Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

68a4619be1...4b.exe

windows7-x64

10

68a4619be1...4b.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    84s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    19/01/2024, 21:07

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    68a4619be1f3efcc95a4fac79b12544b.exe

  • Size

    638KB

  • MD5

    68a4619be1f3efcc95a4fac79b12544b

  • SHA1

    305a32c6ac58a4daec2edd4f91c7dea9f9fccd41

  • SHA256

    acd10a5e1a34f66e757669ebc7c4edf73d8a8adf6df73f7618edcc564a3c894c

  • SHA512

    74d8b1153201c3a9b80270145350cbb90fa8143c203c36bcb480270479298b885811a94c05a333e0d638d6a926e3457e8260c9e6ff9eac3e21e00226eee7922b

  • SSDEEP

    12288:BHnHA3xl3nNTR/nsy53/zGMJtvlZA/vE/x2q+luR:BHHin9R/s+37BVIl8

Score
10/10
xtremeratpersistenceratspywareupx

Malware Config

Extracted

Family

xtremerat

C2

majaaz.zapto.org

şᕸ왐majaaz.zapto.org

joeblack.zapto.org

şᕸ왐joeblack.zapto.org

Signatures

  • Detect XtremeRAT payload 11 IoCs
  • Modifies WinLogon for persistence 2 TTPs 52 IoCs
    persistence
  • XtremeRAT

    The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.

