dae58399dbf49ac2269a970ba541d72cf6d5944d31b17c82da8949f93bbedfa6

Analysis

max time kernel
149s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
06/09/2024, 01:49

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Purchase Order List.exe
Size

1.1MB
MD5

8dfd650a9b0f181ff321c4a3c113eb1d
SHA1

051f9054fc2cf32e5b10368aa9a1e0047bcc66dc
SHA256

eb319b569dc77160528d3ba68ece7ed3f7fad632cc318a7ea8eeda7f85b2f178
SHA512

434e615b3de280e0f6bc409263b5b04473c1e40667941f0aa2dfaa98b5b555476c77ccac42f98cc0e9b987b0c6674d2c4a100478f23d6f9871efef66051b7ef3
SSDEEP

24576:zAHnh+eWsN3skA4RV1Hom2KXMmHaoFIE9YOiR5:+h+ZkldoPK8Yao6Ig

Score

7^/10

discovery

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\name.vbs	name.exe

Executes dropped EXE 64 IoCs

pid	Process
1260	name.exe
2728	name.exe
2724	name.exe
2988	name.exe
2596	name.exe
2056	name.exe
2820	name.exe
2816	name.exe
2968	name.exe
1472	name.exe
1508	name.exe
2396	name.exe
2312	name.exe
1608	name.exe
3032	name.exe
2424	name.exe
2224	name.exe
2260	name.exe
2332	name.exe
468	name.exe
1904	name.exe
1592	name.exe
3000	name.exe
2880	name.exe
2732	name.exe
2620	name.exe
2296	name.exe
2812	name.exe
2700	name.exe
2936	name.exe
2584	name.exe
624	name.exe
2084	name.exe
948	name.exe
2132	name.exe
352	name.exe
1664	name.exe
324	name.exe
1780	name.exe
1848	name.exe
2004	name.exe
604	name.exe
3008	name.exe
1908	name.exe
1864	name.exe
1832	name.exe
2852	name.exe
2900	name.exe
2496	name.exe
2032	name.exe
2356	name.exe
2828	name.exe
2668	name.exe
1800	name.exe
980	name.exe
1512	name.exe
236	name.exe
1600	name.exe
2460	name.exe
2080	name.exe
1496	name.exe
3060	name.exe
2216	name.exe
2404	name.exe

