Analysis
-
max time kernel
150s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20241007-en -
resource tags
arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system -
submitted
26-11-2024 07:34
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20241010-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20241007-en
General
-
Target
file.exe
-
Size
879KB
-
MD5
4b1e6b39e13bf7c665e4ed51f4e49411
-
SHA1
2b58537f6039444ca4920245a2854f4368c9ded5
-
SHA256
f361f5ec213b861dc4a76eb2835d70e6739321539ad216ea5dc416c1dc026528
-
SHA512
c9a1d462e724c723654cb43097fe0ad6d1219c0d39a786266343d9728c9934a22e76beba923e1ca03f28b5f1c0dc21fdc85088d4eda228b369004178764532a6
-
SSDEEP
24576:lHcxScGuA5eXL3zjNaYgMcg9L/KC3wPRku02nwYBhX:xLgAGN3ghgRlwPRv1
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation file.exe -
Executes dropped EXE 64 IoCs
pid Process 3680 IdrInit.exe 4768 IdrInit.exe 4844 IdrInit.exe 4848 IdrInit.exe 1860 IdrInit.exe 4732 IdrInit.exe 1496 IdrInit.exe 1628 IdrInit.exe 2136 IdrInit.exe 3992 IdrInit.exe 4360 IdrInit.exe 2228 IdrInit.exe 3620 IdrInit.exe 908 IdrInit.exe 2748 IdrInit.exe 3204 IdrInit.exe 3260 IdrInit.exe 5072 IdrInit.exe 1224 IdrInit.exe 1012 IdrInit.exe 3540 IdrInit.exe 2232 IdrInit.exe 4340 IdrInit.exe 1008 IdrInit.exe 1548 IdrInit.exe 3020 IdrInit.exe 2812 IdrInit.exe 1832 IdrInit.exe 1676 IdrInit.exe 2856 IdrInit.exe 5104 IdrInit.exe 4260 IdrInit.exe 4716 IdrInit.exe 3532 IdrInit.exe 1344 IdrInit.exe 2640 IdrInit.exe 1684 IdrInit.exe 4424 IdrInit.exe 4160 IdrInit.exe 628 IdrInit.exe 1236 IdrInit.exe 456 IdrInit.exe 3880 IdrInit.exe 3504 IdrInit.exe 1208 IdrInit.exe 3280 IdrInit.exe 2912 IdrInit.exe 1536 IdrInit.exe 1860 IdrInit.exe 1640 IdrInit.exe 2440 IdrInit.exe 1496 IdrInit.exe 1200 IdrInit.exe 2832 IdrInit.exe 1600 IdrInit.exe 2516 IdrInit.exe 4360 IdrInit.exe 4344 IdrInit.exe 3776 IdrInit.exe 4476 IdrInit.exe 4232 IdrInit.exe 1940 IdrInit.exe 1508 IdrInit.exe 4384 IdrInit.exe -
Loads dropped DLL 64 IoCs
pid Process 3680 IdrInit.exe 4768 IdrInit.exe 4844 IdrInit.exe 4848 IdrInit.exe 1860 IdrInit.exe 4732 IdrInit.exe 1496 IdrInit.exe 1628 IdrInit.exe 2136 IdrInit.exe 3992 IdrInit.exe 4360 IdrInit.exe 2228 IdrInit.exe 3620 IdrInit.exe 908 IdrInit.exe 2748 IdrInit.exe 3204 IdrInit.exe 3260 IdrInit.exe 5072 IdrInit.exe 1224 IdrInit.exe 1012 IdrInit.exe 3540 IdrInit.exe 2232 IdrInit.exe 4340 IdrInit.exe 1008 IdrInit.exe 1548 IdrInit.exe 3020 IdrInit.exe 2812 IdrInit.exe 1832 IdrInit.exe 1676 IdrInit.exe 2856 IdrInit.exe 5104 IdrInit.exe 4260 IdrInit.exe 4716 IdrInit.exe 3532 IdrInit.exe 1344 IdrInit.exe 2640 IdrInit.exe 1684 IdrInit.exe 4424 IdrInit.exe 4160 IdrInit.exe 628 IdrInit.exe 1236 IdrInit.exe 456 IdrInit.exe 3880 IdrInit.exe 3504 IdrInit.exe 1208 IdrInit.exe 3280 IdrInit.exe 2912 IdrInit.exe 1536 IdrInit.exe 1860 IdrInit.exe 1640 IdrInit.exe 2440 IdrInit.exe 1496 IdrInit.exe 1200 IdrInit.exe 2832 IdrInit.exe 1600 IdrInit.exe 2516 IdrInit.exe 4360 IdrInit.exe 4344 IdrInit.exe 3776 IdrInit.exe 4476 IdrInit.exe 4232 IdrInit.exe 1940 IdrInit.exe 1508 IdrInit.exe 4384 IdrInit.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IdrInit.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IdrInit.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IdrInit.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IdrInit.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IdrInit.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IdrInit.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IdrInit.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IdrInit.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IdrInit.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IdrInit.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IdrInit.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IdrInit.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IdrInit.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IdrInit.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IdrInit.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IdrInit.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IdrInit.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IdrInit.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IdrInit.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IdrInit.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IdrInit.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language IdrInit.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Process not Found -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 3680 IdrInit.exe 3680 IdrInit.exe 4768 IdrInit.exe 4768 IdrInit.exe 4844 IdrInit.exe 4844 IdrInit.exe 4848 IdrInit.exe 4848 IdrInit.exe 1860 IdrInit.exe 1860 IdrInit.exe 4732 IdrInit.exe 4732 IdrInit.exe 1496 IdrInit.exe 1496 IdrInit.exe 1628 IdrInit.exe 1628 IdrInit.exe 2136 IdrInit.exe 2136 IdrInit.exe 3992 IdrInit.exe 3992 IdrInit.exe 4360 IdrInit.exe 4360 IdrInit.exe 2228 IdrInit.exe 2228 IdrInit.exe 3620 IdrInit.exe 3620 IdrInit.exe 908 IdrInit.exe 908 IdrInit.exe 2748 IdrInit.exe 2748 IdrInit.exe 3204 IdrInit.exe 3204 IdrInit.exe 3260 IdrInit.exe 3260 IdrInit.exe 5072 IdrInit.exe 5072 IdrInit.exe 1224 IdrInit.exe 1224 IdrInit.exe 1012 IdrInit.exe 1012 IdrInit.exe 3540 IdrInit.exe 3540 IdrInit.exe 2232 IdrInit.exe 2232 IdrInit.exe 4340 IdrInit.exe 4340 IdrInit.exe 1008 IdrInit.exe 1008 IdrInit.exe 1548 IdrInit.exe 1548 IdrInit.exe 3020 IdrInit.exe 3020 IdrInit.exe 2812 IdrInit.exe 2812 IdrInit.exe 1832 IdrInit.exe 1832 IdrInit.exe 1676 IdrInit.exe 1676 IdrInit.exe 2856 IdrInit.exe 2856 IdrInit.exe 5104 IdrInit.exe 5104 IdrInit.exe 4260 IdrInit.exe 4260 IdrInit.