    persistencespywareratxtremerat
  • Adds policy Run key to start application 2 TTPs 64 IoCs
    persistence
  • Modifies Installed Components in the registry 2 TTPs 52 IoCs
    persistence
  • Deletes itself 1 IoCs
  • Executes dropped EXE 54 IoCs
  • Loads dropped DLL 30 IoCs
  • UPX packed file 15 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 52 IoCs
    persistence
  • Drops file in System32 directory 64 IoCs
  • Suspicious use of SetThreadContext 28 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\68a4619be1f3efcc95a4fac79b12544b.exe
    "C:\Users\Admin\AppData\Local\Temp\68a4619be1f3efcc95a4fac79b12544b.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:1944
    • C:\Users\Admin\AppData\Local\Temp\68a4619be1f3efcc95a4fac79b12544b.exe
      C:\Users\Admin\AppData\Local\Temp\68a4619be1f3efcc95a4fac79b12544b.exe
      2⤵
      • Modifies WinLogon for persistence
      • Adds policy Run key to start application
      • Modifies Installed Components in the registry
      • Loads dropped DLL
      • Adds Run key to start application
      • Drops file in System32 directory
      • Suspicious use of WriteProcessMemory
      PID:2340
      • C:\Windows\SysWOW64\svchost.exe
        svchost.exe
        3⤵
        • Modifies WinLogon for persistence
        • Adds policy Run key to start application
        • Modifies Installed Components in the registry
        • Loads dropped DLL
        • Adds Run key to start application
        PID:2756
        • C:\Windows\SysWOW64\InstallDir\Svhost.exe
          "C:\Windows\system32\InstallDir\Svhost.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious use of SetThreadContext
          PID:2788
          • C:\Windows\SysWOW64\InstallDir\Svhost.exe
            C:\Windows\SysWOW64\InstallDir\Svhost.exe
            5⤵
            • Modifies WinLogon for persistence
            • Adds policy Run key to start application
            • Modifies Installed Components in the registry
            • Executes dropped EXE
            • Adds Run key to start application
            • Drops file in System32 directory
            PID:1572
            • C:\Program Files\Internet Explorer\iexplore.exe
              "C:\Program Files\Internet Explorer\iexplore.exe"
              6⤵
                PID:2416
              • C:\Program Files\Internet Explorer\iexplore.exe
                "C:\Program Files\Internet Explorer\iexplore.exe"
                6⤵
                  PID:2428
                • C:\Program Files\Internet Explorer\iexplore.exe
                  "C:\Program Files\Internet Explorer\iexplore.exe"
                  6⤵
                    PID:2020
                  • C:\Program Files\Internet Explorer\iexplore.exe
                    "C:\Program Files\Internet Explorer\iexplore.exe"
                    6⤵
                      PID:3056
                    • C:\Program Files\Internet Explorer\iexplore.exe
                      "C:\Program Files\Internet Explorer\iexplore.exe"
                      6⤵
                        PID:1952
                      • C:\Program Files\Internet Explorer\iexplore.exe
                        "C:\Program Files\Internet Explorer\iexplore.exe"
                        6⤵
                          PID:2632
                        • C:\Program Files\Internet Explorer\iexplore.exe
                          "C:\Program Files\Internet Explorer\iexplore.exe"
                          6⤵
                            PID:2192
                          • C:\Program Files\Internet Explorer\iexplore.exe
                            "C:\Program Files\Internet Explorer\iexplore.exe"
                            6⤵
                              PID:1228
                            • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                              "C:\Windows\SysWOW64\InstallDir\Svhost.exe"
                              6⤵
                              • Executes dropped EXE
                              • Suspicious use of SetThreadContext
                              PID:960
                              • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                7⤵
                                • Modifies WinLogon for persistence
                                • Adds policy Run key to start application
                                • Modifies Installed Components in the registry
                                • Executes dropped EXE
                                • Adds Run key to start application
                                • Drops file in System32 directory
                                PID:2476
                                • C:\Program Files\Internet Explorer\iexplore.exe
                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                  8⤵
                                    PID:404
                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                    8⤵
                                      PID:1712
                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                      "C:\Program Files\Internet Explorer\iexplore.exe"
                                      8⤵
                                        PID:968
                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                        8⤵
                                          PID:636
                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                          8⤵
                                            PID:1660
                                          • C:\Program Files\Internet Explorer\iexplore.exe
                                            "C:\Program Files\Internet Explorer\iexplore.exe"
                                            8⤵
                                              PID:2892
                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                              "C:\Program Files\Internet Explorer\iexplore.exe"
                                              8⤵
                                                PID:2064
                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                8⤵
                                                  PID:2912
                                                • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                  "C:\Windows\SysWOW64\InstallDir\Svhost.exe"
                                                  8⤵
                                                  • Executes dropped EXE
                                                  • Suspicious use of SetThreadContext
                                                  PID:1880
                                                  • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                    C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                    9⤵
                                                    • Modifies WinLogon for persistence
                                                    • Adds policy Run key to start application
                                                    • Modifies Installed Components in the registry
                                                    • Executes dropped EXE
                                                    • Adds Run key to start application
                                                    • Drops file in System32 directory
                                                    PID:2896
                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                      "C:\Program Files\Internet Explorer\iexplore.exe"
                                                      10⤵
                                                        PID:1948
                                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                                        10⤵
                                                          PID:2148
                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                          10⤵
                                                            PID:2660
                                                          • C:\Program Files\Internet Explorer\iexplore.exe
                                                            "C:\Program Files\Internet Explorer\iexplore.exe"
                                                            10⤵
                                                              PID:2576
                                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                                              "C:\Program Files\Internet Explorer\iexplore.exe"
                                                              10⤵
                                                                PID:2644
                                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                10⤵
                                                                  PID:2596
                                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                  10⤵
                                                                    PID:1460
                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                    10⤵
                                                                      PID:2436
                                                                    • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                      "C:\Windows\SysWOW64\InstallDir\Svhost.exe"
                                                                      10⤵
                                                                      • Executes dropped EXE
                                                                      • Suspicious use of SetThreadContext
                                                                      PID:1468
                                                                      • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                        C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                        11⤵
                                                                        • Modifies WinLogon for persistence
                                                                        • Adds policy Run key to start application
                                                                        • Modifies Installed Components in the registry
                                                                        • Executes dropped EXE
                                                                        • Adds Run key to start application
                                                                        • Drops file in System32 directory
                                                                        PID:1556
                                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                          12⤵
                                                                            PID:1512
                                                                          • C:\Program Files\Internet Explorer\iexplore.exe
                                                                            "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                            12⤵
                                                                              PID:1424
                                                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                                                              "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                              12⤵
                                                                                PID:1044
                                                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                12⤵
                                                                                  PID:960
                                                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                  12⤵
                                                                                    PID:1612
                                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                    12⤵
                                                                                      PID:964
                                                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                      "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                      12⤵
                                                                                        PID:112
                                                                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                        12⤵
                                                                                          PID:916
                                                                                        • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                          "C:\Windows\SysWOW64\InstallDir\Svhost.exe"
                                                                                          12⤵
                                                                                          • Executes dropped EXE
                                                                                          • Suspicious use of SetThreadContext
                                                                                          PID:2920
                                                                                          • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                            C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                            13⤵
                                                                                            • Executes dropped EXE
                                                                                            PID:2680
                                                                        • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                          "C:\Windows\system32\InstallDir\Svhost.exe"
                                                                          4⤵
                                                                          • Executes dropped EXE
                                                                          • Suspicious use of SetThreadContext
                                                                          PID:1920
                                                                          • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                            C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                            5⤵
                                                                            • Modifies WinLogon for persistence
                                                                            • Adds policy Run key to start application
                                                                            • Modifies Installed Components in the registry
                                                                            • Executes dropped EXE
                                                                            • Adds Run key to start application
                                                                            • Drops file in System32 directory
                                                                            PID:2408
                                                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                                                              "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                              6⤵
                                                                                PID:1792
                                                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                6⤵
                                                                                  PID:1120
                                                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                  6⤵
                                                                                    PID:2996
                                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                    6⤵
                                                                                      PID:1624
                                                                                • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                  "C:\Windows\system32\InstallDir\Svhost.exe"
                                                                                  4⤵
                                                                                  • Executes dropped EXE
                                                                                  • Suspicious use of SetThreadContext
                                                                                  PID:1724
                                                                                  • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                    C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                    5⤵
                                                                                    • Modifies WinLogon for persistence
                                                                                    • Modifies Installed Components in the registry
                                                                                    • Executes dropped EXE
                                                                                    • Adds Run key to start application
                                                                                    • Drops file in System32 directory
                                                                                    PID:2736
                                                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                      "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                      6⤵
                                                                                        PID:2780
                                                                                  • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                    "C:\Windows\system32\InstallDir\Svhost.exe"
                                                                                    4⤵
                                                                                    • Executes dropped EXE
                                                                                    • Suspicious use of SetThreadContext
                                                                                    PID:2604
                                                                                    • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                      C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                      5⤵
                                                                                      • Modifies WinLogon for persistence
                                                                                      • Adds policy Run key to start application
                                                                                      • Modifies Installed Components in the registry
                                                                                      • Executes dropped EXE
                                                                                      • Adds Run key to start application
                                                                                      • Drops file in System32 directory
                                                                                      PID:860
                                                                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                        6⤵
                                                                                          PID:2456
                                                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                          6⤵
                                                                                            PID:1604
                                                                                          • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                            "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                            6⤵
                                                                                              PID:1916
                                                                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                              "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                              6⤵
                                                                                                PID:284
                                                                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                6⤵
                                                                                                  PID:1452
                                                                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                  6⤵
                                                                                                    PID:540
                                                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                    6⤵
                                                                                                      PID:280
                                                                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                      "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                      6⤵
                                                                                                        PID:2888
                                                                                                      • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                        "C:\Windows\SysWOW64\InstallDir\Svhost.exe"
                                                                                                        6⤵
                                                                                                        • Executes dropped EXE
                                                                                                        • Suspicious use of SetThreadContext
                                                                                                        PID:2132
                                                                                                        • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                          C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                          7⤵
                                                                                                          • Executes dropped EXE
                                                                                                          PID:2284
                                                                                                  • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                    "C:\Windows\system32\InstallDir\Svhost.exe"
                                                                                                    4⤵
                                                                                                    • Executes dropped EXE
                                                                                                    • Suspicious use of SetThreadContext
                                                                                                    PID:2012
                                                                                                    • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                      C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                      5⤵
                                                                                                      • Executes dropped EXE
                                                                                                      PID:2084
                                                                                                  • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                    "C:\Windows\system32\InstallDir\Svhost.exe"
                                                                                                    4⤵
                                                                                                    • Executes dropped EXE
                                                                                                    • Suspicious use of SetThreadContext
                                                                                                    PID:1688
                                                                                                    • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                      C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                      5⤵
                                                                                                      • Modifies WinLogon for persistence
                                                                                                      • Adds policy Run key to start application
