aa9743c31bf710bcabc63c6ad8f5a807ab12316eedd73feed1d043b39c7a7346

Analysis

max time kernel
150s
max time network
127s
platform
windows7_x64
resource
win7-20241023-en
resource tags

arch:x64arch:x86image:win7-20241023-enlocale:en-usos:windows7-x64system
submitted
07-02-2025 14:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa9743c31bf710bcabc63c6ad8f5a807ab12316eedd73feed1d043b39c7a7346.exe
Size

1.8MB
MD5

051050fd522fd5c484d66cd783b5add4
SHA1

9420ab564a73c740bad5e30842ca61c213242230
SHA256

aa9743c31bf710bcabc63c6ad8f5a807ab12316eedd73feed1d043b39c7a7346
SHA512

0cf52d31f81ebee83e0a0098714c5ee659b34ea81e20a78896d596662aa49c84ffaf057e10a8015530206ed10b287b3bb3add4613af9141c1557ee8df3ec58a1
SSDEEP

49152:gTvC/MTQYxsWR7ais+w7GW6vNeKjQO1s17W9OrU:IjTQYxsWRS76Ve0QIs17gS

Score

7^/10

discovery

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sheitan.vbs	Sheitan.exe

Executes dropped EXE 64 IoCs

pid	Process
1416	Sheitan.exe
2096	Sheitan.exe
580	Sheitan.exe
2836	Sheitan.exe
2940	Sheitan.exe
2228	Sheitan.exe
2816	Sheitan.exe
2260	Sheitan.exe
2888	Sheitan.exe
3020	Sheitan.exe
2856	Sheitan.exe
2884	Sheitan.exe
2708	Sheitan.exe
2764	Sheitan.exe
2520	Sheitan.exe
1900	Sheitan.exe
2752	Sheitan.exe
3064	Sheitan.exe
2904	Sheitan.exe
612	Sheitan.exe
2792	Sheitan.exe
2912	Sheitan.exe
1284	Sheitan.exe
2868	Sheitan.exe
2372	Sheitan.exe
316	Sheitan.exe
1540	Sheitan.exe
2560	Sheitan.exe
2544	Sheitan.exe
1804	Sheitan.exe
2592	Sheitan.exe
2240	Sheitan.exe
2148	Sheitan.exe
548	Sheitan.exe
1096	Sheitan.exe
1256	Sheitan.exe
1048	Sheitan.exe
2068	Sheitan.exe
2552	Sheitan.exe
820	Sheitan.exe
1340	Sheitan.exe
956	Sheitan.exe
2564	Sheitan.exe
1912	Sheitan.exe
2012	Sheitan.exe
1992	Sheitan.exe
2024	Sheitan.exe
920	Sheitan.exe
1764	Sheitan.exe
1480	Sheitan.exe
1080	Sheitan.exe
2352	Sheitan.exe
2216	Sheitan.exe
2188	Sheitan.exe
1544	Sheitan.exe
1692	Sheitan.exe
2072	Sheitan.exe
800	Sheitan.exe
2248	Sheitan.exe
2364	Sheitan.exe
336	Sheitan.exe
2212	Sheitan.exe
1588	Sheitan.exe
1776	Sheitan.exe

Loads dropped DLL 1 IoCs

pid	Process
2040	aa9743c31bf710bcabc63c6ad8f5a807ab12316eedd73feed1d043b39c7a7346.exe

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/files/0x0008000000016c66-4.dat	autoit_exe

