acc6dd5f4c35d9166a134ec1e315704bb282255478bca1935e5ea742aabf4508

Analysis

max time kernel
149s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2024, 12:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HGFDSHJKK.exe
Size

1.1MB
MD5

888fc4cef29708df87d574e6e6450c85
SHA1

126dfc3c1e06c18471d6da731654dbdd4b93b383
SHA256

93947bb660def86c408b4ee049fb521e1ba3dd965000b9046bf04a5aa751d9fc
SHA512

8183cb49f0f594e1d4bc46500ab3439a0b2bbadeb5fe21cc3e584bdead0371fba0fd1d17a09c18b5721c50eb8179dc896ad32faa35ec071c9302f715a5ac9bc2
SSDEEP

24576:+qDEvCTbMWu7rQYlBQcBiT6rprG8a7aZPyneDYA3Qnb:+TvC/MTQYxsWR7a7+qeDR0

Score

7^/10

discovery

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\name.vbs	name.exe

Executes dropped EXE 64 IoCs

pid	Process
224	name.exe
4740	name.exe
856	name.exe
5076	name.exe
5116	name.exe
4756	name.exe
1560	name.exe
3200	name.exe
1076	name.exe
3404	name.exe
3004	name.exe
3812	name.exe
2984	name.exe
464	name.exe
1108	name.exe
1848	name.exe
652	name.exe
5100	name.exe
1732	name.exe
3792	name.exe
1780	name.exe
5000	name.exe
4180	name.exe
4376	name.exe
320	name.exe
1016	name.exe
4148	name.exe
228	name.exe
4764	name.exe
4576	name.exe
2428	name.exe
1820	name.exe
4364	name.exe
2052	name.exe
4608	name.exe
4660	name.exe
4708	name.exe
1932	name.exe
376	name.exe
2124	name.exe
2288	name.exe
1052	name.exe
2388	name.exe
4992	name.exe
4716	name.exe
1864	name.exe
4832	name.exe
4480	name.exe
436	name.exe
4592	name.exe
2392	name.exe
4664	name.exe
3148	name.exe
1540	name.exe
3420	name.exe
3036	name.exe
3860	name.exe
4560	name.exe
4836	name.exe
2892	name.exe
3848	name.exe
3960	name.exe
548	name.exe
796	name.exe