                                                                                                      • Modifies Installed Components in the registry
                                                                                                      • Executes dropped EXE
                                                                                                      • Adds Run key to start application
                                                                                                      • Drops file in System32 directory
                                                                                                      PID:2216
                                                                                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                        6⤵
                                                                                                          PID:892
                                                                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                          6⤵
                                                                                                            PID:2928
                                                                                                          • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                            "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                            6⤵
                                                                                                              PID:2032
                                                                                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                              "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                              6⤵
                                                                                                                PID:1696
                                                                                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                6⤵
                                                                                                                  PID:1592
                                                                                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                  6⤵
                                                                                                                    PID:2104
                                                                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                    6⤵
                                                                                                                      PID:800
                                                                                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                      "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                      6⤵
                                                                                                                        PID:696
                                                                                                                      • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                        "C:\Windows\SysWOW64\InstallDir\Svhost.exe"
                                                                                                                        6⤵
                                                                                                                        • Executes dropped EXE
                                                                                                                        • Suspicious use of SetThreadContext
                                                                                                                        PID:324
                                                                                                                        • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                          C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                          7⤵
                                                                                                                          • Modifies WinLogon for persistence
                                                                                                                          • Adds policy Run key to start application
                                                                                                                          • Modifies Installed Components in the registry
                                                                                                                          • Executes dropped EXE
                                                                                                                          • Adds Run key to start application
                                                                                                                          • Drops file in System32 directory
                                                                                                                          PID:2204
                                                                                                                          • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                            "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                            8⤵
                                                                                                                              PID:2424
                                                                                                                            • C:\Windows\SysWOW64\explorer.exe
                                                                                                                              explorer.exe
                                                                                                                              8⤵
                                                                                                                              • Drops file in System32 directory
                                                                                                                              PID:1976
                                                                                                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                              "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                              8⤵
                                                                                                                                PID:2724
                                                                                                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                8⤵
                                                                                                                                  PID:2700
                                                                                                                        • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                          "C:\Windows\system32\InstallDir\Svhost.exe"
                                                                                                                          4⤵
                                                                                                                          • Executes dropped EXE
                                                                                                                          • Suspicious use of SetThreadContext
                                                                                                                          PID:1684
                                                                                                                          • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                            C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                            5⤵
                                                                                                                            • Modifies WinLogon for persistence
                                                                                                                            • Adds policy Run key to start application
                                                                                                                            • Modifies Installed Components in the registry
                                                                                                                            • Executes dropped EXE
                                                                                                                            • Adds Run key to start application
                                                                                                                            • Drops file in System32 directory
                                                                                                                            PID:864
                                                                                                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                              "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                              6⤵
                                                                                                                                PID:2492
                                                                                                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                6⤵
                                                                                                                                  PID:2000
                                                                                                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                  6⤵
                                                                                                                                    PID:2320
                                                                                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                    6⤵
                                                                                                                                      PID:2352
                                                                                                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                      "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                      6⤵
                                                                                                                                        PID:2040
                                                                                                                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                        6⤵
                                                                                                                                          PID:2120
                                                                                                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                          6⤵
                                                                                                                                            PID:1804
                                                                                                                                          • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                            "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                            6⤵
                                                                                                                                              PID:2812
                                                                                                                                            • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                              "C:\Windows\SysWOW64\InstallDir\Svhost.exe"
                                                                                                                                              6⤵
                                                                                                                                              • Executes dropped EXE
                                                                                                                                              • Suspicious use of SetThreadContext
                                                                                                                                              PID:2900
                                                                                                                                              • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                7⤵
                                                                                                                                                • Modifies WinLogon for persistence
                                                                                                                                                • Adds policy Run key to start application
                                                                                                                                                • Modifies Installed Components in the registry
                                                                                                                                                • Executes dropped EXE
                                                                                                                                                • Loads dropped DLL
                                                                                                                                                • Adds Run key to start application
                                                                                                                                                • Drops file in System32 directory
                                                                                                                                                PID:2604
                                                                                                                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                  8⤵
                                                                                                                                                    PID:2680
                                                                                                                                                  • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                    explorer.exe
                                                                                                                                                    8⤵
                                                                                                                                                      PID:3068
                                                                                                                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                      "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                      8⤵
                                                                                                                                                        PID:828
                                                                                                                                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                        8⤵
                                                                                                                                                          PID:2004
                                                                                                                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                          8⤵
                                                                                                                                                            PID:1684
                                                                                                                                                          • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                            "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                            8⤵
                                                                                                                                                              PID:2096
                                                                                                                                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                              "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                              8⤵
                                                                                                                                                                PID:2176
                                                                                                                                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                8⤵
                                                                                                                                                                  PID:2340
                                                                                                                                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                  8⤵
                                                                                                                                                                    PID:3008
                                                                                                                                                                  • C:\Users\Admin\AppData\Roaming\InstallDir\Svhost.exe
                                                                                                                                                                    "C:\Users\Admin\AppData\Roaming\InstallDir\Svhost.exe"
                                                                                                                                                                    8⤵
                                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                                    • Suspicious use of SetThreadContext
                                                                                                                                                                    PID:2964
                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\InstallDir\Svhost.exe
                                                                                                                                                                      C:\Users\Admin\AppData\Roaming\InstallDir\Svhost.exe
                                                                                                                                                                      9⤵
                                                                                                                                                                      • Modifies WinLogon for persistence
                                                                                                                                                                      • Adds policy Run key to start application
                                                                                                                                                                      • Modifies Installed Components in the registry
                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                      • Adds Run key to start application
                                                                                                                                                                      • Drops file in System32 directory
                                                                                                                                                                      PID:3020
                                                                                                                                                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                        10⤵
                                                                                                                                                                          PID:2532
                                                                                                                                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                          10⤵
                                                                                                                                                                            PID:3016
                                                                                                                                                                          • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                            "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                            10⤵
                                                                                                                                                                              PID:2324
                                                                                                                                                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                              "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                              10⤵
                                                                                                                                                                                PID:2452
                                                                                                                                                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                10⤵
                                                                                                                                                                                  PID:2920
                                                                                                                                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                  C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 196
                                                                                                                                                                                  10⤵
                                                                                                                                                                                  • Program crash
                                                                                                                                                                                  PID:3364
                                                                                                                                                                    • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                      "C:\Windows\system32\InstallDir\Svhost.exe"
                                                                                                                                                                      4⤵
                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                      • Suspicious use of SetThreadContext
                                                                                                                                                                      PID:2936
                                                                                                                                                                      • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                        C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                        5⤵
                                                                                                                                                                        • Modifies WinLogon for persistence
                                                                                                                                                                        • Adds policy Run key to start application
                                                                                                                                                                        • Modifies Installed Components in the registry