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sheitan.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2040	aa9743c31bf710bcabc63c6ad8f5a807ab12316eedd73feed1d043b39c7a7346.exe
2040	aa9743c31bf710bcabc63c6ad8f5a807ab12316eedd73feed1d043b39c7a7346.exe
1416	Sheitan.exe
1416	Sheitan.exe
2096	Sheitan.exe
2096	Sheitan.exe
580	Sheitan.exe
580	Sheitan.exe
2836	Sheitan.exe
2836	Sheitan.exe
2940	Sheitan.exe
2940	Sheitan.exe
2228	Sheitan.exe
2228	Sheitan.exe
2816	Sheitan.exe
2816	Sheitan.exe
2260	Sheitan.exe
2260	Sheitan.exe
2888	Sheitan.exe
2888	Sheitan.exe
3020	Sheitan.exe
3020	Sheitan.exe
2856	Sheitan.exe
2856	Sheitan.exe
2884	Sheitan.exe
2884	Sheitan.exe
2708	Sheitan.exe
2708	Sheitan.exe
2764	Sheitan.exe
2764	Sheitan.exe
2520	Sheitan.exe
2520	Sheitan.exe
1900	Sheitan.exe
1900	Sheitan.exe
2752	Sheitan.exe
2752	Sheitan.exe
3064	Sheitan.exe
3064	Sheitan.exe
2904	Sheitan.exe
2904	Sheitan.exe
612	Sheitan.exe
612	Sheitan.exe
2792	Sheitan.exe
2792	Sheitan.exe
2912	Sheitan.exe
2912	Sheitan.exe
1284	Sheitan.exe
1284	Sheitan.exe
2868	Sheitan.exe
2868	Sheitan.exe
2372	Sheitan.exe
2372	Sheitan.exe
316	Sheitan.exe
316	Sheitan.exe
1540	Sheitan.exe
1540	Sheitan.exe
2560	Sheitan.exe
2560	Sheitan.exe
2544	Sheitan.exe
2544	Sheitan.exe
1804	Sheitan.exe
1804	Sheitan.exe
2592	Sheitan.exe
2592	Sheitan.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2040	aa9743c31bf710bcabc63c6ad8f5a807ab12316eedd73feed1d043b39c7a7346.exe
2040	aa9743c31bf710bcabc63c6ad8f5a807ab12316eedd73feed1d043b39c7a7346.exe
1416	Sheitan.exe
1416	Sheitan.exe
2096	Sheitan.exe
2096	Sheitan.exe
580	Sheitan.exe
580	Sheitan.exe
2836	Sheitan.exe
2836	Sheitan.exe
2940	Sheitan.exe
2940	Sheitan.exe
2228	Sheitan.exe
2228	Sheitan.exe
2816	Sheitan.exe
2816	Sheitan.exe
2260	Sheitan.exe
2260	Sheitan.exe
2888	Sheitan.exe
2888	Sheitan.exe
3020	Sheitan.exe
3020	Sheitan.exe
2856	Sheitan.exe
2856	Sheitan.exe
2884	Sheitan.exe
2884	Sheitan.exe
2708	Sheitan.exe
2708	Sheitan.exe
2764	Sheitan.exe
2764	Sheitan.exe
2520	Sheitan.exe
2520	Sheitan.exe
1900	Sheitan.exe
1900	Sheitan.exe
2752	Sheitan.exe
2752	Sheitan.exe
3064	Sheitan.exe
3064	Sheitan.exe
2904	Sheitan.exe
2904	Sheitan.exe
612	Sheitan.exe
612	Sheitan.exe
2792	Sheitan.exe
2792	Sheitan.exe
2912	Sheitan.exe
2912	Sheitan.exe
1284	Sheitan.exe
1284	Sheitan.exe
2868	Sheitan.exe
2868	Sheitan.exe
2372	Sheitan.exe
2372	Sheitan.exe
316	Sheitan.exe
316	Sheitan.exe
1540	Sheitan.exe
1540	Sheitan.exe
2560	Sheitan.exe
2560	Sheitan.exe
2544	Sheitan.exe
2544	Sheitan.exe
1804	Sheitan.exe
1804	Sheitan.exe
2592	Sheitan.exe
2592	Sheitan.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 1416	2040	aa9743c31bf710bcabc63c6ad8f5a807ab12316eedd73feed1d043b39c7a7346.exe	30
PID 2040 wrote to memory of 1416	2040	aa9743c31bf710bcabc63c6ad8f5a807ab12316eedd73feed1d043b39c7a7346.exe	30
PID 2040 wrote to memory of 1416	2040	aa9743c31bf710bcabc63c6ad8f5a807ab12316eedd73feed1d043b39c7a7346.exe	30
PID 2040 wrote to memory of 1416	2040	aa9743c31bf710bcabc63c6ad8f5a807ab12316eedd73feed1d043b39c7a7346.exe	30
PID 1416 wrote to memory of 2096	1416	Sheitan.exe	32