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral2/files/0x0002000000022b23-14.dat	autoit_exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3668	HGFDSHJKK.exe
3668	HGFDSHJKK.exe
3668	HGFDSHJKK.exe
224	name.exe
224	name.exe
4740	name.exe
4740	name.exe
856	name.exe
856	name.exe
5076	name.exe
5076	name.exe
5116	name.exe
5116	name.exe
4756	name.exe
4756	name.exe
1560	name.exe
1560	name.exe
3200	name.exe
3200	name.exe
1076	name.exe
1076	name.exe
3404	name.exe
3404	name.exe
3004	name.exe
3004	name.exe
3812	name.exe
3812	name.exe
2984	name.exe
2984	name.exe
464	name.exe
464	name.exe
1108	name.exe
1108	name.exe
1848	name.exe
1848	name.exe
652	name.exe
652	name.exe
5100	name.exe
5100	name.exe
1732	name.exe
1732	name.exe
3792	name.exe
3792	name.exe
1780	name.exe
1780	name.exe
5000	name.exe
5000	name.exe
4180	name.exe
4180	name.exe
4376	name.exe
4376	name.exe
320	name.exe
320	name.exe
1016	name.exe
1016	name.exe
4148	name.exe
4148	name.exe
228	name.exe
228	name.exe
4764	name.exe
4764	name.exe
4576	name.exe
4576	name.exe
2428	name.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3668	HGFDSHJKK.exe
3668	HGFDSHJKK.exe
3668	HGFDSHJKK.exe
224	name.exe
224	name.exe
4740	name.exe
4740	name.exe
856	name.exe
856	name.exe
5076	name.exe
5076	name.exe
5116	name.exe
5116	name.exe
4756	name.exe
4756	name.exe
1560	name.exe
1560	name.exe
3200	name.exe
3200	name.exe
1076	name.exe
1076	name.exe
3404	name.exe
3404	name.exe
3004	name.exe
3004	name.exe
3812	name.exe
3812	name.exe
2984	name.exe
2984	name.exe
464	name.exe
464	name.exe
1108	name.exe
1108	name.exe
1848	name.exe
1848	name.exe
652	name.exe
652	name.exe
5100	name.exe
5100	name.exe
1732	name.exe
1732	name.exe
3792	name.exe
3792	name.exe
1780	name.exe
1780	name.exe
5000	name.exe
5000	name.exe
4180	name.exe
4180	name.exe
4376	name.exe
4376	name.exe
320	name.exe
320	name.exe
1016	name.exe
1016	name.exe
4148	name.exe
4148	name.exe
228	name.exe
228	name.exe
4764	name.exe
4764	name.exe
4576	name.exe
4576	name.exe
2428	name.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3668 wrote to memory of 224	3668	HGFDSHJKK.exe	87
PID 3668 wrote to memory of 224	3668	HGFDSHJKK.exe	87
PID 3668 wrote to memory of 224	3668	HGFDSHJKK.exe	87
PID 224 wrote to memory of 4740	224	name.exe	90
PID 224 wrote to memory of 4740	224	name.exe	90
PID 224 wrote to memory of 4740	224	name.exe	90
PID 4740 wrote to memory of 856	4740	name.exe	93
PID 4740 wrote to memory of 856	4740	name.exe	93
PID 4740 wrote to memory of 856	4740	name.exe	93
PID 856 wrote to memory of 5076	856	name.exe	94
PID 856 wrote to memory of 5076	856	name.exe	94
PID 856 wrote to memory of 5076	856	name.exe	94
PID 5076 wrote to memory of 5116	5076	name.exe	95
PID 5076 wrote to memory of 5116	5076	name.exe	95
PID 5076 wrote to memory of 5116	5076	name.exe	95
PID 5116 wrote to memory of 4756	5116	name.exe	97
PID 5116 wrote to memory of 4756	5116	name.exe	97
PID 5116 wrote to memory of 4756	5116	name.exe	97
PID 4756 wrote to memory of 1560	4756	name.exe	98
PID 4756 wrote to memory of 1560	4756	name.exe	98
PID 4756 wrote to memory of 1560	4756	name.exe	98
PID 1560 wrote to memory of 3200	1560	name.exe	101
PID 1560 wrote to memory of 3200	1560	name.exe	101
PID 1560 wrote to memory of 3200	1560	name.exe	101
PID 3200 wrote to memory of 1076	3200	name.exe	102
PID 3200 wrote to memory of 1076	3200	name.exe	102
PID 3200 wrote to memory of 1076	3200	name.exe	102
PID 1076 wrote to memory of 3404	1076	name.exe	103
PID 1076 wrote to memory of 3404	1076	name.exe	103
PID 1076 wrote to memory of 3404	1076	name.exe	103
PID 3404 wrote to memory of 3004	3404	name.exe	104
PID 3404 wrote to memory of 3004	3404	name.exe	104
PID 3404 wrote to memory of 3004	3404	name.exe	104
PID 3004 wrote to memory of 3812	3004	name.exe	105
PID 3004 wrote to memory of 3812	3004	name.exe	105
PID 3004 wrote to memory of 3812	3004	name.exe	105
PID 3812 wrote to memory of 2984	3812	name.exe	106
PID 3812 wrote to memory of 2984	3812	name.exe	106
PID 3812 wrote to memory of 2984	3812	name.exe	106
PID 2984 wrote to memory of 464	2984	name.exe	107
PID 2984 wrote to memory of 464	2984	name.exe	107
PID 2984 wrote to memory of 464	2984	name.exe	107
PID 464 wrote to memory of 1108	464	name.exe	108
PID 464 wrote to memory of 1108	464	name.exe	108
PID 464 wrote to memory of 1108	464	name.exe	108
PID 1108 wrote to memory of 1848	1108	name.exe	109
PID 1108 wrote to memory of 1848	1108	name.exe	109
PID 1108 wrote to memory of 1848	1108	name.exe	109
PID 1848 wrote to memory of 652	1848	name.exe	110
PID 1848 wrote to memory of 652	1848	name.exe	110
PID 1848 wrote to memory of 652	1848	name.exe	110
PID 652 wrote to memory of 5100	652	name.exe	111
PID 652 wrote to memory of 5100	652	name.exe	111
PID 652 wrote to memory of 5100	652	name.exe	111
PID 5100 wrote to memory of 1732	5100	name.exe	112
PID 5100 wrote to memory of 1732	5100	name.exe	112
PID 5100 wrote to memory of 1732	5100	name.exe	112
PID 1732 wrote to memory of 3792	1732	name.exe	113
PID 1732 wrote to memory of 3792	1732	name.exe	113
PID 1732 wrote to memory of 3792	1732	name.exe	113
PID 3792 wrote to memory of 1780	3792	name.exe	114
PID 3792 wrote to memory of 1780	3792	name.exe	114
PID 3792 wrote to memory of 1780	3792	name.exe	114
PID 1780 wrote to memory of 5000	1780	name.exe	115