                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                        • Adds Run key to start application
                                                                                                                                                                        • Drops file in System32 directory
                                                                                                                                                                        PID:568
                                                                                                                                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                          6⤵
                                                                                                                                                                            PID:2944
                                                                                                                                                                          • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                            explorer.exe
                                                                                                                                                                            6⤵
                                                                                                                                                                            • Drops file in System32 directory
                                                                                                                                                                            PID:3036
                                                                                                                                                                          • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                            "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                            6⤵
                                                                                                                                                                              PID:2448
                                                                                                                                                                        • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                          "C:\Windows\system32\InstallDir\Svhost.exe"
                                                                                                                                                                          4⤵
                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                          • Suspicious use of SetThreadContext
                                                                                                                                                                          PID:1580
                                                                                                                                                                          • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                            C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                            5⤵
                                                                                                                                                                            • Modifies WinLogon for persistence
                                                                                                                                                                            • Adds policy Run key to start application
                                                                                                                                                                            • Modifies Installed Components in the registry
                                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                                            • Adds Run key to start application
                                                                                                                                                                            • Drops file in System32 directory
                                                                                                                                                                            PID:1784
                                                                                                                                                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                              "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                              6⤵
                                                                                                                                                                                PID:2868
                                                                                                                                                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                6⤵
                                                                                                                                                                                  PID:2472
                                                                                                                                                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                  6⤵
                                                                                                                                                                                    PID:388
                                                                                                                                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                    6⤵
                                                                                                                                                                                      PID:328
                                                                                                                                                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                      "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                      6⤵
                                                                                                                                                                                        PID:1688
                                                                                                                                                                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                        6⤵
                                                                                                                                                                                          PID:2684
                                                                                                                                                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                          6⤵
                                                                                                                                                                                            PID:1380
                                                                                                                                                                                          • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                            "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                            6⤵
                                                                                                                                                                                              PID:1488
                                                                                                                                                                                            • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                              "C:\Windows\SysWOW64\InstallDir\Svhost.exe"
                                                                                                                                                                                              6⤵
                                                                                                                                                                                              • Executes dropped EXE
                                                                                                                                                                                              • Suspicious use of SetThreadContext
                                                                                                                                                                                              PID:2060
                                                                                                                                                                                              • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                7⤵
                                                                                                                                                                                                • Modifies WinLogon for persistence
                                                                                                                                                                                                • Adds policy Run key to start application
                                                                                                                                                                                                • Modifies Installed Components in the registry
                                                                                                                                                                                                • Executes dropped EXE
                                                                                                                                                                                                • Adds Run key to start application
                                                                                                                                                                                                • Drops file in System32 directory
                                                                                                                                                                                                PID:2012
                                                                                                                                                                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                  8⤵
                                                                                                                                                                                                    PID:2384
                                                                                                                                                                                                  • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                    explorer.exe
                                                                                                                                                                                                    8⤵
                                                                                                                                                                                                    • Drops file in System32 directory
                                                                                                                                                                                                    PID:2712
                                                                                                                                                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                    8⤵
                                                                                                                                                                                                      PID:2348
                                                                                                                                                                                            • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                              "C:\Windows\system32\InstallDir\Svhost.exe"
                                                                                                                                                                                              4⤵
                                                                                                                                                                                              • Executes dropped EXE
                                                                                                                                                                                              • Suspicious use of SetThreadContext
                                                                                                                                                                                              PID:1708
                                                                                                                                                                                              • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                5⤵
                                                                                                                                                                                                • Modifies WinLogon for persistence
                                                                                                                                                                                                • Adds policy Run key to start application
                                                                                                                                                                                                • Modifies Installed Components in the registry
                                                                                                                                                                                                • Executes dropped EXE
                                                                                                                                                                                                • Adds Run key to start application
                                                                                                                                                                                                • Drops file in System32 directory
                                                                                                                                                                                                PID:2284
                                                                                                                                                                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                  6⤵
                                                                                                                                                                                                    PID:2292
                                                                                                                                                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                    6⤵
                                                                                                                                                                                                      PID:2068
                                                                                                                                                                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                      "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                      6⤵
                                                                                                                                                                                                        PID:2960
                                                                                                                                                                                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                        6⤵
                                                                                                                                                                                                          PID:2216
                                                                                                                                                                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                          6⤵
                                                                                                                                                                                                            PID:3044
                                                                                                                                                                                                          • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                            "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                            6⤵
                                                                                                                                                                                                              PID:2672
                                                                                                                                                                                                        • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                          "C:\Windows\system32\InstallDir\Svhost.exe"
                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                                                          • Suspicious use of SetThreadContext
                                                                                                                                                                                                          PID:1016
                                                                                                                                                                                                          • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                            C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                            5⤵
                                                                                                                                                                                                            • Modifies WinLogon for persistence
                                                                                                                                                                                                            • Adds policy Run key to start application
                                                                                                                                                                                                            • Modifies Installed Components in the registry
                                                                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                                                                            • Adds Run key to start application
                                                                                                                                                                                                            • Drops file in System32 directory
                                                                                                                                                                                                            PID:2244
                                                                                                                                                                                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                              "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                              6⤵
                                                                                                                                                                                                                PID:1092
                                                                                                                                                                                                              • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                explorer.exe
                                                                                                                                                                                                                6⤵
                                                                                                                                                                                                                • Drops file in System32 directory
                                                                                                                                                                                                                PID:2980
                                                                                                                                                                                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                6⤵
                                                                                                                                                                                                                  PID:1540
                                                                                                                                                                                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                  6⤵
                                                                                                                                                                                                                    PID:1784
                                                                                                                                                                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                    6⤵
                                                                                                                                                                                                                      PID:2604
                                                                                                                                                                                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                      "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                      6⤵
                                                                                                                                                                                                                        PID:1556
                                                                                                                                                                                                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                        6⤵
                                                                                                                                                                                                                          PID:804
                                                                                                                                                                                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                          6⤵
                                                                                                                                                                                                                            PID:1552