Loads dropped DLL 1 IoCs

pid	Process
2508	Purchase Order List.exe

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/files/0x000900000001642d-14.dat	autoit_exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	name.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2508	Purchase Order List.exe
2508	Purchase Order List.exe
1260	name.exe
1260	name.exe
2728	name.exe
2728	name.exe
2724	name.exe
2724	name.exe
2988	name.exe
2988	name.exe
2596	name.exe
2596	name.exe
2056	name.exe
2056	name.exe
2820	name.exe
2820	name.exe
2816	name.exe
2816	name.exe
2968	name.exe
2968	name.exe
1472	name.exe
1472	name.exe
1508	name.exe
1508	name.exe
2396	name.exe
2396	name.exe
2312	name.exe
2312	name.exe
1608	name.exe
1608	name.exe
3032	name.exe
3032	name.exe
2424	name.exe
2424	name.exe
2224	name.exe
2224	name.exe
2260	name.exe
2260	name.exe
2332	name.exe
2332	name.exe
468	name.exe
468	name.exe
1904	name.exe
1904	name.exe
1592	name.exe
1592	name.exe
3000	name.exe
3000	name.exe
2880	name.exe
2880	name.exe
2732	name.exe
2732	name.exe
2620	name.exe
2620	name.exe
2296	name.exe
2296	name.exe
2812	name.exe
2812	name.exe
2700	name.exe
2700	name.exe
2936	name.exe
2936	name.exe
2584	name.exe
2584	name.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2508	Purchase Order List.exe
2508	Purchase Order List.exe
1260	name.exe
1260	name.exe
2728	name.exe
2728	name.exe
2724	name.exe
2724	name.exe
2988	name.exe
2988	name.exe
2596	name.exe
2596	name.exe
2056	name.exe
2056	name.exe
2820	name.exe
2820	name.exe
2816	name.exe
2816	name.exe
2968	name.exe
2968	name.exe
1472	name.exe
1472	name.exe
1508	name.exe
1508	name.exe
2396	name.exe
2396	name.exe
2312	name.exe
2312	name.exe
1608	name.exe
1608	name.exe
3032	name.exe
3032	name.exe
2424	name.exe
2424	name.exe
2224	name.exe
2224	name.exe
2260	name.exe
2260	name.exe
2332	name.exe
2332	name.exe
468	name.exe
468	name.exe
1904	name.exe
1904	name.exe
1592	name.exe
1592	name.exe
3000	name.exe
3000	name.exe
2880	name.exe
2880	name.exe
2732	name.exe
2732	name.exe
2620	name.exe
2620	name.exe
2296	name.exe
2296	name.exe
2812	name.exe
2812	name.exe
2700	name.exe
2700	name.exe
2936	name.exe
2936	name.exe
2584	name.exe
2584	name.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2508 wrote to memory of 1260	2508	Purchase Order List.exe	30
PID 2508 wrote to memory of 1260	2508	Purchase Order List.exe	30
PID 2508 wrote to memory of 1260	2508	Purchase Order List.exe	30
PID 2508 wrote to memory of 1260	2508	Purchase Order List.exe	30
PID 1260 wrote to memory of 2728	1260	name.exe	31
PID 1260 wrote to memory of 2728	1260	name.exe	31
PID 1260 wrote to memory of 2728	1260	name.exe	31
PID 1260 wrote to memory of 2728	1260	name.exe	31
PID 2728 wrote to memory of 2724	2728	name.exe	32
PID 2728 wrote to memory of 2724	2728	name.exe	32
PID 2728 wrote to memory of 2724	2728	name.exe	32
PID 2728 wrote to memory of 2724	2728	name.exe	32
PID 2724 wrote to memory of 2988	2724	name.exe	33
PID 2724 wrote to memory of 2988	2724	name.exe	33
PID 2724 wrote to memory of 2988	2724	name.exe	33
PID 2724 wrote to memory of 2988	2724	name.exe	33
PID 2988 wrote to memory of 2596	2988	name.exe	34
PID 2988 wrote to memory of 2596	2988	name.exe	34
PID 2988 wrote to memory of 2596	2988	name.exe	34
PID 2988 wrote to memory of 2596	2988	name.exe	34
PID 2596 wrote to memory of 2056	2596	name.exe	35
PID 2596 wrote to memory of 2056	2596	name.exe	35
PID 2596 wrote to memory of 2056	2596	name.exe	35
PID 2596 wrote to memory of 2056	2596	name.exe	35
PID 2056 wrote to memory of 2820	2056	name.exe	36
PID 2056 wrote to memory of 2820	2056	name.exe	36
PID 2056 wrote to memory of 2820	2056	name.exe	36
PID 2056 wrote to memory of 2820	2056	name.exe	36
PID 2820 wrote to memory of 2816	2820	name.exe	37
PID 2820 wrote to memory of 2816	2820	name.exe	37
PID 2820 wrote to memory of 2816	2820	name.exe	37
PID 2820 wrote to memory of 2816	2820	name.exe	37
PID 2816 wrote to memory of 2968	2816	name.exe	38
PID 2816 wrote to memory of 2968	2816	name.exe	38
PID 2816 wrote to memory of 2968	2816	name.exe	38
PID 2816 wrote to memory of 2968	2816	name.exe	38
PID 2968 wrote to memory of 1472	2968	name.exe	39
PID 2968 wrote to memory of 1472	2968	name.exe	39
PID 2968 wrote to memory of 1472	2968	name.exe	39
PID 2968 wrote to memory of 1472	2968	name.exe	39
PID 1472 wrote to memory of 1508	1472	name.exe	40
PID 1472 wrote to memory of 1508	1472	name.exe	40
PID 1472 wrote to memory of 1508	1472	name.exe	40
PID 1472 wrote to memory of 1508	1472	name.exe	40
PID 1508 wrote to memory of 2396	1508	name.exe	41
PID 1508 wrote to memory of 2396	1508	name.exe	41
PID 1508 wrote to memory of 2396	1508	name.exe	41
PID 1508 wrote to memory of 2396	1508	name.exe	41
PID 2396 wrote to memory of 2312	2396	name.exe	42
PID 2396 wrote to memory of 2312	2396	name.exe	42
PID 2396 wrote to memory of 2312	2396	name.exe	42
PID 2396 wrote to memory of 2312	2396	name.exe	42
PID 2312 wrote to memory of 1608	2312	name.exe	43
PID 2312 wrote to memory of 1608	2312	name.exe	43
PID 2312 wrote to memory of 1608	2312	name.exe	43
PID 2312 wrote to memory of 1608	2312	name.exe	43
PID 1608 wrote to memory of 3032	1608	name.exe	44
PID 1608 wrote to memory of 3032	1608	name.exe	44
PID 1608 wrote to memory of 3032	1608	name.exe	44
PID 1608 wrote to memory of 3032	1608	name.exe	44
PID 3032 wrote to memory of 2424	3032	name.exe	45
PID 3032 wrote to memory of 2424	3032	name.exe	45
PID 3032 wrote to memory of 2424	3032	name.exe	45
PID 3032 wrote to memory of 2424	3032	name.exe	45