C:\Users\Admin\AppData\Local\Temp\HGFDSHJKK.exe
"C:\Users\Admin\AppData\Local\Temp\HGFDSHJKK.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3668
- C:\Users\Admin\AppData\Local\directory\name.exe
  "C:\Users\Admin\AppData\Local\Temp\HGFDSHJKK.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:224
- - C:\Users\Admin\AppData\Local\directory\name.exe
    "C:\Users\Admin\AppData\Local\directory\name.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:4740
  - - C:\Users\Admin\AppData\Local\directory\name.exe
      "C:\Users\Admin\AppData\Local\directory\name.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:856
    - - C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:5076
      - C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:5116
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:4756
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        8⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        9⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        10⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        11⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:3404
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        12⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        13⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:3812
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        14⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        15⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:464
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        16⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1108
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        17⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        18⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:652
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        19⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:5100
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        20⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        21⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:3792
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        22⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        23⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:5000
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        24⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:4180
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        25⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:4376
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        26⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:320
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        27⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1016
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        28⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:4148
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        29⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:228
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        30⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:4764
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        31⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:4576
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        32⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2428
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        33⤵
        Executes dropped EXE
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        34⤵
        Executes dropped EXE
        
        PID:4364
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        35⤵
        Executes dropped EXE
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        36⤵
        Executes dropped EXE
        
        PID:4608
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        37⤵
        Executes dropped EXE
        
        PID:4660
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        38⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4708
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        39⤵
        Executes dropped EXE
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        40⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:376
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        41⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2124
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        42⤵
        Executes dropped EXE
        
        PID:2288
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        43⤵
        Executes dropped EXE
        
        PID:1052
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        44⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2388
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        45⤵
        Executes dropped EXE
        
        PID:4992
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        46⤵
        Executes dropped EXE
        
        PID:4716
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        47⤵
        Executes dropped EXE
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        48⤵
        Executes dropped EXE
        
        PID:4832
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        49⤵
        Executes dropped EXE
        
        PID:4480
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        50⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:436
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        51⤵
        Executes dropped EXE
        
        PID:4592
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        52⤵
        Executes dropped EXE
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        53⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4664
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        54⤵
        Executes dropped EXE
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        55⤵
        Executes dropped EXE
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        56⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3420
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        57⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        58⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3860
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        59⤵
        Executes dropped EXE
        
        PID:4560
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        60⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4836
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        61⤵
        Executes dropped EXE
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        62⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3848
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        63⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3960
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        64⤵
        Executes dropped EXE
        
        PID:548
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        65⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:796
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        66⤵
        
        PID:5024
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        67⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        68⤵
        
        PID:1200
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        69⤵
        
        PID:2272
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        70⤵
        
        PID:452
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        71⤵
        System Location Discovery: System Language Discovery
        
        PID:4964
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        72⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        73⤵
        
        PID:212
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        74⤵
        System Location Discovery: System Language Discovery
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        75⤵
        
        PID:4340
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        76⤵
        System Location Discovery: System Language Discovery
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        77⤵
        System Location Discovery: System Language Discovery
        
        PID:5036
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        78⤵
        System Location Discovery: System Language Discovery
        
        PID:428
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        79⤵
        
        PID:4712
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        80⤵
        
        PID:4844
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        81⤵
        
        PID:4804
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        82⤵
        
        PID:3528
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        83⤵
        System Location Discovery: System Language Discovery
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        84⤵
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        85⤵
        System Location Discovery: System Language Discovery
        
        PID:3496
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        86⤵
        System Location Discovery: System Language Discovery
        
        PID:2268
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        87⤵
        
        PID:3824
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        88⤵
        
        PID:2540
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        89⤵
        System Location Discovery: System Language Discovery
        
        PID:2524
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        90⤵
        
        PID:4724
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        91⤵
        
        PID:3516
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        92⤵
        System Location Discovery: System Language Discovery
        
        PID:3944
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        93⤵
        System Location Discovery: System Language Discovery
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        94⤵
        
        PID:2244
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        95⤵
        System Location Discovery: System Language Discovery
        
        PID:4460
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        96⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        97⤵
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        98⤵
        System Location Discovery: System Language Discovery
        
        PID:4512
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        99⤵
        
        PID:4388
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        100⤵
        
        PID:4404
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        101⤵
        System Location Discovery: System Language Discovery
        
        PID:3304
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        102⤵
        System Location Discovery: System Language Discovery
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        103⤵
        
        PID:2204
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        104⤵
        System Location Discovery: System Language Discovery
        
        PID:5088
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        105⤵
        
        PID:5108
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        106⤵
        
        PID:4872
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        107⤵
        System Location Discovery: System Language Discovery
        
        PID:4972
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        108⤵
        
        PID:4304
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        109⤵
        System Location Discovery: System Language Discovery
        
