406306efb272acd3c69ab3b1c1fadea2c41bf817ce71e5872b6ff426248207d5

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
30/08/2024, 13:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SALKI098765R400.exe
Size

1.0MB
MD5

2a2526a15732cd1f3f8859fe3f504cb9
SHA1

53f5eee1f770d79666d7421823f29ee21d8cba3e
SHA256

406306efb272acd3c69ab3b1c1fadea2c41bf817ce71e5872b6ff426248207d5
SHA512

029f573edc92908f027a46d035d0ce6b69f9ac2cd0b82dd1df75bb8ee43a02850e644217fc68d67b4a9633ed408534f7e46896afb7f337b71d9072b5140003d8
SSDEEP

24576:4iUmSB/o5d1ubcvqqJGyUyTlUJS0Xtw5amFnRn2cdB:4/mU/ohubcvqq8oUJS7agd

Score

7^/10

discovery upx

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monteverdi.vbs	Monteverdi.exe

Executes dropped EXE 64 IoCs

pid	Process
2184	Monteverdi.exe
2620	Monteverdi.exe
2548	Monteverdi.exe
2512	Monteverdi.exe
2804	Monteverdi.exe
1092	Monteverdi.exe
364	Monteverdi.exe
1072	Monteverdi.exe
1656	Monteverdi.exe
2096	Monteverdi.exe
1168	Monteverdi.exe
2216	Monteverdi.exe
832	Monteverdi.exe
1176	Monteverdi.exe
1580	Monteverdi.exe
3008	Monteverdi.exe
1944	Monteverdi.exe
2004	Monteverdi.exe
1512	Monteverdi.exe
2596	Monteverdi.exe
2724	Monteverdi.exe
2756	Monteverdi.exe
2688	Monteverdi.exe
2528	Monteverdi.exe
1324	Monteverdi.exe
1940	Monteverdi.exe
2492	Monteverdi.exe
3024	Monteverdi.exe
1076	Monteverdi.exe
2352	Monteverdi.exe
1372	Monteverdi.exe
2920	Monteverdi.exe
888	Monteverdi.exe
2848	Monteverdi.exe
1936	Monteverdi.exe
664	Monteverdi.exe
952	Monteverdi.exe
2240	Monteverdi.exe
1952	Monteverdi.exe
2896	Monteverdi.exe
1596	Monteverdi.exe
2144	Monteverdi.exe
2712	Monteverdi.exe
2676	Monteverdi.exe
2552	Monteverdi.exe
2576	Monteverdi.exe
1056	Monteverdi.exe
2764	Monteverdi.exe
1068	Monteverdi.exe
2832	Monteverdi.exe
1852	Monteverdi.exe
2152	Monteverdi.exe
2900	Monteverdi.exe
1872	Monteverdi.exe
2928	Monteverdi.exe
2248	Monteverdi.exe
1376	Monteverdi.exe
1968	Monteverdi.exe
612	Monteverdi.exe
1496	Monteverdi.exe
1636	Monteverdi.exe
1600	Monteverdi.exe
2720	Monteverdi.exe
2796	Monteverdi.exe

Loads dropped DLL 1 IoCs

pid	Process
2284	SALKI098765R400.exe

UPX packed file 64 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2284-0-0x0000000000A90000-0x0000000000CBF000-memory.dmp	upx
behavioral1/files/0x000a000000016d90-16.dat	upx
behavioral1/memory/2284-17-0x0000000000A90000-0x0000000000CBF000-memory.dmp	upx
behavioral1/memory/2184-18-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/2620-35-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/2184-36-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/2620-51-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/2548-52-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/2512-68-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/2548-67-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/2804-84-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/2512-83-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/2804-99-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/1092-114-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/364-115-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/364-129-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/1072-130-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/1072-145-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/1656-146-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/1656-161-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/2096-162-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/2096-177-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/2216-193-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/1168-192-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/2216-208-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/832-209-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/832-224-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/1580-240-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/1176-239-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/3008-256-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/1580-255-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/3008-271-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/1944-272-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/1944-286-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/2004-301-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/1512-302-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/2596-318-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/1512-316-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/2596-333-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/2724-334-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/2724-346-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/2688-359-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/2756-358-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/2528-372-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/2688-371-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/1324-385-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/2528-384-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/1324-396-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/1940-408-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/2492-409-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/2492-421-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/3024-422-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/2724-433-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/3024-435-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/1076-436-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/1076-448-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/2352-460-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/1372-461-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/1372-473-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/2920-474-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/888-487-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/2920-486-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/888-499-0x00000000012E0000-0x000000000150F000-memory.dmp	upx
behavioral1/memory/2848-511-0x00000000012E0000-0x000000000150F000-memory.dmp	upx