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3880 wrote to memory of 3680 3880 file.exe 83 PID 3880 wrote to memory of 3680 3880 file.exe 83 PID 3880 wrote to memory of 3680 3880 file.exe 83 PID 3680 wrote to memory of 4768 3680 IdrInit.exe 84 PID 3680 wrote to memory of 4768 3680 IdrInit.exe 84 PID 3680 wrote to memory of 4768 3680 IdrInit.exe 84 PID 4768 wrote to memory of 4844 4768 IdrInit.exe 85 PID 4768 wrote to memory of 4844 4768 IdrInit.exe 85 PID 4768 wrote to memory of 4844 4768 IdrInit.exe 85 PID 4844 wrote to memory of 4848 4844 IdrInit.exe 86 PID 4844 wrote to memory of 4848 4844 IdrInit.exe 86 PID 4844 wrote to memory of 4848 4844 IdrInit.exe 86 PID 4848 wrote to memory of 1860 4848 IdrInit.exe 87 PID 4848 wrote to memory of 1860 4848 IdrInit.exe 87 PID 4848 wrote to memory of 1860 4848 IdrInit.exe 87 PID 1860 wrote to memory of 4732 1860 IdrInit.exe 88 PID 1860 wrote to memory of 4732 1860 IdrInit.exe 88 PID 1860 wrote to memory of 4732 1860 IdrInit.exe 88 PID 4732 wrote to memory of 1496 4732 IdrInit.exe 89 PID 4732 wrote to memory of 1496 4732 IdrInit.exe 89 PID 4732 wrote to memory of 1496 4732 IdrInit.exe 89 PID 1496 wrote to memory of 1628 1496 IdrInit.exe 90 PID 1496 wrote to memory of 1628 1496 IdrInit.exe 90 PID 1496 wrote to memory of 1628 1496 IdrInit.exe 90 PID 1628 wrote to memory of 2136 1628 IdrInit.exe 91 PID 1628 wrote to memory of 2136 1628 IdrInit.exe 91 PID 1628 wrote to memory of 2136 1628 IdrInit.exe 91 PID 2136 wrote to memory of 3992 2136 IdrInit.exe 92 PID 2136 wrote to memory of 3992 2136 IdrInit.exe 92 PID 2136 wrote to memory of 3992 2136 IdrInit.exe 92 PID 3992 wrote to memory of 4360 3992 IdrInit.exe 93 PID 3992 wrote to memory of 4360 3992 IdrInit.exe 93 PID 3992 wrote to memory of 4360 3992 IdrInit.exe 93 PID 4360 wrote to memory of 2228 4360 IdrInit.exe 96 PID 4360 wrote to memory of 2228 4360 IdrInit.exe 96 PID 4360 wrote to memory of 2228 4360 IdrInit.exe 96 PID 2228 wrote to memory of 3620 2228 IdrInit.exe 97 PID 2228 wrote to memory of 3620 2228 IdrInit.exe 97 PID 2228 wrote to memory of 3620 2228 IdrInit.exe 97 PID 3620 wrote to memory of 908 3620 IdrInit.exe 98 PID 3620 wrote to memory of 908 3620 IdrInit.exe 98 PID 3620 wrote to memory of 908 3620 IdrInit.exe 98 PID 908 wrote to memory of 2748 908 IdrInit.exe 99 PID 908 wrote to memory of 2748 908 IdrInit.exe 99 PID 908 wrote to memory of 2748 908 IdrInit.exe 99 PID 2748 wrote to memory of 3204 2748 IdrInit.exe 100 PID 2748 wrote to memory of 3204 2748 IdrInit.exe 100 PID 2748 wrote to memory of 3204 2748 IdrInit.exe 100 PID 3204 wrote to memory of 3260 3204 IdrInit.exe 101 PID 3204 wrote to memory of 3260 3204 IdrInit.exe 101 PID 3204 wrote to memory of 3260 3204 IdrInit.exe 101 PID 3260 wrote to memory of 5072 3260 IdrInit.exe 103 PID 3260 wrote to memory of 5072 3260 IdrInit.exe 103 PID 3260 wrote to memory of 5072 3260 IdrInit.exe 103 PID 5072 wrote to memory of 1224 5072 IdrInit.exe 104 PID 5072 wrote to memory of 1224 5072 IdrInit.exe 104 PID 5072 wrote to memory of 1224 5072 IdrInit.exe 104 PID 1224 wrote to memory of 1012 1224 IdrInit.exe 106 PID 1224 wrote to memory of 1012 1224 IdrInit.exe 106 PID 1224 wrote to memory of 1012 1224 IdrInit.exe 106 PID 1012 wrote to memory of 3540 1012 IdrInit.exe 107 PID 1012 wrote to memory of 3540 1012 IdrInit.exe 107 PID 1012 wrote to memory of 3540 1012 IdrInit.exe 107 PID 3540 wrote to memory of 2232 3540 IdrInit.exe 108
Processes
-
C:\Users\Admin\AppData\Local\Temp\file.exe"C:\Users\Admin\AppData\Local\Temp\file.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:3880 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe" SW_HIDE2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3680 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4768 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4844 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4848 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1860 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"7⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4732 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"8⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1496 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"9⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1628 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"10⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2136 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"11⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3992 