35afd6971fb23d04f2bf72d505cb4bcd956c7b97ba002495a071fb94686969e7

Analysis

max time kernel
149s
max time network
121s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
04-02-2025 08:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

new.exe
Size

1.4MB
MD5

9549b9ff42af2fdd1943a1cb5e41baff
SHA1

bf30c30071ea553e0bc2a01aa2ebad1d2cef8868
SHA256

f0890236561509ebdba4da6afbd92c6684a454c80edecba802f7e72cdfa6db6b
SHA512

1ce8671893d354b5ec340ef03ad5583216e1d1a6191442fd5368a353d2515810afdb5dee2f29801e018de6736c0667fee6ec1961e7af04b3e6ab66346c30aaca
SSDEEP

24576:KqDEvCTbMWu7rQYlBQcBiT6rprG8aLxnmUItiv3cXziE1ToL8X/6P:KTvC/MTQYxsWR7aLxnmUj/Oz72Av

Score

7^/10

discovery

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrome.vbs	chrome.exe

Executes dropped EXE 64 IoCs

pid	Process
2920	chrome.exe
2636	chrome.exe
2640	chrome.exe
2124	chrome.exe
2844	chrome.exe
1972	chrome.exe
2072	chrome.exe
1560	chrome.exe
2504	chrome.exe
1036	chrome.exe
1652	chrome.exe
2756	chrome.exe
2168	chrome.exe
1032	chrome.exe
2880	chrome.exe
1192	chrome.exe
880	chrome.exe
2136	chrome.exe
2992	chrome.exe
2368	chrome.exe
1636	chrome.exe
2972	chrome.exe
2284	chrome.exe
1896	chrome.exe
2052	chrome.exe
2792	chrome.exe
2932	chrome.exe
2580	chrome.exe
2608	chrome.exe
1524	chrome.exe
344	chrome.exe
2308	chrome.exe
1716	chrome.exe
2040	chrome.exe
1852	chrome.exe
1928	chrome.exe
2364	chrome.exe
296	chrome.exe
704	chrome.exe
1124	chrome.exe
2200	chrome.exe
2024	chrome.exe
752	chrome.exe
3000	chrome.exe
2384	chrome.exe
3064	chrome.exe
1628	chrome.exe
2300	chrome.exe
2724	chrome.exe
2836	chrome.exe
2664	chrome.exe
772	chrome.exe
2604	chrome.exe
1452	chrome.exe
2036	chrome.exe
2592	chrome.exe
1212	chrome.exe
2736	chrome.exe
2356	chrome.exe
2912	chrome.exe
804	chrome.exe
584	chrome.exe
1984	chrome.exe
1764	chrome.exe