AutoIT Executable 64 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/memory/2284-17-0x0000000000A90000-0x0000000000CBF000-memory.dmp	autoit_exe
behavioral1/memory/2184-18-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/2184-36-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/2620-51-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/2548-52-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/2548-67-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/2804-84-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/2512-83-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/2804-99-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/1092-114-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/364-115-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/364-129-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/1072-145-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/1656-146-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/1656-161-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/2096-177-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/1168-192-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/2216-208-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/832-209-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/832-224-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/1176-239-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/1580-255-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/3008-271-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/1944-286-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/2004-301-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/1512-302-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/1512-316-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/2596-333-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/2724-334-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/2724-346-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/2688-359-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/2756-358-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/2688-371-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/1324-385-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/2528-384-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/1324-396-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/1940-408-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/2492-409-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/2492-421-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/2724-433-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/3024-435-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/1076-436-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/1076-448-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/2352-460-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/1372-473-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/2920-474-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/2920-486-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/888-499-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/2848-511-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/1936-524-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/664-537-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/952-538-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/952-549-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/2240-562-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/1952-563-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/1952-575-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/2896-587-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/1596-588-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/1596-600-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/2144-613-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/2712-614-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/2712-626-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/2676-638-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe
behavioral1/memory/2552-649-0x00000000012E0000-0x000000000150F000-memory.dmp	autoit_exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Monteverdi.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2284	SALKI098765R400.exe
2284	SALKI098765R400.exe
2184	Monteverdi.exe
2184	Monteverdi.exe
2620	Monteverdi.exe
2620	Monteverdi.exe
2548	Monteverdi.exe
2548	Monteverdi.exe
2512	Monteverdi.exe
2512	Monteverdi.exe
2804	Monteverdi.exe
2804	Monteverdi.exe
1092	Monteverdi.exe
1092	Monteverdi.exe
364	Monteverdi.exe
364	Monteverdi.exe
1072	Monteverdi.exe
1072	Monteverdi.exe
1656	Monteverdi.exe
1656	Monteverdi.exe
2096	Monteverdi.exe
2096	Monteverdi.exe
1168	Monteverdi.exe
1168	Monteverdi.exe
2216	Monteverdi.exe
2216	Monteverdi.exe
832	Monteverdi.exe
832	Monteverdi.exe
1176	Monteverdi.exe
1176	Monteverdi.exe
1580	Monteverdi.exe
1580	Monteverdi.exe
3008	Monteverdi.exe
3008	Monteverdi.exe
1944	Monteverdi.exe
1944	Monteverdi.exe
2004	Monteverdi.exe
2004	Monteverdi.exe
1512	Monteverdi.exe
1512	Monteverdi.exe
2596	Monteverdi.exe
2596	Monteverdi.exe
2724	Monteverdi.exe
2724	Monteverdi.exe
2756	Monteverdi.exe
2756	Monteverdi.exe
2688	Monteverdi.exe
2688	Monteverdi.exe
2528	Monteverdi.exe
2528	Monteverdi.exe
1324	Monteverdi.exe
1324	Monteverdi.exe
1940	Monteverdi.exe
1940	Monteverdi.exe
2492	Monteverdi.exe
2492	Monteverdi.exe
3024	Monteverdi.exe
3024	Monteverdi.exe
1076	Monteverdi.exe
1076	Monteverdi.exe
2352	Monteverdi.exe
2352	Monteverdi.exe
1372	Monteverdi.exe
1372	Monteverdi.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2284	SALKI098765R400.exe
2284	SALKI098765R400.exe
2184	Monteverdi.exe
2184	Monteverdi.exe
2620	Monteverdi.exe
2620	Monteverdi.exe
2548	Monteverdi.exe
2548	Monteverdi.exe
2512	Monteverdi.exe
2512	Monteverdi.exe
2804	Monteverdi.exe
2804	Monteverdi.exe
1092	Monteverdi.exe
1092	Monteverdi.exe
364	Monteverdi.exe
364	Monteverdi.exe
1072	Monteverdi.exe
1072	Monteverdi.exe
1656	Monteverdi.exe
1656	Monteverdi.exe
2096	Monteverdi.exe
2096	Monteverdi.exe
1168	Monteverdi.exe
1168	Monteverdi.exe
2216	Monteverdi.exe
2216	Monteverdi.exe
832	Monteverdi.exe
832	Monteverdi.exe
1176	Monteverdi.exe
1176	Monteverdi.exe
1580	Monteverdi.exe
1580	Monteverdi.exe
3008	Monteverdi.exe
3008	Monteverdi.exe
1944	Monteverdi.exe
1944	Monteverdi.exe
2004	Monteverdi.exe
2004	Monteverdi.exe
1512	Monteverdi.exe
1512	Monteverdi.exe
2596	Monteverdi.exe
2596	Monteverdi.exe
2724	Monteverdi.exe
2724	Monteverdi.exe
2756	Monteverdi.exe
2756	Monteverdi.exe
2688	Monteverdi.exe
2688	Monteverdi.exe
2528	Monteverdi.exe
2528	Monteverdi.exe
1324	Monteverdi.exe
1324	Monteverdi.exe
1940	Monteverdi.exe
1940	Monteverdi.exe
2492	Monteverdi.exe
2492	Monteverdi.exe
3024	Monteverdi.exe
3024	Monteverdi.exe
1076	Monteverdi.exe
1076	Monteverdi.exe
2352	Monteverdi.exe
2352	Monteverdi.exe
1372	Monteverdi.exe
1372	Monteverdi.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2284 wrote to memory of 2184	2284	SALKI098765R400.exe	31