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"12⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4360 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"13⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2228 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"14⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3620 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"15⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:908 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"16⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2748 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"17⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3204 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"18⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3260 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"19⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:5072 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"20⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1224 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"21⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1012 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"22⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3540 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"23⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2232 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"24⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4340 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"25⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:1008 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"26⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:1548 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"27⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:3020 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"28⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2812 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"29⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:1832 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"30⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:1676 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"31⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:2856 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"32⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:5104 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"33⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:4260 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"34⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4716 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"35⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:3532 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"36⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1344 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"37⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2640 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"38⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1684 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"39⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4424 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"40⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4160 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"41⤵
- Executes dropped EXE
- Loads dropped DLL
PID:628 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"42⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1236 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"43⤵
- Executes dropped EXE
- Loads dropped DLL
PID:456 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"44⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3880 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"45⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3504 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"46⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1208 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"47⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:3280 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"48⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2912 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"49⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1536 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"50⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1860 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"51⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1640 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"52⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2440 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"53⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1496 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"54⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1200 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"55⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2832 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"56⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1600 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"57⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2516 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"58⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4360 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"59⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4344 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"60⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3776 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"61⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4476 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"62⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4232 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"63⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1940 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"64⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1508 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"65⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4384 -
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"66⤵PID:2436
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"67⤵PID:1656
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"68⤵PID:1936
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"69⤵PID:1440
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"70⤵PID:3200
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"71⤵PID:1812
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"72⤵PID:2044
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"73⤵PID:4436
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"74⤵PID:4904
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"75⤵PID:2764
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"76⤵PID:4376
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"77⤵PID:3380
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"78⤵PID:4696
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"79⤵PID:1836
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"80⤵PID:4516
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"81⤵PID:680
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"82⤵PID:4608
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"83⤵PID:2988
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"84⤵PID:3656
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"85⤵PID:3044
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"86⤵PID:4320
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"87⤵PID:3316
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"88⤵PID:4824
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"89⤵PID:5012
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"90⤵PID:1556
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"91⤵PID:2104
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"92⤵PID:3212
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"93⤵PID:4832
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"94⤵PID:1868
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"95⤵PID:4228
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"96⤵PID:1580
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"97⤵PID:1928
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"98⤵PID:4732
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"99⤵PID:4224
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"100⤵PID:4788
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"101⤵PID:3016
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"102⤵PID:1368
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"103⤵PID:4884
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"104⤵PID:2516
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"105⤵PID:4360
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"106⤵PID:4344
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"107⤵PID:3776
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"108⤵PID:4388
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"109⤵PID:720
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"110⤵PID:4680
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"111⤵PID:5036
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"112⤵PID:4812
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"113⤵PID:2296
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"114⤵PID:4392
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"115⤵PID:1656
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"116⤵PID:1936
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"117⤵PID:3480
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"118⤵PID:3200
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"119⤵PID:3020
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"120⤵PID:2044
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"121⤵PID:4436
-
C:\programdata\police\IdrInit.exe"C:\programdata\police\IdrInit.exe"122⤵PID:4904
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-