Loads dropped DLL 1 IoCs

pid	Process
1992	new.exe

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/files/0x0007000000016d68-13.dat	autoit_exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1992	new.exe
1992	new.exe
2920	chrome.exe
2920	chrome.exe
2636	chrome.exe
2636	chrome.exe
2640	chrome.exe
2640	chrome.exe
2124	chrome.exe
2124	chrome.exe
2844	chrome.exe
2844	chrome.exe
1972	chrome.exe
1972	chrome.exe
2072	chrome.exe
2072	chrome.exe
1560	chrome.exe
1560	chrome.exe
2504	chrome.exe
2504	chrome.exe
1036	chrome.exe
1036	chrome.exe
1652	chrome.exe
1652	chrome.exe
2756	chrome.exe
2756	chrome.exe
2168	chrome.exe
2168	chrome.exe
1032	chrome.exe
1032	chrome.exe
2880	chrome.exe
2880	chrome.exe
1192	chrome.exe
1192	chrome.exe
880	chrome.exe
880	chrome.exe
2136	chrome.exe
2136	chrome.exe
2992	chrome.exe
2992	chrome.exe
2368	chrome.exe
2368	chrome.exe
1636	chrome.exe
1636	chrome.exe
2972	chrome.exe
2972	chrome.exe
2284	chrome.exe
2284	chrome.exe
1896	chrome.exe
1896	chrome.exe
2052	chrome.exe
2052	chrome.exe
2792	chrome.exe
2792	chrome.exe
2932	chrome.exe
2932	chrome.exe
2580	chrome.exe
2580	chrome.exe
2608	chrome.exe
2608	chrome.exe
1524	chrome.exe
1524	chrome.exe
344	chrome.exe
344	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1992	new.exe
1992	new.exe
2920	chrome.exe
2920	chrome.exe
2636	chrome.exe
2636	chrome.exe
2640	chrome.exe
2640	chrome.exe
2124	chrome.exe
2124	chrome.exe
2844	chrome.exe
2844	chrome.exe
1972	chrome.exe
1972	chrome.exe
2072	chrome.exe
2072	chrome.exe
1560	chrome.exe
1560	chrome.exe
2504	chrome.exe
2504	chrome.exe
1036	chrome.exe
1036	chrome.exe
1652	chrome.exe
1652	chrome.exe
2756	chrome.exe
2756	chrome.exe
2168	chrome.exe
2168	chrome.exe
1032	chrome.exe
1032	chrome.exe
2880	chrome.exe
2880	chrome.exe
1192	chrome.exe
1192	chrome.exe
880	chrome.exe
880	chrome.exe
2136	chrome.exe
2136	chrome.exe
2992	chrome.exe
2992	chrome.exe
2368	chrome.exe
2368	chrome.exe
1636	chrome.exe
1636	chrome.exe
2972	chrome.exe
2972	chrome.exe
2284	chrome.exe
2284	chrome.exe
1896	chrome.exe
1896	chrome.exe
2052	chrome.exe
2052	chrome.exe
2792	chrome.exe
2792	chrome.exe
2932	chrome.exe
2932	chrome.exe
2580	chrome.exe
2580	chrome.exe
2608	chrome.exe
2608	chrome.exe
1524	chrome.exe
1524	chrome.exe
344	chrome.exe
344	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 2920	1992	new.exe	31
PID 1992 wrote to memory of 2920	1992	new.exe	31
PID 1992 wrote to memory of 2920	1992	new.exe	31
PID 1992 wrote to memory of 2920	1992	new.exe	31
PID 2920 wrote to memory of 2636	2920	chrome.exe	32
PID 2920 wrote to memory of 2636	2920	chrome.exe	32
PID 2920 wrote to memory of 2636	2920	chrome.exe	32
PID 2920 wrote to memory of 2636	2920	chrome.exe	32
PID 2636 wrote to memory of 2640	2636	chrome.exe	33
PID 2636 wrote to memory of 2640	2636	chrome.exe	33