PID 2284 wrote to memory of 2184	2284	SALKI098765R400.exe	31
PID 2284 wrote to memory of 2184	2284	SALKI098765R400.exe	31
PID 2284 wrote to memory of 2184	2284	SALKI098765R400.exe	31
PID 2184 wrote to memory of 2620	2184	Monteverdi.exe	32
PID 2184 wrote to memory of 2620	2184	Monteverdi.exe	32
PID 2184 wrote to memory of 2620	2184	Monteverdi.exe	32
PID 2184 wrote to memory of 2620	2184	Monteverdi.exe	32
PID 2620 wrote to memory of 2548	2620	Monteverdi.exe	33
PID 2620 wrote to memory of 2548	2620	Monteverdi.exe	33
PID 2620 wrote to memory of 2548	2620	Monteverdi.exe	33
PID 2620 wrote to memory of 2548	2620	Monteverdi.exe	33
PID 2548 wrote to memory of 2512	2548	Monteverdi.exe	34
PID 2548 wrote to memory of 2512	2548	Monteverdi.exe	34
PID 2548 wrote to memory of 2512	2548	Monteverdi.exe	34
PID 2548 wrote to memory of 2512	2548	Monteverdi.exe	34
PID 2512 wrote to memory of 2804	2512	Monteverdi.exe	35
PID 2512 wrote to memory of 2804	2512	Monteverdi.exe	35
PID 2512 wrote to memory of 2804	2512	Monteverdi.exe	35
PID 2512 wrote to memory of 2804	2512	Monteverdi.exe	35
PID 2804 wrote to memory of 1092	2804	Monteverdi.exe	36
PID 2804 wrote to memory of 1092	2804	Monteverdi.exe	36
PID 2804 wrote to memory of 1092	2804	Monteverdi.exe	36
PID 2804 wrote to memory of 1092	2804	Monteverdi.exe	36
PID 1092 wrote to memory of 364	1092	Monteverdi.exe	37
PID 1092 wrote to memory of 364	1092	Monteverdi.exe	37
PID 1092 wrote to memory of 364	1092	Monteverdi.exe	37
PID 1092 wrote to memory of 364	1092	Monteverdi.exe	37
PID 364 wrote to memory of 1072	364	Monteverdi.exe	38
PID 364 wrote to memory of 1072	364	Monteverdi.exe	38
PID 364 wrote to memory of 1072	364	Monteverdi.exe	38
PID 364 wrote to memory of 1072	364	Monteverdi.exe	38
PID 1072 wrote to memory of 1656	1072	Monteverdi.exe	39
PID 1072 wrote to memory of 1656	1072	Monteverdi.exe	39
PID 1072 wrote to memory of 1656	1072	Monteverdi.exe	39
PID 1072 wrote to memory of 1656	1072	Monteverdi.exe	39
PID 1656 wrote to memory of 2096	1656	Monteverdi.exe	40
PID 1656 wrote to memory of 2096	1656	Monteverdi.exe	40
PID 1656 wrote to memory of 2096	1656	Monteverdi.exe	40
PID 1656 wrote to memory of 2096	1656	Monteverdi.exe	40
PID 2096 wrote to memory of 1168	2096	Monteverdi.exe	41
PID 2096 wrote to memory of 1168	2096	Monteverdi.exe	41
PID 2096 wrote to memory of 1168	2096	Monteverdi.exe	41
PID 2096 wrote to memory of 1168	2096	Monteverdi.exe	41
PID 1168 wrote to memory of 2216	1168	Monteverdi.exe	42
PID 1168 wrote to memory of 2216	1168	Monteverdi.exe	42
PID 1168 wrote to memory of 2216	1168	Monteverdi.exe	42
PID 1168 wrote to memory of 2216	1168	Monteverdi.exe	42
PID 2216 wrote to memory of 832	2216	Monteverdi.exe	43
PID 2216 wrote to memory of 832	2216	Monteverdi.exe	43
PID 2216 wrote to memory of 832	2216	Monteverdi.exe	43
PID 2216 wrote to memory of 832	2216	Monteverdi.exe	43
PID 832 wrote to memory of 1176	832	Monteverdi.exe	44
PID 832 wrote to memory of 1176	832	Monteverdi.exe	44
PID 832 wrote to memory of 1176	832	Monteverdi.exe	44
PID 832 wrote to memory of 1176	832	Monteverdi.exe	44
PID 1176 wrote to memory of 1580	1176	Monteverdi.exe	45
PID 1176 wrote to memory of 1580	1176	Monteverdi.exe	45
PID 1176 wrote to memory of 1580	1176	Monteverdi.exe	45
PID 1176 wrote to memory of 1580	1176	Monteverdi.exe	45
PID 1580 wrote to memory of 3008	1580	Monteverdi.exe	46
PID 1580 wrote to memory of 3008	1580	Monteverdi.exe	46
PID 1580 wrote to memory of 3008	1580	Monteverdi.exe	46
PID 1580 wrote to memory of 3008	1580	Monteverdi.exe	46