        PID:3952
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        110⤵
        
        PID:400
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        111⤵
        System Location Discovery: System Language Discovery
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        112⤵
        System Location Discovery: System Language Discovery
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        113⤵
        System Location Discovery: System Language Discovery
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        114⤵
        System Location Discovery: System Language Discovery
        
        PID:924
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        115⤵
        System Location Discovery: System Language Discovery
        
        PID:432
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        116⤵
        System Location Discovery: System Language Discovery
        
        PID:4500
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        117⤵
        System Location Discovery: System Language Discovery
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        118⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        119⤵
        System Location Discovery: System Language Discovery
        
        PID:1352
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        120⤵
        System Location Discovery: System Language Discovery
        
        PID:4688
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        121⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        122⤵
        System Location Discovery: System Language Discovery
        
        PID:2780
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        123⤵
        System Location Discovery: System Language Discovery
        
        PID:1004
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        124⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        125⤵
        System Location Discovery: System Language Discovery
        
        PID:220
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        126⤵
        System Location Discovery: System Language Discovery
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        127⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        128⤵
        
        PID:3136
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        129⤵
        System Location Discovery: System Language Discovery
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        130⤵
        
        PID:4696
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        131⤵
        System Location Discovery: System Language Discovery
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        132⤵
        System Location Discovery: System Language Discovery
        
        PID:3624
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        133⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        134⤵
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        135⤵
        
        PID:3568
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        136⤵
        System Location Discovery: System Language Discovery
        
        PID:3692
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        137⤵
        System Location Discovery: System Language Discovery
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        138⤵
        System Location Discovery: System Language Discovery
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        139⤵
        System Location Discovery: System Language Discovery
        
        PID:3964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\autC3CD.tmp

Filesize
177KB

MD5
39029e80d23c6904e4af0998957f43e9

SHA1
122fe441f7eb27b2a587fffe91b784bf5ff4a558

SHA256
72606c845e565cb661b0a3230ebbb009557de9db9b2127c0011252b27a85c831

SHA512
0b0f6ab1c922c5cba2b5ab12c9119889259f213c68a503f0aeb720341ad774d12d82b1a4183c5e9bd170fac194276095782aa75ed26858bd2b554dd841021389

Download Submit
C:\Users\Admin\AppData\Local\Temp\autC3DD.tmp

Filesize
42KB

MD5
e160eae3822d7fdf1cf1e984f86695d8

SHA1
cf7f2350d53199558e5f31ee7bfb641a945650c4

SHA256
42de09015009d36f3b65a5faeda944c8a9a99dd3c94a0a042112ebe3c60469d2

SHA512
3c0d0147cd0db29b7447bd7610adfecd58223740dc678ff7210e75edfb0f2348ba098bbe76c64f997e00c5f23c7dab4c950a954bfd5b7e0d83da12977da09353

Download Submit
C:\Users\Admin\AppData\Local\Temp\endochylous

Filesize
84KB

MD5
b021fd0dc066eec9374396ec58bbda45

SHA1
1fb9d5e7916e983b8ce126879e41437a8cce1fe5

SHA256
fa69afcb55d81445303409a898662fd1d1027835dfe19801d0aa4c917f94ff12

SHA512
7f9dce15bfd30ade98f23a331feb2142744c787e762581ee269f3e9d4d489bf067cd41bf8094858cefc7688f91e25b15b6ef3dc2b2c832e538fc67c86e4ed4ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\totten

Filesize
185KB

MD5
c6dc304f3c8c50892a735b31d2f95ca1

SHA1
31a65fc1e8c6ebc094d7cf2a39dc5a01177aff35

SHA256
12098c9f2a8c56818f2df5e61363ba540552a544b6ce187958a62469de8f4d81

SHA512
bda4f12acc49e184606a72f8ca5180026406d28391eb16a1e3032ffcafa6e0727bd5c4e6b3610766efa2a7f1fa94c7ef3754ad9b36658e3fa5ec4db9c45b2b0c

Download Submit
C:\Users\Admin\AppData\Local\directory\name.exe

Filesize
1.1MB

MD5
888fc4cef29708df87d574e6e6450c85

SHA1
126dfc3c1e06c18471d6da731654dbdd4b93b383

SHA256
93947bb660def86c408b4ee049fb521e1ba3dd965000b9046bf04a5aa751d9fc

SHA512
8183cb49f0f594e1d4bc46500ab3439a0b2bbadeb5fe21cc3e584bdead0371fba0fd1d17a09c18b5721c50eb8179dc896ad32faa35ec071c9302f715a5ac9bc2

Download Submit
memory/3668-11-0x0000000003E90000-0x0000000003E94000-memory.dmp

Filesize
16KB

Download