PID 2636 wrote to memory of 2640	2636	chrome.exe	33
PID 2636 wrote to memory of 2640	2636	chrome.exe	33
PID 2640 wrote to memory of 2124	2640	chrome.exe	34
PID 2640 wrote to memory of 2124	2640	chrome.exe	34
PID 2640 wrote to memory of 2124	2640	chrome.exe	34
PID 2640 wrote to memory of 2124	2640	chrome.exe	34
PID 2124 wrote to memory of 2844	2124	chrome.exe	35
PID 2124 wrote to memory of 2844	2124	chrome.exe	35
PID 2124 wrote to memory of 2844	2124	chrome.exe	35
PID 2124 wrote to memory of 2844	2124	chrome.exe	35
PID 2844 wrote to memory of 1972	2844	chrome.exe	36
PID 2844 wrote to memory of 1972	2844	chrome.exe	36
PID 2844 wrote to memory of 1972	2844	chrome.exe	36
PID 2844 wrote to memory of 1972	2844	chrome.exe	36
PID 1972 wrote to memory of 2072	1972	chrome.exe	37
PID 1972 wrote to memory of 2072	1972	chrome.exe	37
PID 1972 wrote to memory of 2072	1972	chrome.exe	37
PID 1972 wrote to memory of 2072	1972	chrome.exe	37
PID 2072 wrote to memory of 1560	2072	chrome.exe	38
PID 2072 wrote to memory of 1560	2072	chrome.exe	38
PID 2072 wrote to memory of 1560	2072	chrome.exe	38
PID 2072 wrote to memory of 1560	2072	chrome.exe	38
PID 1560 wrote to memory of 2504	1560	chrome.exe	39
PID 1560 wrote to memory of 2504	1560	chrome.exe	39
PID 1560 wrote to memory of 2504	1560	chrome.exe	39
PID 1560 wrote to memory of 2504	1560	chrome.exe	39
PID 2504 wrote to memory of 1036	2504	chrome.exe	40
PID 2504 wrote to memory of 1036	2504	chrome.exe	40
PID 2504 wrote to memory of 1036	2504	chrome.exe	40
PID 2504 wrote to memory of 1036	2504	chrome.exe	40
PID 1036 wrote to memory of 1652	1036	chrome.exe	41
PID 1036 wrote to memory of 1652	1036	chrome.exe	41
PID 1036 wrote to memory of 1652	1036	chrome.exe	41
PID 1036 wrote to memory of 1652	1036	chrome.exe	41
PID 1652 wrote to memory of 2756	1652	chrome.exe	42
PID 1652 wrote to memory of 2756	1652	chrome.exe	42
PID 1652 wrote to memory of 2756	1652	chrome.exe	42
PID 1652 wrote to memory of 2756	1652	chrome.exe	42
PID 2756 wrote to memory of 2168	2756	chrome.exe	43
PID 2756 wrote to memory of 2168	2756	chrome.exe	43
PID 2756 wrote to memory of 2168	2756	chrome.exe	43
PID 2756 wrote to memory of 2168	2756	chrome.exe	43
PID 2168 wrote to memory of 1032	2168	chrome.exe	44
PID 2168 wrote to memory of 1032	2168	chrome.exe	44
PID 2168 wrote to memory of 1032	2168	chrome.exe	44
PID 2168 wrote to memory of 1032	2168	chrome.exe	44
PID 1032 wrote to memory of 2880	1032	chrome.exe	45
PID 1032 wrote to memory of 2880	1032	chrome.exe	45
PID 1032 wrote to memory of 2880	1032	chrome.exe	45
PID 1032 wrote to memory of 2880	1032	chrome.exe	45
PID 2880 wrote to memory of 1192	2880	chrome.exe	46
PID 2880 wrote to memory of 1192	2880	chrome.exe	46
PID 2880 wrote to memory of 1192	2880	chrome.exe	46
PID 2880 wrote to memory of 1192	2880	chrome.exe	46