C:\Users\Admin\AppData\Local\Temp\SALKI098765R400.exe
"C:\Users\Admin\AppData\Local\Temp\SALKI098765R400.exe"
1⤵
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2284
- C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
  "C:\Users\Admin\AppData\Local\Temp\SALKI098765R400.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2184
- - C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
    "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2620
  - - C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
      "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:2548
    - - C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2512
      - C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2804
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:364
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        9⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1072
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        10⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        11⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        12⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1168
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        13⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        14⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:832
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        15⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        16⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1580
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        17⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        18⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1944
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        19⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        20⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        21⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        22⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        23⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        24⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        25⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        26⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1324
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        27⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1940
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        28⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2492
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        29⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        30⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        31⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        32⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        33⤵
        Executes dropped EXE
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        34⤵
        Executes dropped EXE
        
        PID:888
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        35⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        36⤵
        Executes dropped EXE
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        37⤵
        Executes dropped EXE
        
        PID:664
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        38⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:952
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        39⤵
        Executes dropped EXE
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        40⤵
        Executes dropped EXE
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        41⤵
        Executes dropped EXE
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        42⤵
        Executes dropped EXE
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        43⤵
        Executes dropped EXE
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        44⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        45⤵
        Executes dropped EXE
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        46⤵
        Executes dropped EXE
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        47⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        48⤵
        Executes dropped EXE
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        49⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        50⤵
        Executes dropped EXE
        
        PID:1068
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        51⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        52⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        53⤵
        Executes dropped EXE
        
        PID:2152
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        54⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        55⤵
        Executes dropped EXE
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        56⤵
        Executes dropped EXE
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        57⤵
        Executes dropped EXE
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        58⤵
        Executes dropped EXE
        
        PID:1376
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        59⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        60⤵
        Executes dropped EXE
        
        PID:612
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        61⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        62⤵
        Executes dropped EXE
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        63⤵
        Executes dropped EXE
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        64⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        65⤵
        Executes dropped EXE
        
        PID:2796
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        66⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        67⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        68⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        69⤵
        System Location Discovery: System Language Discovery
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        70⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        71⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        72⤵
        
        PID:1624
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        73⤵
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        74⤵
        System Location Discovery: System Language Discovery
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        75⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        76⤵
        
        PID:668
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        77⤵
        System Location Discovery: System Language Discovery
        
        PID:828
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        78⤵
        System Location Discovery: System Language Discovery
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        79⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        80⤵
        
        PID:1440
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        81⤵
        
        PID:1012
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        82⤵
        System Location Discovery: System Language Discovery
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        83⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        84⤵
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        85⤵
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        86⤵
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        87⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        88⤵
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        89⤵
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        90⤵
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        91⤵
        System Location Discovery: System Language Discovery
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        92⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        93⤵
        System Location Discovery: System Language Discovery
        
        PID:2416
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        94⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        95⤵
        
        PID:2328
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        96⤵
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        97⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        98⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        99⤵
        System Location Discovery: System Language Discovery
        
        PID:3004
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        100⤵
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        101⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        102⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        103⤵
        System Location Discovery: System Language Discovery
        
        PID:2628
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        104⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        105⤵
        
        PID:2028
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        106⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        107⤵
        
        PID:2412
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        108⤵
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        109⤵
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        110⤵
        
        PID:2872
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        111⤵
        System Location Discovery: System Language Discovery
        
        PID:428
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        112⤵
        System Location Discovery: System Language Discovery
        
        PID:1808
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        113⤵
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        114⤵
        System Location Discovery: System Language Discovery
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        115⤵
        System Location Discovery: System Language Discovery
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        116⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        117⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        118⤵
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        119⤵
        
        PID:824
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        120⤵
        System Location Discovery: System Language Discovery
        
        PID:680
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        121⤵
        System Location Discovery: System Language Discovery
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        122⤵
        
        PID:1788
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        123⤵
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        124⤵
        System Location Discovery: System Language Discovery
        
        PID:800
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        125⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        126⤵
        System Location Discovery: System Language Discovery
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        127⤵
        
        PID:948
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        128⤵
        
        PID:928
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        129⤵
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        130⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        131⤵
        System Location Discovery: System Language Discovery
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        132⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        133⤵
        
        PID:1232
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        134⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        135⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        136⤵
        System Location Discovery: System Language Discovery
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        137⤵
        System Location Discovery: System Language Discovery
        
        PID:916
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        138⤵
        System Location Discovery: System Language Discovery
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        139⤵
        