C:\Users\Admin\AppData\Local\Temp\Purchase Order List.exe
"C:\Users\Admin\AppData\Local\Temp\Purchase Order List.exe"
1⤵
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2508
- C:\Users\Admin\AppData\Local\directory\name.exe
  "C:\Users\Admin\AppData\Local\Temp\Purchase Order List.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1260
- - C:\Users\Admin\AppData\Local\directory\name.exe
    "C:\Users\Admin\AppData\Local\directory\name.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2728
  - - C:\Users\Admin\AppData\Local\directory\name.exe
      "C:\Users\Admin\AppData\Local\directory\name.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:2724
    - - C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2988
      - C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2596
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2056
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        8⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2820
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        9⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        10⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        11⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        12⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1508
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        13⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2396
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        14⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2312
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        15⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        16⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:3032
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        17⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2424
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        18⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2224
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        19⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        20⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2332
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        21⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:468
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        22⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        23⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1592
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        24⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        25⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        26⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        27⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        28⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        29⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        30⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        31⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2936
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        32⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2584
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        33⤵
        Executes dropped EXE
        
        PID:624
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        34⤵
        Executes dropped EXE
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        35⤵
        Executes dropped EXE
        
        PID:948
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        36⤵
        Executes dropped EXE
        
        PID:2132
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        37⤵
        Executes dropped EXE
        
        PID:352
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        38⤵
        Executes dropped EXE
        
        PID:1664
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        39⤵
        Executes dropped EXE
        
        PID:324
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        40⤵
        Executes dropped EXE
        
        PID:1780
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        41⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        42⤵
        Executes dropped EXE
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        43⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:604
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        44⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        45⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        46⤵
        Executes dropped EXE
        
        PID:1864
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        47⤵
        Executes dropped EXE
        
        PID:1832
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        48⤵
        Executes dropped EXE
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        49⤵
        Executes dropped EXE
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        50⤵
        Executes dropped EXE
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        51⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2032
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        52⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        53⤵
        Executes dropped EXE
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        54⤵
        Executes dropped EXE
        
        PID:2668
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        55⤵
        Executes dropped EXE
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        56⤵
        Executes dropped EXE
        
        PID:980
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        57⤵
        Executes dropped EXE
        