C:\Users\Admin\AppData\Local\Temp\new.exe
"C:\Users\Admin\AppData\Local\Temp\new.exe"
1⤵
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Users\Admin\AppData\Local\directory\chrome.exe
  "C:\Users\Admin\AppData\Local\Temp\new.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2920
- - C:\Users\Admin\AppData\Local\directory\chrome.exe
    "C:\Users\Admin\AppData\Local\directory\chrome.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2636
  - - C:\Users\Admin\AppData\Local\directory\chrome.exe
      "C:\Users\Admin\AppData\Local\directory\chrome.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:2640
    - - C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2124
      - C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1972
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        9⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1560
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        10⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2504
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        11⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1036
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        12⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1652
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        13⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        14⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2168
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        15⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        16⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2880
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        17⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1192
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        18⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:880
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        19⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2136
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        20⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        21⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2368
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        22⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        23⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        24⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2284
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        25⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1896
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        26⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2052
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        27⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        28⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2932
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        29⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2580
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        30⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        31⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1524
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        32⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:344
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        33⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2308
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        34⤵
        Executes dropped EXE
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        35⤵
        Executes dropped EXE
        
        PID:2040
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        36⤵
        Executes dropped EXE
        
        PID:1852
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        37⤵
        Executes dropped EXE
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        38⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        39⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:296
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        40⤵
        Executes dropped EXE
        
        PID:704
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        41⤵
        Executes dropped EXE
        
        PID:1124
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        42⤵
        Executes dropped EXE
        
        PID:2200
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        43⤵
        Executes dropped EXE
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        44⤵
        Executes dropped EXE
        
        PID:752
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        45⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3000
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        46⤵
        Executes dropped EXE
        
        PID:2384
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        47⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        48⤵
        Executes dropped EXE
        
        PID:1628
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        49⤵
        Executes dropped EXE
        
        PID:2300
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        50⤵
        Executes dropped EXE
        
        PID:2724
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        51⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2836
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        52⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        53⤵
        Executes dropped EXE
        
        PID:772
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        54⤵
        Executes dropped EXE
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        55⤵
        Executes dropped EXE
        
        PID:1452
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        56⤵
        Executes dropped EXE
        
        PID:2036
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        57⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        58⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1212
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        59⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        60⤵
        Executes dropped EXE
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        61⤵
        Executes dropped EXE
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        62⤵
        Executes dropped EXE
        
        PID:804
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        63⤵
        Executes dropped EXE
        
        PID:584
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        64⤵
        Executes dropped EXE
        
        PID:1984
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        65⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        66⤵
        System Location Discovery: System Language Discovery
        
        PID:304
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        67⤵
        System Location Discovery: System Language Discovery
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        68⤵
        System Location Discovery: System Language Discovery
        
        PID:2184
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        69⤵
        System Location Discovery: System Language Discovery
        
        PID:1956
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        70⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        71⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        72⤵
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        73⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        74⤵
        
        PID:2532
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        75⤵
        System Location Discovery: System Language Discovery
        
        PID:1936
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        76⤵
        System Location Discovery: System Language Discovery
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        77⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        78⤵
        System Location Discovery: System Language Discovery
        
        PID:784
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        79⤵
        
        PID:2876
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        80⤵
        
        PID:2112
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        81⤵
        
        PID:552
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        82⤵
        
        PID:1280
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        83⤵
        
        PID:904
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        84⤵
        
        PID:1880
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        85⤵
        
        PID:2776
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        86⤵
        System Location Discovery: System Language Discovery
        
        PID:1720
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        87⤵
        
        PID:1740
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        88⤵
        
        PID:1884
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        89⤵
        System Location Discovery: System Language Discovery
        
        PID:2864
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        90⤵
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        91⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        92⤵
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        93⤵
        
        PID:1156
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        94⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        95⤵
        
        PID:844
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        96⤵
        
        PID:2768
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        97⤵
        
        PID:1236
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        98⤵
        
        PID:2160
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        99⤵
        
        PID:916
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        100⤵
        
        PID:1772
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        101⤵
        System Location Discovery: System Language Discovery
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        102⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        103⤵
        System Location Discovery: System Language Discovery
        
        PID:1684
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        104⤵
        System Location Discovery: System Language Discovery
        
        PID:1920
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        105⤵
        System Location Discovery: System Language Discovery
        
        PID:1188
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        106⤵
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        107⤵
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        108⤵
        
        PID:836
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        109⤵
        
        PID:1596
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        110⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        111⤵
        
        PID:2712
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        112⤵
        System Location Discovery: System Language Discovery
        
        PID:3012
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        113⤵
        
        PID:2172
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        114⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        115⤵
        System Location Discovery: System Language Discovery
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        116⤵
        System Location Discovery: System Language Discovery
        
        PID:1344
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        117⤵
        
        PID:564
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        118⤵
        
        PID:1552
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        119⤵
        
        PID:2252
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        120⤵
        
        PID:3040
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        121⤵
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        122⤵
        
        PID:3028
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        123⤵
        System Location Discovery: System Language Discovery
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        124⤵
        