                                                                                                                                                                                                                          • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                            "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                            6⤵
                                                                                                                                                                                                                              PID:3060
                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Roaming\InstallDir\Svhost.exe
                                                                                                                                                                                                                              "C:\Users\Admin\AppData\Roaming\InstallDir\Svhost.exe"
                                                                                                                                                                                                                              6⤵
                                                                                                                                                                                                                                PID:2524
                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\InstallDir\Svhost.exe
                                                                                                                                                                                                                                  C:\Users\Admin\AppData\Roaming\InstallDir\Svhost.exe
                                                                                                                                                                                                                                  7⤵
                                                                                                                                                                                                                                    PID:2204
                                                                                                                                                                                                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                      "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                      8⤵
                                                                                                                                                                                                                                        PID:1724
                                                                                                                                                                                                                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                        8⤵
                                                                                                                                                                                                                                          PID:704
                                                                                                                                                                                                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                          8⤵
                                                                                                                                                                                                                                            PID:1468
                                                                                                                                                                                                                                          • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                            "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                            8⤵
                                                                                                                                                                                                                                              PID:2172
                                                                                                                                                                                                                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                              "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                              8⤵
                                                                                                                                                                                                                                                PID:1100
                                                                                                                                                                                                                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                8⤵
                                                                                                                                                                                                                                                  PID:664
                                                                                                                                                                                                                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                  8⤵
                                                                                                                                                                                                                                                    PID:2732
                                                                                                                                                                                                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                    8⤵
                                                                                                                                                                                                                                                      PID:1544
                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                      "C:\Users\Admin\AppData\Roaming\InstallDir\Svhost.exe"
                                                                                                                                                                                                                                                      8⤵
                                                                                                                                                                                                                                                        PID:2524
                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Roaming\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Roaming\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                          9⤵
                                                                                                                                                                                                                                                            PID:3216
                                                                                                                                                                                                                                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                              "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                PID:3320
                                                                                                                                                                                                                                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                  PID:3344
                                                                                                                                                                                                                                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                    PID:3392
                                                                                                                                                                                                                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                      PID:3428
                                                                                                                                                                                                                                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                      "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                        PID:3460
                                                                                                                                                                                                                                                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                          PID:3528
                                                                                                                                                                                                                                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                            PID:3588
                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                "C:\Windows\system32\InstallDir\Svhost.exe"
                                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                                • Executes dropped EXE
                                                                                                                                                                                                                                                                • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                                                PID:2764
                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                  C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                  5⤵
                                                                                                                                                                                                                                                                  • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                  • Adds policy Run key to start application
                                                                                                                                                                                                                                                                  • Modifies Installed Components in the registry
                                                                                                                                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                                                                                                                                  • Adds Run key to start application
                                                                                                                                                                                                                                                                  • Drops file in System32 directory
                                                                                                                                                                                                                                                                  PID:1852
                                                                                                                                                                                                                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                    6⤵
                                                                                                                                                                                                                                                                      PID:908
                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                      explorer.exe
                                                                                                                                                                                                                                                                      6⤵
                                                                                                                                                                                                                                                                        PID:1904
                                                                                                                                                                                                                                                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                        6⤵
                                                                                                                                                                                                                                                                          PID:2016
                                                                                                                                                                                                                                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                          6⤵
                                                                                                                                                                                                                                                                            PID:1740
                                                                                                                                                                                                                                                                          • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                            "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                            6⤵
                                                                                                                                                                                                                                                                              PID:2964
                                                                                                                                                                                                                                                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                              "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                              6⤵
                                                                                                                                                                                                                                                                                PID:2060
                                                                                                                                                                                                                                                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                6⤵
                                                                                                                                                                                                                                                                                  PID:2768
                                                                                                                                                                                                                                                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                  6⤵
                                                                                                                                                                                                                                                                                    PID:324
                                                                                                                                                                                                                                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                    6⤵
                                                                                                                                                                                                                                                                                      PID:2164
                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                      "C:\Users\Admin\AppData\Roaming\InstallDir\Svhost.exe"
                                                                                                                                                                                                                                                                                      6⤵
                                                                                                                                                                                                                                                                                        PID:448
                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Roaming\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                          C:\Users\Admin\AppData\Roaming\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                          7⤵
                                                                                                                                                                                                                                                                                            PID:2948
                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                      "C:\Windows\system32\InstallDir\Svhost.exe"
                                                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                                                        PID:2664
                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                          C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                          5⤵
                                                                                                                                                                                                                                                                                            PID:1708
                                                                                                                                                                                                                                                                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                              "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                              6⤵
                                                                                                                                                                                                                                                                                                PID:1580
                                                                                                                                                                                                                                                                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                6⤵
                                                                                                                                                                                                                                                                                                  PID:2244
                                                                                                                                                                                                                                                                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                  6⤵
                                                                                                                                                                                                                                                                                                    PID:2664
                                                                                                                                                                                                                                                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                    6⤵
                                                                                                                                                                                                                                                                                                      PID:1856
                                                                                                                                                                                                                                                                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                      "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                      6⤵
                                                                                                                                                                                                                                                                                                        PID:2284
                                                                                                                                                                                                                                                                                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                        6⤵
                                                                                                                                                                                                                                                                                                          PID:2160
                                                                                                                                                                                                                                                                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                          6⤵
                                                                                                                                                                                                                                                                                                            PID:2232
                                                                                                                                                                                                                                                                                                          • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                            "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                            6⤵
                                                                                                                                                                                                                                                                                                              PID:3076
                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                              "C:\Windows\SysWOW64\InstallDir\Svhost.exe"