        PID:1512
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        58⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:236
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        59⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1600
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        60⤵
        Executes dropped EXE
        
        PID:2460
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        61⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        62⤵
        Executes dropped EXE
        
        PID:1496
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        63⤵
        Executes dropped EXE
        
        PID:3060
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        64⤵
        Executes dropped EXE
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        65⤵
        Executes dropped EXE
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        66⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        67⤵
        System Location Discovery: System Language Discovery
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        68⤵
        System Location Discovery: System Language Discovery
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        69⤵
        System Location Discovery: System Language Discovery
        
        PID:2676
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        70⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        71⤵
        System Location Discovery: System Language Discovery
        
        PID:1556
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        72⤵
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        73⤵
        
        PID:268
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        74⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        75⤵
        
        PID:332
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        76⤵
        System Location Discovery: System Language Discovery
        
        PID:448
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        77⤵
        
        PID:956
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        78⤵
        System Location Discovery: System Language Discovery
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        79⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        80⤵
        System Location Discovery: System Language Discovery
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        81⤵
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        82⤵
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        83⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        84⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        85⤵
        System Location Discovery: System Language Discovery
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        86⤵
        System Location Discovery: System Language Discovery
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        87⤵
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        88⤵
        System Location Discovery: System Language Discovery
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        89⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        90⤵
        
        PID:1432
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        91⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        92⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        93⤵
        System Location Discovery: System Language Discovery
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        94⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        95⤵
        System Location Discovery: System Language Discovery
        
        PID:1756
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        96⤵
        
        PID:880
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        97⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        98⤵
        
        PID:2008
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        99⤵
        System Location Discovery: System Language Discovery
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        100⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        101⤵
        
        PID:1568
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        102⤵
        System Location Discovery: System Language Discovery
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        103⤵
        
        PID:2128
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        104⤵
        
        PID:2060
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        105⤵
        
        PID:1932
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        106⤵
        
        PID:1468
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        107⤵
        
        PID:1760
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        108⤵
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        109⤵
        
        PID:3024
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        110⤵
        
        PID:992
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        111⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        112⤵
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        113⤵
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        114⤵
        
        PID:2832
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        115⤵
        System Location Discovery: System Language Discovery
        
        PID:2320
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        116⤵
        
        PID:2292
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        117⤵
        
        PID:700
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        118⤵
        System Location Discovery: System Language Discovery
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        119⤵
        System Location Discovery: System Language Discovery
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        120⤵
        
        PID:2464
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        121⤵
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        122⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        123⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        124⤵
        System Location Discovery: System Language Discovery
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        125⤵
        
        PID:1744
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        126⤵
        System Location Discovery: System Language Discovery
        
        PID:1844
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        127⤵
        System Location Discovery: System Language Discovery
        
        PID:1416
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        128⤵
        
        PID:1404
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        129⤵
        
        PID:1240
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        130⤵
        
        PID:2680
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        131⤵
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        132⤵
        System Location Discovery: System Language Discovery
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        133⤵
        System Location Discovery: System Language Discovery
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        134⤵
        System Location Discovery: System Language Discovery
        
        PID:648
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        135⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        136⤵
        
        PID:924
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        137⤵
        System Location Discovery: System Language Discovery
        
        PID:1484
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        138⤵
        
        PID:1676
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        139⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        140⤵
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        141⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        142⤵
        System Location Discovery: System Language Discovery
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        143⤵
        System Location Discovery: System Language Discovery
        
        PID:2652
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        144⤵
        
        PID:828
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        145⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        146⤵
        
        PID:2980
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        147⤵
        
        PID:1784
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        148⤵
        
        PID:1644
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        149⤵
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        150⤵
        
        PID:2908
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        151⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        152⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        153⤵
        System Location Discovery: System Language Discovery
        
        PID:936
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        154⤵
        
        PID:1328
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        155⤵
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        156⤵
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        157⤵
        