        PID:1732
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        140⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        141⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        142⤵
        System Location Discovery: System Language Discovery
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        143⤵
        System Location Discovery: System Language Discovery
        
        PID:568
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        144⤵
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        145⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        146⤵
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        147⤵
        System Location Discovery: System Language Discovery
        
        PID:608
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        148⤵
        System Location Discovery: System Language Discovery
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        149⤵
        System Location Discovery: System Language Discovery
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        150⤵
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        151⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        152⤵
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        153⤵
        System Location Discovery: System Language Discovery
        
        PID:2440
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        154⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        155⤵
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        156⤵
        
        PID:1620
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        157⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        158⤵
        System Location Discovery: System Language Discovery
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        159⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        160⤵
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        161⤵
        
        PID:756
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        162⤵
        System Location Discovery: System Language Discovery
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        163⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        164⤵
        System Location Discovery: System Language Discovery
        
        PID:2944
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        165⤵
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        166⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        167⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        168⤵
        System Location Discovery: System Language Discovery
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        169⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        170⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        171⤵
        
        PID:884
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        172⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        173⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        174⤵
        
        PID:588
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        175⤵
        System Location Discovery: System Language Discovery
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        176⤵
        
        PID:2948
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        177⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        178⤵
        System Location Discovery: System Language Discovery
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        179⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        180⤵
        System Location Discovery: System Language Discovery
        
        PID:920
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        181⤵
        System Location Discovery: System Language Discovery
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        182⤵
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        183⤵
        
        PID:544
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        184⤵
        
        PID:1460
        
        C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe
        
        "C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe"
        185⤵
        System Location Discovery: System Language Discovery
        
        PID:3056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\autC9E.tmp

Filesize
397KB

MD5
a9818cdddd3427558a1b52f3a897f7d5

SHA1
8c4e0e6b5d38718775853897b5ade3dca8860bd7

SHA256
8edce98287539533d272d1b9624deff8ff5adaf11c1cc5cfe5256bf4422bb77a

SHA512
dbe1aa049950be7299549744bf035dc0731bb9626c2ee6ca02c3fccae864817affecda4189e1e9fef8be37d7486ded6da801cdeda6715f7a2694cb1c9ee3ed19

Download Submit
C:\Users\Admin\AppData\Local\Temp\autCCE.tmp

Filesize
10KB

MD5
5ab857851bb90f19cfc4a5bef68f6285

SHA1
da5ae7783350302148e567c21e1a25ff312f43f3

SHA256
d8d0dd78ace87908e973377fb0ce249ae7d84b653aa45fd2af1914516224564d

SHA512
ee007315b9a590a64598532d1e78088362eb9f441945e71006978879db03a6db2cbad08d1039793a27275548093bf3ae1adf8c1445a9d6ee7d7a31039ffdb31d

Download Submit
C:\Users\Admin\AppData\Local\Temp\jinrikisha

Filesize
56KB

MD5
1ac4c4807a3ae9f12dec195dbcca4ba3

SHA1
80151d033492e278faa55e5793d7e411ff13e4d9

SHA256
b326a2d99d2e080e45e522967715be5b72ff9be8467600078b659e80a6c56dd7

SHA512
bb94ed0e38af3dcbec24d674180be33b5691259af4a959cecc908c0260bcf6af1883c1159d13ff14bc18e79ba439613659721ffdc80b80f2034607e5aab7b40e

Download Submit
C:\Users\Admin\AppData\Local\Temp\jinrikisha

Filesize
56KB

MD5
ab1d29274213556fd265d9e44a8e2813

SHA1
902af8adb5d52a2871dc1e956162514d829be033

SHA256
9dbb2c43e92fb67336afded940c19e37de86ca86554341c9c8c94030f84f893d

SHA512
a4fe1e9adf1cd45e9843268899035b417009e3dfbb6b11bde32c04bf202a25dfdec670ed08a83dcece1a9efed590ec950dfe3a60f6395479f289e0adac207033