        PID:2096
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        125⤵
        
        PID:1648
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        126⤵
        System Location Discovery: System Language Discovery
        
        PID:1084
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        127⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        128⤵
        
        PID:1800
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        129⤵
        
        PID:840
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        130⤵
        
        PID:2720
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        131⤵
        
        PID:1688
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        132⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        133⤵
        System Location Discovery: System Language Discovery
        
        PID:492
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        134⤵
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        135⤵
        
        PID:2732
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        136⤵
        
        PID:1272
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        137⤵
        
        PID:2164
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        138⤵
        
        PID:444
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        139⤵
        
        PID:852
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        140⤵
        System Location Discovery: System Language Discovery
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        141⤵
        System Location Discovery: System Language Discovery
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        142⤵
        System Location Discovery: System Language Discovery
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        143⤵
        
        PID:2528
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        144⤵
        
        PID:1708
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        145⤵
        
        PID:464
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        146⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        147⤵
        System Location Discovery: System Language Discovery
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        148⤵
        
        PID:2180
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        149⤵
        
        PID:2436
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        150⤵
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        151⤵
        System Location Discovery: System Language Discovery
        
        PID:2588
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        152⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        153⤵
        System Location Discovery: System Language Discovery
        
        PID:676
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        154⤵
        
        PID:2196
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        155⤵
        
        PID:1792
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        156⤵
        System Location Discovery: System Language Discovery
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        157⤵
        
        PID:2812
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        158⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        159⤵
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        160⤵
        
        PID:2516
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        161⤵
        
        PID:1876
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        162⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        163⤵
        System Location Discovery: System Language Discovery
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        164⤵
        System Location Discovery: System Language Discovery
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        165⤵
        
        PID:2644
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        166⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        167⤵
        System Location Discovery: System Language Discovery
        
        PID:1316
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        168⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        169⤵
        
        PID:3008
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        170⤵
        System Location Discovery: System Language Discovery
        
        PID:2092
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        171⤵
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        172⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        173⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        174⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        175⤵
        
        PID:1980
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        176⤵
        
        PID:2144
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        177⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        178⤵
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        179⤵
        
        PID:2076
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        180⤵
        
        PID:1472
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        181⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        182⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        183⤵
        
        PID:2984
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        184⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        185⤵
        
        PID:1100
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        186⤵
        System Location Discovery: System Language Discovery
        
        PID:2692
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        187⤵
        System Location Discovery: System Language Discovery
        
        PID:264
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        188⤵
        System Location Discovery: System Language Discovery
        
        PID:1268
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        189⤵
        System Location Discovery: System Language Discovery
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        190⤵
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        191⤵
        
        PID:2656
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        192⤵
        System Location Discovery: System Language Discovery
        
        PID:648
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        193⤵
        
        PID:2976
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        194⤵
        System Location Discovery: System Language Discovery
        
        PID:2380
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        195⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        196⤵
        System Location Discovery: System Language Discovery
        
        PID:1724
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        197⤵
        
        PID:1704
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        198⤵
        System Location Discovery: System Language Discovery
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        199⤵
        System Location Discovery: System Language Discovery
        
        PID:3108
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        200⤵
        
        PID:3160
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        201⤵
        
        PID:3216
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        202⤵
        
        PID:3268
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        203⤵
        
        PID:3324
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        204⤵
        
        PID:3376
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        205⤵
        
        PID:3432
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        206⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        207⤵
        
        PID:3540
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        208⤵
        
        PID:3596
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        209⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        210⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        211⤵
        System Location Discovery: System Language Discovery
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        212⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        213⤵
        
        PID:3868
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        214⤵
        System Location Discovery: System Language Discovery
        
        PID:3924
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        215⤵
        
        PID:3976
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        216⤵
        
        PID:4032
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        217⤵
        
        PID:4084
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        218⤵
        
        PID:3120
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        219⤵
        
        PID:3180
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        220⤵
        
        PID:3240
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        221⤵
        
        PID:3300
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        222⤵
        System Location Discovery: System Language Discovery
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\directory\chrome.exe
        