        PID:2840
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        158⤵
        
        PID:1176
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        159⤵
        
        PID:2064
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        160⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        161⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        162⤵
        System Location Discovery: System Language Discovery
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        163⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        164⤵
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        165⤵
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        166⤵
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        167⤵
        
        PID:2016
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        168⤵
        System Location Discovery: System Language Discovery
        
        PID:1996
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        169⤵
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        170⤵
        System Location Discovery: System Language Discovery
        
        PID:2400
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        171⤵
        System Location Discovery: System Language Discovery
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        172⤵
        
        PID:1892
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        173⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        174⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        175⤵
        
        PID:1584
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        176⤵
        System Location Discovery: System Language Discovery
        
        PID:1672
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        177⤵
        
        PID:1680
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        178⤵
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        179⤵
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        180⤵
        
        PID:2120
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        181⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        182⤵
        
        PID:1076
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        183⤵
        System Location Discovery: System Language Discovery
        
        PID:1828
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        184⤵
        
        PID:1476
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        185⤵
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        186⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        187⤵
        System Location Discovery: System Language Discovery
        
        PID:920
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        188⤵
        
        PID:2116
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        189⤵
        
        PID:896
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        190⤵
        
        PID:1208
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        191⤵
        
        PID:2920
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        192⤵
        System Location Discovery: System Language Discovery
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        193⤵
        System Location Discovery: System Language Discovery
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        194⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        195⤵
        System Location Discovery: System Language Discovery
        
        PID:3208
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        196⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        197⤵
        
        PID:3332
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        198⤵
        System Location Discovery: System Language Discovery
        
        PID:3388
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        199⤵
        
        PID:3448
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        200⤵
        System Location Discovery: System Language Discovery
        
        PID:3504
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        201⤵
        System Location Discovery: System Language Discovery
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        202⤵
        
        PID:3620
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        203⤵
        
        PID:3680
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        204⤵
        
        PID:3736
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        205⤵
        System Location Discovery: System Language Discovery
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        206⤵
        
        PID:3852
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        207⤵
        System Location Discovery: System Language Discovery
        
        PID:3912
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        208⤵
        
        PID:3968
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        209⤵
        System Location Discovery: System Language Discovery
        
        PID:4028
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        210⤵
        System Location Discovery: System Language Discovery
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        211⤵
        
        PID:2672
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        212⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        213⤵
        System Location Discovery: System Language Discovery
        
        PID:3224
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        214⤵
        System Location Discovery: System Language Discovery
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        215⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        216⤵
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        217⤵
        
        PID:3500
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        218⤵
        
        PID:3576
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        219⤵
        
        PID:3644
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        220⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        221⤵
        System Location Discovery: System Language Discovery
        
        PID:3768
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        222⤵
        
        PID:3840
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        223⤵
        
        PID:3900
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        224⤵
        System Location Discovery: System Language Discovery
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        225⤵
        
        PID:4044
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        226⤵
        
        PID:1640
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        227⤵
        
        PID:3124
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        228⤵
        
        PID:3196
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        229⤵
        
        PID:3284
        
        C:\Users\Admin\AppData\Local\directory\name.exe
        
        "C:\Users\Admin\AppData\Local\directory\name.exe"
        230⤵
        
        PID:3376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Hymenophyllaceae

Filesize
281KB

MD5
94556bc2a7996d3a35263c3ebba22aa4

SHA1
0b1dc6d4847f2621a4a45bd0f58a972bb321e13d

SHA256
e1fdae9dcf10b536f44f53904f4c9325bbf348a259bc3d3798324700deefa823

SHA512
26eacc90e5a58d386fdc6b50a7ac2618c41aa32e906d40b35c3b97ad0b5ba326e4d81e88613132c5d03af63213ebbd065e20d6496bf5acccd0e6b6c2b1b7eed9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Hymenophyllaceae

