	344	chrome.exe	43
PID 824 wrote to memory of 1508	824	chrome.exe	44
PID 824 wrote to memory of 1508	824	chrome.exe	44
PID 824 wrote to memory of 1508	824	chrome.exe	44
PID 824 wrote to memory of 1508	824	chrome.exe	44

C:\Users\Admin\AppData\Local\Temp\quotation.exe
"C:\Users\Admin\AppData\Local\Temp\quotation.exe"
1⤵
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2972
- C:\Users\Admin\AppData\Local\directory\chrome.exe
  "C:\Users\Admin\AppData\Local\Temp\quotation.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2596
- - C:\Users\Admin\AppData\Local\directory\chrome.exe
    "C:\Users\Admin\AppData\Local\directory\chrome.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2600
  - - C:\Users\Admin\AppData\Local\directory\chrome.exe
      "C:\Users\Admin\AppData\Local\directory\chrome.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:2712
    - - C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2608
      - C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2536
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        8⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        9⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1164
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        10⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        11⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        12⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1632
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        13⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:832
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        14⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:664
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        15⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:344
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        16⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:824
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        17⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        18⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        19⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1528
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        20⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2000
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        21⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        22⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        23⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        24⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        25⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        26⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        27⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        28⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        29⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        30⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        31⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        32⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        33⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        34⤵
        Executes dropped EXE
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        35⤵
        Executes dropped EXE
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        36⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        37⤵
        Executes dropped EXE
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        38⤵
        Executes dropped EXE
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        39⤵
        Executes dropped EXE
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        40⤵
        Executes dropped EXE
        
        PID:1060
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        41⤵
        Executes dropped EXE
        
        PID:892
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        42⤵
        Executes dropped EXE
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        43⤵
        Executes dropped EXE
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        44⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        45⤵
        Executes dropped EXE
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        46⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        47⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:968
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        48⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        49⤵
        Executes dropped EXE
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        50⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        51⤵
        Executes dropped EXE
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        52⤵
        Executes dropped EXE
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        53⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        54⤵
        Executes dropped EXE
        
        PID:552
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        55⤵
        Executes dropped EXE
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        56⤵
        Executes dropped EXE
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        57⤵
        Executes dropped EXE
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        58⤵
        Executes dropped EXE
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        59⤵
        Executes dropped EXE
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        60⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        61⤵
        Executes dropped EXE
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        62⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        63⤵
        Executes dropped EXE
        
        PID:1364
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        64⤵
        Executes dropped EXE
        
        PID:1420
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        65⤵
        Executes dropped EXE
        
        PID:1384
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        66⤵
        
        PID:732
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        67⤵
        System Location Discovery: System Language Discovery
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        68⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        69⤵
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        70⤵
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        71⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        72⤵
        System Location Discovery: System Language Discovery
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        73⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        74⤵
        System Location Discovery: System Language Discovery
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        75⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        76⤵
        System Location Discovery: System Language Discovery
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        77⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        78⤵
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        79⤵
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        80⤵
        System Location Discovery: System Language Discovery
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        81⤵
        
        PID:1320
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        82⤵
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        83⤵
        
        PID:348
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        84⤵
        
        PID:1520
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        85⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        86⤵
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        87⤵
        
        PID:2344
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        88⤵
        
        PID:568
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        89⤵
        System Location Discovery: System Language Discovery
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        90⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        91⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        92⤵
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        93⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        94⤵
        System Location Discovery: System Language Discovery
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        95⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        96⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        97⤵
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        98⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        99⤵
        System Location Discovery: System Language Discovery
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        100⤵
        System Location Discovery: System Language Discovery
        
        PID:984
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        101⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        102⤵
        
        PID:772
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        103⤵
        System Location Discovery: System Language Discovery
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        104⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        105⤵
        System Location Discovery: System Language Discovery
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        106⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        107⤵
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        108⤵
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        109⤵
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        110⤵
        
        PID:972
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        111⤵
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        112⤵
        
        PID:408
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        113⤵
        
        PID:1312
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        114⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        115⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        116⤵
        System Location Discovery: System Language Discovery
        
        PID:1172
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        117⤵
        
        PID:856
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        118⤵
        
        PID:980
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        119⤵
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        120⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        121⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        122⤵
        
        PID:748
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        123⤵
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        124⤵
        System Location Discovery: System Language Discovery
        
        PID:1916
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        125⤵
        
        PID:1612
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        126⤵
        System Location Discovery: System Language Discovery
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        127⤵
        
        PID:2956
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        128⤵
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        129⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        130⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        131⤵
        System Location Discovery: System Language Discovery
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        132⤵
        System Location Discovery: System Language Discovery
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        133⤵
        System Location Discovery: System Language Discovery
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        134⤵
        System Location Discovery: System Language Discovery
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        135⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        136⤵
        System Location Discovery: System Language Discovery
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        137⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        138⤵
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        139⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        140⤵
        System Location Discovery: System Language Discovery
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        141⤵
        System Location Discovery: System Language Discovery
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        142⤵
        System Location Discovery: System Language Discovery
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        143⤵
        System Location Discovery: System Language Discovery
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        144⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        145⤵
        System Location Discovery: System Language Discovery
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        146⤵
        System Location Discovery: System Language Discovery
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        147⤵
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        148⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        149⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        150⤵
        System Location Discovery: System Language Discovery
        
        PID:1088
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        151⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        152⤵
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        153⤵
        
        PID:2512
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        154⤵
        System Location Discovery: System Language Discovery
        