                                                                                                                                                                                                                                                                                                              6⤵
                                                                                                                                                                                                                                                                                                                PID:3088
                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                  C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                  7⤵
                                                                                                                                                                                                                                                                                                                    PID:3384
                                                                                                                                                                                                                                                                                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                      "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                      8⤵
                                                                                                                                                                                                                                                                                                                        PID:3508
                                                                                                                                                                                                                                                                                                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                        8⤵
                                                                                                                                                                                                                                                                                                                          PID:3556
                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                          8⤵
                                                                                                                                                                                                                                                                                                                            PID:3624
                                                                                                                                                                                                                                                                                                                          • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                            "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                            8⤵
                                                                                                                                                                                                                                                                                                                              PID:3684
                                                                                                                                                                                                                                                                                                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                              "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                              8⤵
                                                                                                                                                                                                                                                                                                                                PID:3736
                                                                                                                                                                                                                                                                                                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                8⤵
                                                                                                                                                                                                                                                                                                                                  PID:3796
                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\InstallDir\Svhost.exe"
                                                                                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                                                                                            PID:768
                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                              C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                              5⤵
                                                                                                                                                                                                                                                                                                                                PID:3096
                                                                                                                                                                                                                                                                                                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                  6⤵
                                                                                                                                                                                                                                                                                                                                    PID:3180
                                                                                                                                                                                                                                                                                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                    6⤵
                                                                                                                                                                                                                                                                                                                                      PID:3200
                                                                                                                                                                                                                                                                                                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                      "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                      6⤵
                                                                                                                                                                                                                                                                                                                                        PID:3208
                                                                                                                                                                                                                                                                                                                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                        6⤵
                                                                                                                                                                                                                                                                                                                                          PID:3232
                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                          6⤵
                                                                                                                                                                                                                                                                                                                                            PID:3272
                                                                                                                                                                                                                                                                                                                                          • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                            "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                            6⤵
                                                                                                                                                                                                                                                                                                                                              PID:3300
                                                                                                                                                                                                                                                                                                                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                              "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                              6⤵
                                                                                                                                                                                                                                                                                                                                                PID:3328
                                                                                                                                                                                                                                                                                                                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                6⤵
                                                                                                                                                                                                                                                                                                                                                  PID:3352
                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\SysWOW64\InstallDir\Svhost.exe"
                                                                                                                                                                                                                                                                                                                                                  6⤵
                                                                                                                                                                                                                                                                                                                                                    PID:3372
                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                      C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                      7⤵
                                                                                                                                                                                                                                                                                                                                                        PID:3572
                                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                          8⤵
                                                                                                                                                                                                                                                                                                                                                            PID:3716
                                                                                                                                                                                                                                                                                                                                                          • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                            "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                            8⤵
                                                                                                                                                                                                                                                                                                                                                              PID:3764
                                                                                                                                                                                                                                                                                                                                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                              "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                              8⤵
                                                                                                                                                                                                                                                                                                                                                                PID:3828
                                                                                                                                                                                                                                                                                                                                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                8⤵
                                                                                                                                                                                                                                                                                                                                                                  PID:3868
                                                                                                                                                                                                                                                                                                                                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                  8⤵
                                                                                                                                                                                                                                                                                                                                                                    PID:3900
                                                                                                                                                                                                                                                                                                                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                    8⤵
                                                                                                                                                                                                                                                                                                                                                                      PID:3932
                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                      "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                      8⤵
                                                                                                                                                                                                                                                                                                                                                                        PID:3968
                                                                                                                                                                                                                                                                                                                                                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                        8⤵
                                                                                                                                                                                                                                                                                                                                                                          PID:4012
                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\SysWOW64\InstallDir\Svhost.exe"
                                                                                                                                                                                                                                                                                                                                                                          8⤵
                                                                                                                                                                                                                                                                                                                                                                            PID:4028
                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                              9⤵
                                                                                                                                                                                                                                                                                                                                                                                PID:3168
                                                                                                                                                                                                                                                                                                                                                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                    PID:3552
                                                                                                                                                                                                                                                                                                                                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                    10⤵
                                                                                                                                                                                                                                                                                                                                                                                      PID:3604
                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                      "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                      10⤵
                                                                                                                                                                                                                                                                                                                                                                                        PID:3220
                                                                                                                                                                                                                                                                                                                                                                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                          PID:3660
                                                                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                          10⤵
                                                                                                                                                                                                                                                                                                                                                                                            PID:3676
                                                                                                                                                                                                                                                                                                                                                                                          • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                            "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                            10⤵
                                                                                                                                                                                                                                                                                                                                                                                              PID:3776
                                                                                                                                                                                                                                                                                                                                                                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                              "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                              10⤵
                                                                                                                                                                                                                                                                                                                                                                                                PID:3388
                                                                                                                                                                                                                                                                                                                                                                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                10⤵
                                                                                                                                                                                                                                                                                                                                                                                                  PID:936
                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\SysWOW64\InstallDir\Svhost.exe"