Filesize
281KB

MD5
89a32262b268a7ea9dd102a6da59ab26

SHA1
0b31048b3d9694e75d301271aab0107614e66115

SHA256
14070033fba53f606a548b894e0e3b0e5b24db547f6a1a470250cdead1309dd8

SHA512
b1e79c2a8bdff3555be5147d418655cf0cde264eaee1a9dda1a3068016eed9e4d4b22224314f42c63983dc76c9f79001e7af616d4fc8d19929bf96820fa8209d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Hymenophyllaceae

Filesize
281KB

MD5
b359413d8eedc594c546c29418362005

SHA1
20180a55551cd77b90d21912d5cd96ff68d608b9

SHA256
0a9fcc290e4c2823c29c220acb59c955b6ea15fa6fd6f9a338a2f0900995f42c

SHA512
b9b843096c8fd08f813c528bc379f47fd75b8b3ded181e7e5c3815570bcb6d05781b13c6dc87666c30bdedf473650171039d6c1c489c8f0742267e94b85720c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Hymenophyllaceae

Filesize
281KB

MD5
99a14f72dfc8404ed8e249a714714b49

SHA1
556824a8788e47b4de58d4f6b5f553e780920243

SHA256
29d3626d99379cb504fc679d02e033f9d2b623dbe00e65715311faa9100ab3ff

SHA512
72c829938bac2972f72865d280b22fc071079ddad314acc4e16258cc5299baaeaa7221f6587d62ab0f77454178e2aba779e5c636efda6ac3540117abb4dd2d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\Hymenophyllaceae

Filesize
281KB

MD5
070629179372cf6e58563a9fc9a0420a

SHA1
b8dc7414df21926c8c842611dbc95f18e2c3058b

SHA256
5b15c0300c6ab9f326cf93e619eaa4b4ef16f021d7595b75adbfa1e000396071

SHA512
5ac54e42634d74711309b4ce2ab894872d94d17f3bcceb2c81362ed1c883ebb953ac3486656a2dbf74d303c10dcf846b78c6e8d83ecd3551ab131501fec38482

Download Submit
C:\Users\Admin\AppData\Local\Temp\aut8BEC.tmp

Filesize
16KB

MD5
4d21bd17eec07362270ed9dcd5ccf6ba

SHA1
ed35a12ac43280005716fae8a37c41b0c5f4bdb8

SHA256
3c8c2826d6a10c861982b41930552355f3dac718a031062a9d1fc9a6f3a35691

SHA512
a4a6d17186e9fcf8a15fae61fc50f5a8fb898d174d13b8f76b5bed026fd7b9ae7daec234b42ed3cd6832bbc14de9725e68c2d5c47ca1596835c2350c9e3c8504

Download Submit
C:\Users\Admin\AppData\Local\Temp\directiveness

Filesize
252KB

MD5
bc94da22c476fd1049c025f3714754db

SHA1
0461cf514049be3cc7f3db1c662faa2f9d5a0124

SHA256
6d4f21254005179a7e8bb6a917bbc693b9d7f4651a75f8a0013f05f69b4e0759

SHA512
267ce32feb9e67e32526c218fb67bad2098547c0a213a37f78e76299b0c4ac48bc598a65363d411cc0024ac0ce75833ca015da9efc578f75ea0100ee71836c99

Download Submit
\Users\Admin\AppData\Local\directory\name.exe

Filesize
1.1MB

MD5
8dfd650a9b0f181ff321c4a3c113eb1d

SHA1
051f9054fc2cf32e5b10368aa9a1e0047bcc66dc

SHA256
eb319b569dc77160528d3ba68ece7ed3f7fad632cc318a7ea8eeda7f85b2f178

SHA512
434e615b3de280e0f6bc409263b5b04473c1e40667941f0aa2dfaa98b5b555476c77ccac42f98cc0e9b987b0c6674d2c4a100478f23d6f9871efef66051b7ef3

Download Submit
memory/2508-12-0x0000000000A30000-0x0000000000A34000-memory.dmp

Filesize
16KB

Download