Download Submit
C:\Users\Admin\AppData\Local\Temp\pensum

Filesize
128KB

MD5
829a335611bd22f17ee67a2d08b29880

SHA1
d050828f9bd5cc1cf3eaa13f10453ff443849cc6

SHA256
ed06d5ead5e5fdc7f00ba6b69f0331f79f0b59294a7a78e440d37c8240c878fa

SHA512
f78d528c0009ff2511d9136a822566cf6f51f5aa1dc5801eb7c6c83565c9c0397af87b1cff1fd0b2c46448ef975ca0c426ccba7419eda95afae50cfb86950079

Download Submit
C:\Users\Admin\AppData\Local\Temp\pensum

Filesize
482KB

MD5
cf1214864ab14d2bf906b73636da3a0e

SHA1
ad71b3268d6f91395727d02ddd007e5b75cfbcc9

SHA256
5960b9ac19d8d6c016e018d72f6376e4ec87bdf440b126393bebe526b5e10dbc

SHA512
1502d6017b1523fda0526479a4481a966707bb3f8d8eb3b890079c5fd92f58d6554da59268940c2fdad0d2daeaae863e9e46549a3a1a2dcdf2184fccd7de4ba4

Download Submit
C:\Users\Admin\AppData\Local\scrolar\Monteverdi.exe

Filesize
1.0MB

MD5
2a2526a15732cd1f3f8859fe3f504cb9

SHA1
53f5eee1f770d79666d7421823f29ee21d8cba3e

SHA256
406306efb272acd3c69ab3b1c1fadea2c41bf817ce71e5872b6ff426248207d5

SHA512
029f573edc92908f027a46d035d0ce6b69f9ac2cd0b82dd1df75bb8ee43a02850e644217fc68d67b4a9633ed408534f7e46896afb7f337b71d9072b5140003d8

Download Submit
memory/364-115-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/364-129-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/612-803-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/664-525-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/664-537-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/832-209-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/832-224-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/888-487-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/888-499-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/952-549-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/952-538-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/1056-671-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/1068-693-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/1072-130-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/1072-145-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/1076-436-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/1076-448-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/1092-114-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/1168-192-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/1176-239-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/1324-385-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/1324-396-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/1372-473-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/1372-461-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/1376-781-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/1496-814-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/1512-302-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/1512-316-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/1580-240-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/1580-255-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/1596-588-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/1596-600-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/1600-836-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/1636-825-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/1656-161-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/1656-146-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/1852-715-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/1872-748-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/1936-512-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/1936-524-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/1940-408-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/1944-286-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/1944-272-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/1952-575-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/1952-563-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/1968-792-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/2004-301-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/2096-162-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/2096-177-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/2144-601-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/2144-613-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/2152-726-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/2184-18-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/2184-36-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/2216-208-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/2216-193-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/2240-562-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/2240-550-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/2248-770-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/2284-11-0x0000000000720000-0x0000000000724000-memory.dmp

Filesize
16KB

Download
memory/2284-0-0x0000000000A90000-0x0000000000CBF000-memory.dmp

Filesize
2.2MB

Download
memory/2284-17-0x0000000000A90000-0x0000000000CBF000-memory.dmp

Filesize
2.2MB

Download
memory/2352-460-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/2492-409-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/2492-421-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/2512-68-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/2512-83-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/2528-384-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/2528-372-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/2548-67-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/2548-52-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/2552-649-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/2576-660-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/2596-318-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/2596-333-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/2620-35-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/2620-51-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/2676-638-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/2688-359-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/2688-371-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/2712-626-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/2712-614-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/2720-847-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/2724-334-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/2724-433-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/2724-346-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/2756-358-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/2764-682-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/2804-84-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/2804-99-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/2832-704-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/2848-511-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/2896-587-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/2900-737-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/2920-474-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/2920-486-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/2928-759-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/3008-256-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/3008-271-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/3024-435-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download
memory/3024-422-0x00000000012E0000-0x000000000150F000-memory.dmp

Filesize
2.2MB

Download