                                                                                                                                                                                                                                                                                                                                                                                                  10⤵
                                                                                                                                                                                                                                                                                                                                                                                                    PID:3472
                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                      11⤵
                                                                                                                                                                                                                                                                                                                                                                                                        PID:3608
                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                          12⤵
                                                                                                                                                                                                                                                                                                                                                                                                            PID:3424
                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                            12⤵
                                                                                                                                                                                                                                                                                                                                                                                                              PID:3264
                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                              12⤵
                                                                                                                                                                                                                                                                                                                                                                                                                PID:3096
                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                12⤵
                                                                                                                                                                                                                                                                                                                                                                                                                  PID:3744
                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                  12⤵
                                                                                                                                                                                                                                                                                                                                                                                                                    PID:3772
                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                    12⤵
                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2496
                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                      12⤵
                                                                                                                                                                                                                                                                                                                                                                                                                        PID:3124
                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                        12⤵
                                                                                                                                                                                                                                                                                                                                                                                                                          PID:3416
                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\InstallDir\Svhost.exe"
                                                                                                                                                                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                                                                                                                                                                            PID:3160
                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                              5⤵
                                                                                                                                                                                                                                                                                                                                                                                                                PID:3472
                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                  6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                    PID:3652
                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                    6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                      PID:3696
                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                      6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                        PID:3756
                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                        6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                          PID:3820
                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                          6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                            PID:3860
                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                            6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                              PID:3892
                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                              6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                PID:3924
                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:3960
                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\SysWOW64\InstallDir\Svhost.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                  6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:3980
                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      7⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:3188
                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\InstallDir\Svhost.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:3364
                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                      5⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:3728
                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                          6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:3852
                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                            6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:3884
                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                              6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:3908
                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:3952
                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                  6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:4000
                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                    6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:4036
                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                      6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:4052
                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                        6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:4060
                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\SysWOW64\InstallDir\Svhost.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                          6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:4072
                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                              7⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:3160
                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\InstallDir\Svhost.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:3988
                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                              C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                              5⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:4088
                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:3156
                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:3244
                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:3256
                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:1852
                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:3316
                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:3408
                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:3224
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:3468
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\SysWOW64\InstallDir\Svhost.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:3504
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 196
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      7⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Program crash
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:3544
                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Windows\system32\InstallDir\Svhost.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:3120
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    5⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:3712
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:4068
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:3104
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:3988
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:3148
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:3288
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:3420
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:1984
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:3584
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Windows\SysWOW64\InstallDir\Svhost.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:3020
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\system32\InstallDir\Svhost.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:3340
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          5⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:3744
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2012
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:3128
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1992
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:1924
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:3980
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:3456
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:3500
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:3596
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Windows\SysWOW64\InstallDir\Svhost.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:3308
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Windows\system32\InstallDir\Svhost.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:3804
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                5⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:3132
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:3140
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:4076
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:3092
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:3944
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:3996
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:4084
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:3804
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\SysWOW64\InstallDir\Svhost.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:3712
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:4020
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Windows\system32\InstallDir\Svhost.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:3112
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      5⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2280
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:3540
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:3816
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:4044
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:3792
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:3976
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:3940
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:3116
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:3284
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Windows\system32\InstallDir\Svhost.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:3488
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          5⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:4008
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\InstallDir\Svhost.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:3984
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2260
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Deletes itself
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2800
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:2536
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2648
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1628
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2844
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2556
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2988
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2668
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Windows\system32\InstallDir\Svhost.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          3⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Suspicious use of WriteProcessMemory
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2644
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Adds policy Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Modifies Installed Components in the registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Loads dropped DLL
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2492
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              5⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1520
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Windows\SysWOW64\explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                explorer.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                5⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2412
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                5⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1384
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  5⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:552
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    5⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:300
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      5⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:1252
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        5⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:1644
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          5⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2420
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            5⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:1596
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Roaming\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Users\Admin\AppData\Roaming\InstallDir\Svhost.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              5⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:1504
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Roaming\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                6⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Adds policy Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Modifies Installed Components in the registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2424
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  7⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2376
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    7⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:2568
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      7⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2512
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        7⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:1224
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          7⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2468
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            7⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:1168
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              7⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1796
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                7⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:2488
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Users\Admin\AppData\Roaming\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Users\Admin\AppData\Roaming\InstallDir\Svhost.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  7⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:808
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Users\Admin\AppData\Roaming\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    C:\Users\Admin\AppData\Roaming\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    8⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Adds policy Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Modifies Installed Components in the registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1284
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      9⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:1692
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        9⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:944
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          9⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:776
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            9⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:1864
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              9⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:1480
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                9⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:1264
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  9⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1216
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    9⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:1444
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Users\Admin\AppData\Roaming\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Users\Admin\AppData\Roaming\InstallDir\Svhost.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      9⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:904
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Users\Admin\AppData\Roaming\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        C:\Users\Admin\AppData\Roaming\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        10⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Adds policy Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Modifies Installed Components in the registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2400
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          11⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2584
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            11⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:2800
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              11⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2992
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                11⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:2328
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  11⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2956
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    11⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:1656
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      11⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:108
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        11⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:1584
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Roaming\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Users\Admin\AppData\Roaming\InstallDir\Svhost.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          11⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2768
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Users\Admin\AppData\Roaming\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            C:\Users\Admin\AppData\Roaming\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            12⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Adds policy Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Modifies Installed Components in the registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:692
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              13⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2480
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                13⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  PID:3012
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  13⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:1884
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    13⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:1316
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      13⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2196
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        13⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:2116
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          13⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            PID:2476
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            13⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:2904
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Roaming\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              "C:\Users\Admin\AppData\Roaming\InstallDir\Svhost.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              13⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • Suspicious use of SetThreadContext
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              PID:1016
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                C:\Users\Admin\AppData\Roaming\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                14⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Modifies WinLogon for persistence
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Adds policy Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Modifies Installed Components in the registry
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Executes dropped EXE
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Adds Run key to start application
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • Drops file in System32 directory
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                PID:2340
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  15⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    PID:2100
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    15⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      PID:1608
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      15⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        PID:2916
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      • C:\Program Files\Internet Explorer\iexplore.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        "C:\Program Files\Internet Explorer\iexplore.exe"
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        15⤵
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          PID:1756