PID 1416 wrote to memory of 2096	1416	Sheitan.exe	32
PID 1416 wrote to memory of 2096	1416	Sheitan.exe	32
PID 1416 wrote to memory of 2096	1416	Sheitan.exe	32
PID 2096 wrote to memory of 580	2096	Sheitan.exe	33
PID 2096 wrote to memory of 580	2096	Sheitan.exe	33
PID 2096 wrote to memory of 580	2096	Sheitan.exe	33
PID 2096 wrote to memory of 580	2096	Sheitan.exe	33
PID 580 wrote to memory of 2836	580	Sheitan.exe	34
PID 580 wrote to memory of 2836	580	Sheitan.exe	34
PID 580 wrote to memory of 2836	580	Sheitan.exe	34
PID 580 wrote to memory of 2836	580	Sheitan.exe	34
PID 2836 wrote to memory of 2940	2836	Sheitan.exe	35
PID 2836 wrote to memory of 2940	2836	Sheitan.exe	35
PID 2836 wrote to memory of 2940	2836	Sheitan.exe	35
PID 2836 wrote to memory of 2940	2836	Sheitan.exe	35
PID 2940 wrote to memory of 2228	2940	Sheitan.exe	36
PID 2940 wrote to memory of 2228	2940	Sheitan.exe	36
PID 2940 wrote to memory of 2228	2940	Sheitan.exe	36
PID 2940 wrote to memory of 2228	2940	Sheitan.exe	36
PID 2228 wrote to memory of 2816	2228	Sheitan.exe	37
PID 2228 wrote to memory of 2816	2228	Sheitan.exe	37
PID 2228 wrote to memory of 2816	2228	Sheitan.exe	37
PID 2228 wrote to memory of 2816	2228	Sheitan.exe	37
PID 2816 wrote to memory of 2260	2816	Sheitan.exe	38
PID 2816 wrote to memory of 2260	2816	Sheitan.exe	38
PID 2816 wrote to memory of 2260	2816	Sheitan.exe	38
PID 2816 wrote to memory of 2260	2816	Sheitan.exe	38
PID 2260 wrote to memory of 2888	2260	Sheitan.exe	39
PID 2260 wrote to memory of 2888	2260	Sheitan.exe	39
PID 2260 wrote to memory of 2888	2260	Sheitan.exe	39
PID 2260 wrote to memory of 2888	2260	Sheitan.exe	39
PID 2888 wrote to memory of 3020	2888	Sheitan.exe	40
PID 2888 wrote to memory of 3020	2888	Sheitan.exe	40
PID 2888 wrote to memory of 3020	2888	Sheitan.exe	40
PID 2888 wrote to memory of 3020	2888	Sheitan.exe	40
PID 3020 wrote to memory of 2856	3020	Sheitan.exe	41
PID 3020 wrote to memory of 2856	3020	Sheitan.exe	41
PID 3020 wrote to memory of 2856	3020	Sheitan.exe	41
PID 3020 wrote to memory of 2856	3020	Sheitan.exe	41
PID 2856 wrote to memory of 2884	2856	Sheitan.exe	42
PID 2856 wrote to memory of 2884	2856	Sheitan.exe	42
PID 2856 wrote to memory of 2884	2856	Sheitan.exe	42
PID 2856 wrote to memory of 2884	2856	Sheitan.exe	42
PID 2884 wrote to memory of 2708	2884	Sheitan.exe	43
PID 2884 wrote to memory of 2708	2884	Sheitan.exe	43
PID 2884 wrote to memory of 2708	2884	Sheitan.exe	43
PID 2884 wrote to memory of 2708	2884	Sheitan.exe	43
PID 2708 wrote to memory of 2764	2708	Sheitan.exe	44
PID 2708 wrote to memory of 2764	2708	Sheitan.exe	44
PID 2708 wrote to memory of 2764	2708	Sheitan.exe	44
PID 2708 wrote to memory of 2764	2708	Sheitan.exe	44
PID 2764 wrote to memory of 2520	2764	Sheitan.exe	45
PID 2764 wrote to memory of 2520	2764	Sheitan.exe	45
PID 2764 wrote to memory of 2520	2764	Sheitan.exe	45
PID 2764 wrote to memory of 2520	2764	Sheitan.exe	45
PID 2520 wrote to memory of 1900	2520	Sheitan.exe	46
PID 2520 wrote to memory of 1900	2520	Sheitan.exe	46
PID 2520 wrote to memory of 1900	2520	Sheitan.exe	46
PID 2520 wrote to memory of 1900	2520	Sheitan.exe	46