        "C:\Users\Admin\AppData\Local\directory\chrome.exe"
        223⤵
        System Location Discovery: System Language Discovery
        
        PID:3424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Dalis

Filesize
483KB

MD5
a34be9ea8580f708ad9968c443210cca

SHA1
8ccb6a23472c83acd9d70ffc2c50410fa838b119

SHA256
f58769047375e958921933cfb3763c0ab1e3171b577f1b4ed519685064997424

SHA512
22a7a24cc2fb62ce7ecccde2a110e77ef12b38da801d297f1cdaf2764d3529ce5175378d8debcf6fd468909578aab2b1cf5bc0f03fed57c484514f63d142a890

Download Submit
C:\Users\Admin\AppData\Local\Temp\Gehman

Filesize
84KB

MD5
c8d4b14b9e0ddee2c651317473410eae

SHA1
bb5205bfeca473a57894e8498c02897d619b7a83

SHA256
f4ee6ff1f55b128ad21a50d74ba2d29c4030439e5e1a0b6addb7a2aa32d675ce

SHA512
cbdeca79b15d75ae0860215bc3329ccd1ecd9587e58640160ce6c3329047f0a31258ceb1567111b69cf0df7e3c0fb7f41dee5c4fa337a2254cc1e122fee34125

Download Submit
C:\Users\Admin\AppData\Local\Temp\Gehman

Filesize
64KB

MD5
e9e78a254de23c70d99e5f3f5481cfd8

SHA1
e70ebf5431ea6dd5c9d3541d2be86394a79dce29

SHA256
0ae68e5fb5370bf311f0aa24fb2c31cecb63fc9ab289815f4030b10aaf8223a6

SHA512
5d0707d1a89ba932a8f5dbc862ea144017e34ddb07c088ba2ca1b14dd4d7af36147414cc0ec8584913714eac218d100db31093194d711b160c662dc562eaaa05

Download Submit
C:\Users\Admin\AppData\Local\Temp\autDDD1.tmp

Filesize
407KB

MD5
d2f208eaa0db50f7f4d58d343eb7f641

SHA1
dd1711fdc533ef8d597a4b9844323ccf0d83d5c2

SHA256
437d7d5c8bf860e33b1a6b93e139433f17d82f24ee1e89352ae4bcf571c267d1

SHA512
a640352082d69daee0ebe10e46432f77fcfd2a7accb3447e54c2eac2d7b6d36fe1f3b48af1deb5401abebc39a6a6b60a070f7a0f1ef06e9f4b2b7b71b3f4470e

Download Submit
C:\Users\Admin\AppData\Local\Temp\autDDE2.tmp

Filesize
42KB

MD5
9759246f068c11cf1caa5f553b94dee2

SHA1
6556e0febfbf1b08c2b98f01cd4670baffa0f359

SHA256
2ea2e726d82609c1a28d5200c46a52c8fc9612496e4e4c71f09c658868962748

SHA512
cee5ee112d2c8b98b472388f147496ac4b0cbd3b71f7ad2532b84b78284f16459510511d8291511de766081654c91d62de794590930a2ef02caeae2860c2e045

Download Submit
\Users\Admin\AppData\Local\directory\chrome.exe

Filesize
1.4MB

MD5
9549b9ff42af2fdd1943a1cb5e41baff

SHA1
bf30c30071ea553e0bc2a01aa2ebad1d2cef8868

SHA256
f0890236561509ebdba4da6afbd92c6684a454c80edecba802f7e72cdfa6db6b

SHA512
1ce8671893d354b5ec340ef03ad5583216e1d1a6191442fd5368a353d2515810afdb5dee2f29801e018de6736c0667fee6ec1961e7af04b3e6ab66346c30aaca

Download Submit
memory/1992-11-0x00000000001A0000-0x00000000001A4000-memory.dmp

Filesize
16KB

Download