        PID:2468
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        155⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        156⤵
        System Location Discovery: System Language Discovery
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        157⤵
        System Location Discovery: System Language Discovery
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        158⤵
        System Location Discovery: System Language Discovery
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        159⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        160⤵
        System Location Discovery: System Language Discovery
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        161⤵
        System Location Discovery: System Language Discovery
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        162⤵
        System Location Discovery: System Language Discovery
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        163⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        164⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        165⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        166⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        167⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        168⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        169⤵
        System Location Discovery: System Language Discovery
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        170⤵
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        171⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        172⤵
        System Location Discovery: System Language Discovery
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        173⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        174⤵
        
        PID:632
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        175⤵
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        176⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        177⤵
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        178⤵
        System Location Discovery: System Language Discovery
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        179⤵
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        180⤵
        System Location Discovery: System Language Discovery
        
        PID:308
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        181⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        182⤵
        System Location Discovery: System Language Discovery
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        183⤵
        System Location Discovery: System Language Discovery
        
        PID:1964
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        184⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        185⤵
        System Location Discovery: System Language Discovery
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        186⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        187⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        188⤵
        
        PID:2432
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        189⤵
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        190⤵
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        191⤵
        System Location Discovery: System Language Discovery
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        192⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        193⤵
        
        PID:2772
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        194⤵
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        195⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        196⤵
        
        PID:1728
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        197⤵
        System Location Discovery: System Language Discovery
        
        PID:1840
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        198⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        199⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        200⤵
        
        PID:2192
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        201⤵
        System Location Discovery: System Language Discovery
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        202⤵
        
        PID:2612
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        203⤵
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        204⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        205⤵
        System Location Discovery: System Language Discovery
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        206⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        207⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        208⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        209⤵
        System Location Discovery: System Language Discovery
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        210⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        211⤵
        
        PID:3440
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        212⤵
        System Location Discovery: System Language Discovery
        
        PID:3492
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        213⤵
        System Location Discovery: System Language Discovery
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        214⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        215⤵
        System Location Discovery: System Language Discovery
        
        PID:3656
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        216⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        217⤵
        
        PID:3764
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        218⤵
        
        PID:3820
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        219⤵
        
        PID:3872
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        220⤵
        
        PID:3928
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        221⤵
        System Location Discovery: System Language Discovery
        
        PID:3980
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        222⤵
        
        PID:4036
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        223⤵
        
        PID:4088
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        224⤵
        
        PID:3124

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\aut120A.tmp

Filesize
399KB

MD5
d2d44686e0bc5bd11aa72ff1a2bad604

SHA1
6dcf2641b47d274c0103b649915cf1a322b8f35c

SHA256
f28a8e2f1415306e9785e8d2893c66748f2756665382e84bdc7001e39fdc34f5

SHA512
683e3e556d4ee646126d4412425236fccafb309219d7a21a8e9bdf3924152519074b037e0a01f26cb8477a2312b61bea12f67bfc3975a7a8d6431d4b9cfa9a2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\aut121B.tmp

Filesize
42KB

MD5
fd1dd846c22094358d1bd3e1d9a78e59

SHA1
9c3311b8c9d0312a6100bb6c366ae3b3ee5a6a23

SHA256
ac0bc26c85e2a4f7c65fdeb91690dd22a3454ce9ce7da165eb0b8d860c733b0a

SHA512
6fc71b2e992a35bbb69cfec413ef5e3693bb1420e02a8b16187fc083f753347d516813ce666c36985c1ca083f26a2462bb102bed2daf51094f1ce593156ceb81

Download Submit
C:\Users\Admin\AppData\Local\Temp\bankrupture

Filesize
483KB

MD5
37b9493a4bbd84adfdec40b1be5a1613

SHA1
543bd8b58ed60ee9bc9f6b41eeec28063703c2c8

SHA256
9c2a3ba8cf516812d6aebd5f2c723b3863613dce841a805cdf40423e9ea3e26d

SHA512
81aebaea8a1b0ea51491a2b4d8111820a0aa3281783383d646f0f924eb7d79b007f97a5145cfde172beca044141a4fe15fbab7a8d9456e62625ec656fb1bbbb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\renowner

Filesize
84KB

MD5
bbed02ae545f466bc86629f4026b46e7

SHA1
3f184cf1eb77083b850fd4281662dcd3f8fbf74b

SHA256
fec372f0a7083817332ab1545a1bcb850cebcd3c3f018c25b0ec69347fbb2c4a

SHA512
33175064effcf7c0c7623f38a0a7d4ee63e7f2c506eb2beac3a7e0485fa20bbee1d9903aaf677220dc6f7f3a9ad3b4949082abf1a0f078d01904a9e96b28d27e

Download Submit
C:\Users\Admin\AppData\Local\directory\chrome.exe

Filesize
1.3MB

MD5
347e851f26cedb5a5ab9eebb2064a32b

SHA1
ed45d95c46b594eaa6c752b492bdadabe65e35f0

SHA256
3ee5a0f95d5d8da1deb9757d957b519367b4850f1716a6bf1fb1129e385a007f

SHA512
fc41e6ea9c2f1002d89f82faeb3901b130087aa8528004f1b2545c8ba620309cb84a63b20fbf08ee133e6a3386f2d8dc24b65b576f29be887a6309efcef63f8d

Download Submit
memory/2972-11-0x0000000000120000-0x0000000000124000-memory.dmp

Filesize
16KB

Download