Checks computer location settings

Looks up country code configured in the registry, likely geofence.

Deletes itself

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Infostealers often target stored browser data, which can include saved credentials etc.

Drops desktop.ini file(s)

Indicator Removal: File Deletion

Adversaries may delete files left behind by the actions of their intrusion activity.

Drops file in System32 directory

Sets desktop wallpaper using registry

Suspicious use of NtSetInformationThreadHideFromDebugger