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Network

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            MITRE ATT&CK Enterprise v15

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Replay Monitor

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Loading Replay Monitor...

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            Downloads

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Roaming\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              576KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              e4aba557d8654a6a2dd7eeb0c99bbb44

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              4465668e32efe4d5b6fb0d694871c75d572da9ad

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              ee06608ac1137e6114594a511feeff54554e0dec8eef7472ef17c0a5409a9d55

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              fceccd4622bdcd6e62e42aaf1813435068112722ba9f133ac2c96dc5164075d73adce7ea9b6e54efcd868dc7abef0186689dd99702fbe4c41df5ba91b64850c9

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\((Mutex)).cfg
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              2d406af19d5440406488622b736a4f5a

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              c7b2dee5c14298cc1bc412fc0ac79ff8ab95d8cb

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              9cdd2dce1dc379cb781f3e10b50500250dc2c2f57bd292beb1a2c5d7bbdc6a1b

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              1e462ba1dd6121b47e3e23409edfd35b03620e6db3e2cdb1893b3595900566846b8bd0a5091eb5e6b57b60cb16d95981ff9f20bfc684ed8a20b438ee4c6fad4d

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              64KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              ef1da37a1488a2dd0205a87b6e81822e

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              a5a161db43c5e06f836fd8be2776e5c0a70e9848

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              558375823cc8f1e9b9065b53bedf44c96ad60ce64aa0de946f8ce6548a8364ef

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              435488d21a95c9a434d578c4d808cd99806eca8f93161960557c4f012accfae38fed80b0fb8dd0b1727a5c30b3689e75367796b4a0c42532a216bb380d002cd1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • C:\Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              638KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              68a4619be1f3efcc95a4fac79b12544b

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              305a32c6ac58a4daec2edd4f91c7dea9f9fccd41

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              acd10a5e1a34f66e757669ebc7c4edf73d8a8adf6df73f7618edcc564a3c894c

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              74d8b1153201c3a9b80270145350cbb90fa8143c203c36bcb480270479298b885811a94c05a333e0d638d6a926e3457e8260c9e6ff9eac3e21e00226eee7922b

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • \Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              320KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              0a1bfaba8f8c4b45ce90f4df8938cc2f

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              8a1f92bdddb04d2e565c057178095917a1f1806e

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              c81478c697df8a6bfad72f6f168c9702507e473c2d4effbd32b0e8301ec965db

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              4c29cedc4f8503a97a430e894df5fff94f9106eb197fb3b1668c29d13d592e78c99bddb4d199a0428e78c596a5ef25fcbe04c36514c337411d6553d0d0569f47

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • \Windows\SysWOW64\InstallDir\Svhost.exe
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              128KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              MD5

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              11a8764f91d7d77eb5702e9fb2ec3c8a

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              SHA1

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              6491f4d25fa60e6acc0ec2a205909e37e0a05c48

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              SHA256

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              8b51369b246c9965745ed5e8421b5d9c11171ef5171e3e7a685ef55e26d8a374

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              SHA512

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              cf3963886455ec4b4b904932523e2c0814eba6d6c17e32165c76b4925579561e6730c7e6fe52de0ee5fd54612c271a685af8fa7162930608af010942e10bae66

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download Submit

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/324-372-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/768-599-0x0000000000260000-0x0000000000261000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/808-123-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/904-164-0x00000000001B0000-0x00000000001B1000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/960-120-0x00000000001C0000-0x00000000001C1000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/1016-309-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/1016-497-0x0000000000480000-0x0000000000481000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/1468-232-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/1504-67-0x00000000001B0000-0x00000000001B1000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/1504-94-0x0000000010000000-0x0000000010097000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              604KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/1580-443-0x0000000000330000-0x0000000000331000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/1684-354-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/1688-287-0x00000000001C0000-0x00000000001C1000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/1708-480-0x0000000000310000-0x0000000000311000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/1724-162-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/1880-158-0x0000000000480000-0x0000000000481000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/1904-567-0x0000000000C80000-0x0000000000CA8000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              160KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/1920-104-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/1944-0-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/1944-10-0x0000000010000000-0x0000000010097000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              604KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/1976-396-0x0000000000C80000-0x0000000000CA8000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              160KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/2012-250-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/2060-496-0x00000000001B0000-0x00000000001B1000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/2132-271-0x0000000000530000-0x0000000000531000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/2340-11-0x0000000000C80000-0x0000000000CA8000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              160KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/2340-7-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/2340-6-0x0000000000C80000-0x0000000000CA8000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              160KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/2340-12-0x0000000000C80000-0x0000000000CA8000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              160KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/2340-13-0x0000000000C80000-0x0000000000CA8000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              160KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/2340-4-0x0000000000C80000-0x0000000000CA8000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              160KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/2340-2-0x0000000000C80000-0x0000000000CA8000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              160KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/2340-1-0x0000000000C80000-0x0000000000CA8000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              160KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/2412-53-0x0000000000C80000-0x0000000000CA8000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              160KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/2604-214-0x00000000002B0000-0x00000000002B1000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/2644-42-0x0000000010000000-0x0000000010097000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              604KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/2644-30-0x0000000000320000-0x0000000000321000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/2664-568-0x0000000000540000-0x0000000000541000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/2712-520-0x0000000000C80000-0x0000000000CA8000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              160KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/2756-22-0x0000000000C80000-0x0000000000CA8000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              160KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/2764-544-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/2768-234-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/2788-78-0x0000000010000000-0x0000000010097000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              604KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/2788-57-0x0000000000230000-0x0000000000231000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/2800-26-0x0000000000C80000-0x0000000000CA8000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              160KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/2920-289-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/2936-373-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/2964-449-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/2980-543-0x0000000000C80000-0x0000000000CA8000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              160KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/3036-419-0x0000000000C80000-0x0000000000CA8000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              160KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/3068-442-0x0000000000C80000-0x0000000000CA8000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              160KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/3120-715-0x00000000002A0000-0x00000000002A1000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/3160-621-0x0000000000300000-0x0000000000301000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/3308-806-0x0000000000230000-0x0000000000231000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/3340-736-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/3364-637-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/3472-787-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/3488-805-0x00000000001B0000-0x00000000001B1000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/3504-746-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/3712-837-0x00000000001B0000-0x00000000001B1000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/3804-771-0x0000000000220000-0x0000000000221000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/3980-699-0x00000000001B0000-0x00000000001B1000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/3988-698-0x00000000001B0000-0x00000000001B1000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/4028-700-0x0000000000330000-0x0000000000331000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            • memory/4072-701-0x00000000001B0000-0x00000000001B1000-memory.dmp

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Filesize

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              4KB

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              Download