C:\Users\Admin\AppData\Local\Temp\aa9743c31bf710bcabc63c6ad8f5a807ab12316eedd73feed1d043b39c7a7346.exe
"C:\Users\Admin\AppData\Local\Temp\aa9743c31bf710bcabc63c6ad8f5a807ab12316eedd73feed1d043b39c7a7346.exe"
1⤵
- Loads dropped DLL
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
  "C:\Users\Admin\AppData\Local\Temp\aa9743c31bf710bcabc63c6ad8f5a807ab12316eedd73feed1d043b39c7a7346.exe"
  2⤵
  - Drops startup file
  - Executes dropped EXE
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1416
- - C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
    "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:2096
  - - C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
      "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      Suspicious use of WriteProcessMemory
      PID:580
    - - C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2836
      - C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2940
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2228
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        8⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2816
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        9⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        10⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2888
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        11⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:3020
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        12⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2856
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        13⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2884
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        14⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2708
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        15⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2764
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        16⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of WriteProcessMemory
        
        PID:2520
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        17⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1900
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        18⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2752
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        19⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:3064
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        20⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2904
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        21⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:612
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        22⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        23⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2912
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        24⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1284
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        25⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2868
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        26⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        27⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:316
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        28⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1540
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        29⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2560
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        30⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        31⤵
        Executes dropped EXE
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1804
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        32⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:2592
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        33⤵
        Executes dropped EXE
        
        PID:2240
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        34⤵
        Executes dropped EXE
        
        PID:2148
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        35⤵
        Executes dropped EXE
        
        PID:548
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        36⤵
        Executes dropped EXE
        
        PID:1096
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        37⤵
        Executes dropped EXE
        
        PID:1256
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        38⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1048
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        39⤵
        Executes dropped EXE
        
        PID:2068
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        40⤵
        Executes dropped EXE
        
        PID:2552
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        41⤵
        Executes dropped EXE
        
        PID:820
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        42⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1340
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        43⤵
        Executes dropped EXE
        
        PID:956
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        44⤵
        Executes dropped EXE
        
        PID:2564
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        45⤵
        Executes dropped EXE
        
        PID:1912
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        46⤵
        Executes dropped EXE
        
        PID:2012
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        47⤵
        Executes dropped EXE
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        48⤵
        Executes dropped EXE
        
        PID:2024
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        49⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:920
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        50⤵
        Executes dropped EXE
        
        PID:1764
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        51⤵
        Executes dropped EXE
        
        PID:1480
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        52⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1080
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        53⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2352
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        54⤵
        Executes dropped EXE
        
        PID:2216
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        55⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2188
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        56⤵
        Executes dropped EXE
        
        PID:1544
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        57⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1692
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        58⤵
        Executes dropped EXE
        
        PID:2072
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        59⤵
        Executes dropped EXE
        
        PID:800
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        60⤵
        Executes dropped EXE
        
        PID:2248
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        61⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2364
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        62⤵
        Executes dropped EXE
        
        PID:336
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        63⤵
        Executes dropped EXE
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        64⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1588
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        65⤵
        Executes dropped EXE
        
        PID:1776
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        66⤵
        
        PID:1028
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        67⤵
        
        PID:1736
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        68⤵
        System Location Discovery: System Language Discovery
        
        PID:1904
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        69⤵
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        70⤵
        
        PID:2496
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        71⤵
        System Location Discovery: System Language Discovery
        
        PID:2296
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        72⤵
        
        PID:2928
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        73⤵
        
        PID:2952
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        74⤵
        System Location Discovery: System Language Discovery
        
        PID:2848
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        75⤵
        
        PID:2824
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        76⤵
        System Location Discovery: System Language Discovery
        
        PID:3044
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        77⤵
        
        PID:2852
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        78⤵
        
        PID:2748
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        79⤵
        
        PID:1812
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        80⤵
        
        PID:2744
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        81⤵
        
        PID:1948
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        82⤵
        
        PID:2756
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        83⤵
        
        PID:2736
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        84⤵
        
        PID:2500
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        85⤵
        System Location Discovery: System Language Discovery
        
        PID:844
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        86⤵
        System Location Discovery: System Language Discovery
        
        PID:3056
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        87⤵
        
        PID:816
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        88⤵
        
        PID:2900
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        89⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        90⤵
        System Location Discovery: System Language Discovery
        
        PID:1056
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        91⤵
        System Location Discovery: System Language Discovery
        
        PID:2360
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        92⤵
        
        PID:1296
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        93⤵
        
        PID:1292
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        94⤵
        
        PID:324
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        95⤵
        
        PID:2556
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        96⤵
        
        PID:1660
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        97⤵
        
        PID:1264
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        98⤵
        
        PID:2508
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        99⤵
        
        PID:2088
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        100⤵
        
        PID:2084
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        101⤵
        System Location Discovery: System Language Discovery
        
        PID:2156
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        102⤵
        
        PID:2788
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        103⤵
        System Location Discovery: System Language Discovery
        
        PID:908
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        104⤵
        
        PID:1104
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        105⤵
        
        PID:1872
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        106⤵
        
        PID:1608
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        107⤵
        
        PID:1516
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        108⤵
        
        PID:1336
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        109⤵
        System Location Discovery: System Language Discovery
        
        PID:848
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        110⤵
        
        PID:1536
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        111⤵
        System Location Discovery: System Language Discovery
        
        PID:1768
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        112⤵
        System Location Discovery: System Language Discovery
        
        PID:772
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        113⤵
        System Location Discovery: System Language Discovery
        
        PID:2140
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        114⤵
        
        PID:2640
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        115⤵
        
        PID:1716
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        116⤵
        
        PID:1752
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        117⤵
        System Location Discovery: System Language Discovery
        
        PID:1504
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        118⤵
        System Location Discovery: System Language Discovery
        
        PID:2480
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        119⤵
        
        PID:2600
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        120⤵
        System Location Discovery: System Language Discovery
        
        PID:1712
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        121⤵
        
        PID:1616
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        122⤵
        
        PID:2988
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        123⤵
        
        PID:2964
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        124⤵
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        125⤵
        
        PID:2892
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        126⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        127⤵
        
        PID:2704
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        128⤵
        System Location Discovery: System Language Discovery
        
        PID:2972
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        129⤵
        
        PID:1288
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        130⤵
        System Location Discovery: System Language Discovery
        
        PID:3048
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        131⤵
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        132⤵
        
        PID:868
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        133⤵
        
        PID:2916
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        134⤵
        
        PID:768
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        135⤵
        
        PID:1928
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        136⤵
        
        PID:1952
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        137⤵
        System Location Discovery: System Language Discovery
        
        PID:2108
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        138⤵
        
        PID:2572
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        139⤵
        
        PID:2376
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        140⤵
        System Location Discovery: System Language Discovery
        
        PID:2996
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        141⤵
        System Location Discovery: System Language Discovery
        
        PID:328
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        142⤵
        
        PID:2488
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        143⤵
        
        PID:2620
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        144⤵
        
        PID:2340
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        145⤵
        
        PID:936
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        146⤵
        
        PID:2648
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        147⤵
        
        PID:960
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        148⤵
        
        PID:1576
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        149⤵
        
        PID:496
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        150⤵
        System Location Discovery: System Language Discovery
        
        PID:1572
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        151⤵
        
        PID:2236
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        152⤵
        
        PID:288
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        153⤵
        
        PID:1500
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        154⤵
        
        PID:1700
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        155⤵
        
        PID:1796
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        156⤵
        
        PID:2800
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        157⤵
        
        PID:2256
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        158⤵
        
        PID:576
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        159⤵
        System Location Discovery: System Language Discovery
        
        PID:2828
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        160⤵
        
        PID:2004
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        161⤵
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        162⤵
        
        PID:1820
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        163⤵
        
        PID:696
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        164⤵
        
        PID:1564
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        165⤵
        
        PID:1140
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        166⤵
        
        PID:304
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        167⤵
        
        PID:940
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        168⤵
        System Location Discovery: System Language Discovery
        
        PID:2576
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        169⤵
        System Location Discovery: System Language Discovery
        
        PID:2664
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        170⤵
        
        PID:1636
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        171⤵
        System Location Discovery: System Language Discovery
        
        PID:2176
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        172⤵
        
        PID:2404
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        173⤵
        
        PID:876
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        174⤵
        System Location Discovery: System Language Discovery
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        175⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        176⤵
        
        PID:2860
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        177⤵
        
        PID:3016
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        178⤵
        
        PID:1604
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        179⤵
        
        PID:1960
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        180⤵
        
        PID:1348
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        181⤵
        
        PID:1000
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        182⤵
        
        PID:2324
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        183⤵
        System Location Discovery: System Language Discovery
        
        PID:2448
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        184⤵
        System Location Discovery: System Language Discovery
        
        PID:2784
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        185⤵
        System Location Discovery: System Language Discovery
        
        PID:2688
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        186⤵
        System Location Discovery: System Language Discovery
        
        PID:692
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        187⤵
        System Location Discovery: System Language Discovery
        
        PID:2408
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        188⤵
        
        PID:2348
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        189⤵
        
        PID:2456
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        190⤵
        System Location Discovery: System Language Discovery
        
        PID:2608
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        191⤵
        
        PID:1848
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        192⤵
        
        PID:2696
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        193⤵
        
        PID:1656
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        194⤵
        
        PID:2220
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        195⤵
        
        PID:1548
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        196⤵
        
        PID:2420
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        197⤵
        
        PID:1092
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        198⤵
        System Location Discovery: System Language Discovery
        
        PID:3076
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        199⤵
        
        PID:3092
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        200⤵
        
        PID:3112
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        201⤵
        
        PID:3128
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        202⤵
        
        PID:3148
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        203⤵
        
        PID:3164
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        204⤵
        System Location Discovery: System Language Discovery
        
        PID:3184
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        205⤵
        
        PID:3200
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        206⤵
        
        PID:3220
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        207⤵
        
        PID:3236
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        208⤵
        System Location Discovery: System Language Discovery
        
        PID:3256
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        209⤵
        
        PID:3272
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        210⤵
        System Location Discovery: System Language Discovery
        
        PID:3292
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        211⤵
        
        PID:3308
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        212⤵
        System Location Discovery: System Language Discovery
        
        PID:3328
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        213⤵
        System Location Discovery: System Language Discovery
        
        PID:3344
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        214⤵
        
        PID:3364
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        215⤵
        
        PID:3380
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        216⤵
        System Location Discovery: System Language Discovery
        
        PID:3400
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        217⤵
        
        PID:3416
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        218⤵
        System Location Discovery: System Language Discovery
        
        PID:3436
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        219⤵
        
        PID:3452
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        220⤵
        
        PID:3472
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        221⤵
        
        PID:3488
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        222⤵
        System Location Discovery: System Language Discovery
        
        PID:3508
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        223⤵
        
        PID:3524
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        224⤵
        
        PID:3548
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        225⤵
        
        PID:3564
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        226⤵
        
        PID:3580
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        227⤵
        
        PID:3600
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        228⤵
        
        PID:3616
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        229⤵
        
        PID:3636
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        230⤵
        
        PID:3652
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        231⤵
        System Location Discovery: System Language Discovery
        
        PID:3672
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        232⤵
        
        PID:3688
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        233⤵
        
        PID:3708
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        234⤵
        System Location Discovery: System Language Discovery
        
        PID:3724
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        235⤵
        
        PID:3744
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        236⤵
        
        PID:3760
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        237⤵
        System Location Discovery: System Language Discovery
        
        PID:3780
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        238⤵
        
        PID:3796
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        239⤵
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        240⤵
        
        PID:3832
        
        C:\Users\Admin\AppData\Local\iodite\Sheitan.exe
        
        "C:\Users\Admin\AppData\Local\iodite\Sheitan.exe"
        241⤵
        
        PID:3852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\lophophorine

Filesize
481KB

MD5
7bda5fe94b0cdbf12143326ad566036c

SHA1
cd36bc46fb1a4d6572accabf7f2071ff0dcd8614

SHA256
492f9e19497f8579671f5d1d374c5bfbb8efebcecab6ca7cf83c63bb6ee803a0

SHA512
87bb93c34b223c9d0f72ab0a491ab818121bf7f18cfd51b2bd646227bce647c32566671d56505d844ef6af4697e9c0cefe0a053669513c8c1b8f32954f7f31b5

Download Submit
\Users\Admin\AppData\Local\iodite\Sheitan.exe

Filesize
1.8MB

MD5
051050fd522fd5c484d66cd783b5add4

SHA1
9420ab564a73c740bad5e30842ca61c213242230

SHA256
aa9743c31bf710bcabc63c6ad8f5a807ab12316eedd73feed1d043b39c7a7346

SHA512
0cf52d31f81ebee83e0a0098714c5ee659b34ea81e20a78896d596662aa49c84ffaf057e10a8015530206ed10b287b3bb3add4613af9141c1557ee8df3ec58a1

Download Submit
memory/1416-12-0x0000000000730000-0x0000000000B30000-memory.dmp

Filesize
4.0MB

Download
memory/2040-2-0x0000000000850000-0x0000000000C50000-memory.dmp

Filesize
4.0MB

Download
memory/2096-18-0x00000000007E0000-0x0000000000BE0000-memory.dmp

Filesize
4.0MB

Download