xtremerat | ba7d960521c3c9a912e49973443180266fadfc366ca3aa0b5211e0673cb976aa

Analysis

max time kernel
22s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/01/2024, 11:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

773da871b8296896ffccb40b5c9bd6fc.exe
Size

196KB
MD5

773da871b8296896ffccb40b5c9bd6fc
SHA1

0060f821272f2d8baa30a91e13dabc4bf72d3289
SHA256

ba7d960521c3c9a912e49973443180266fadfc366ca3aa0b5211e0673cb976aa
SHA512

7f8f2d51b0ac63b1d63110996499ddc8df0b3600033822b70e52599525c74e5bc9815de9035c1d990a9764f1a1e9e880f014ce6ae7a32e94a26cec080242e20c
SSDEEP

3072:X/oqgU0ATDs5uHBRI04GIrA+adNbZzXF8v:XwqgU0AsUoPGljXRI

Score

10^/10

xtremerat bootkit persistence rat spyware

Malware Config

Signatures

Detect XtremeRAT payload 37 IoCs

resource	yara_rule
behavioral1/memory/604-19-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/604-20-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/604-21-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/604-22-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/604-23-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/604-26-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/604-27-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/604-28-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/604-31-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2720-39-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/604-44-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2024-86-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/328-124-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2024-131-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/328-161-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2960-191-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1920-216-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1740-251-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2960-267-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1920-285-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2564-302-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1740-319-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1148-377-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2564-370-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1672-422-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1148-441-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/796-468-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1928-479-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1672-502-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1928-503-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/796-515-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1908-583-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2448-634-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1908-642-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/1556-721-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2788-702-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat
behavioral1/memory/2448-746-0x0000000000C80000-0x0000000000C92000-memory.dmp	family_xtremerat

XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
persistence spyware rat xtremerat

Modifies Installed Components in the registry 2 TTPs 6 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}	773da871b8296896ffccb40b5c9bd6fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe restart"	773da871b8296896ffccb40b5c9bd6fc.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe"	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}	hub.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{76055I7P-10JC-TL3A-WQ11-87M7504C1617}\StubPath = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe restart"	hub.exe

Executes dropped EXE 4 IoCs

pid	Process
2780	hub.exe
2584	hub.exe
2700	hub.exe
2024	hub.exe

Loads dropped DLL 6 IoCs

pid	Process
604	773da871b8296896ffccb40b5c9bd6fc.exe
604	773da871b8296896ffccb40b5c9bd6fc.exe
2720	svchost.exe
2720	svchost.exe
2780	hub.exe
2700	hub.exe

Adds Run key to start application 2 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe"	773da871b8296896ffccb40b5c9bd6fc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe"	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\HKLM = "C:\\Users\\Admin\\AppData\\Local\\Temp\\InstallDir\\hub.exe"	hub.exe

Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	773da871b8296896ffccb40b5c9bd6fc.exe
File opened for modification	\??\PhysicalDrive0	hub.exe

Suspicious use of SetThreadContext 4 IoCs

description	pid	Process	procid_target
PID 2976 set thread context of 3040	2976	773da871b8296896ffccb40b5c9bd6fc.exe	28
PID 3040 set thread context of 604	3040	773da871b8296896ffccb40b5c9bd6fc.exe	29
PID 2780 set thread context of 2700	2780	hub.exe	41
PID 2700 set thread context of 2024	2700	hub.exe	42

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
2976	773da871b8296896ffccb40b5c9bd6fc.exe
3040	773da871b8296896ffccb40b5c9bd6fc.exe
2780	hub.exe
2584	hub.exe
2700	hub.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2976 wrote to memory of 3040	2976	773da871b8296896ffccb40b5c9bd6fc.exe	28
PID 2976 wrote to memory of 3040	2976	773da871b8296896ffccb40b5c9bd6fc.exe	28
PID 2976 wrote to memory of 3040	2976	773da871b8296896ffccb40b5c9bd6fc.exe	28
PID 2976 wrote to memory of 3040	2976	773da871b8296896ffccb40b5c9bd6fc.exe	28
PID 2976 wrote to memory of 3040	2976	773da871b8296896ffccb40b5c9bd6fc.exe	28
PID 2976 wrote to memory of 3040	2976	773da871b8296896ffccb40b5c9bd6fc.exe	28
PID 2976 wrote to memory of 3040	2976	773da871b8296896ffccb40b5c9bd6fc.exe	28
PID 2976 wrote to memory of 3040	2976	773da871b8296896ffccb40b5c9bd6fc.exe	28
PID 2976 wrote to memory of 3040	2976	773da871b8296896ffccb40b5c9bd6fc.exe	28
PID 3040 wrote to memory of 604	3040	773da871b8296896ffccb40b5c9bd6fc.exe	29
PID 3040 wrote to memory of 604	3040	773da871b8296896ffccb40b5c9bd6fc.exe	29
PID 3040 wrote to memory of 604	3040	773da871b8296896ffccb40b5c9bd6fc.exe	29
PID 3040 wrote to memory of 604	3040	773da871b8296896ffccb40b5c9bd6fc.exe	29
PID 3040 wrote to memory of 604	3040	773da871b8296896ffccb40b5c9bd6fc.exe	29
PID 3040 wrote to memory of 604	3040	773da871b8296896ffccb40b5c9bd6fc.exe	29
PID 3040 wrote to memory of 604	3040	773da871b8296896ffccb40b5c9bd6fc.exe	29
PID 3040 wrote to memory of 604	3040	773da871b8296896ffccb40b5c9bd6fc.exe	29
PID 3040 wrote to memory of 604	3040	773da871b8296896ffccb40b5c9bd6fc.exe	29
PID 3040 wrote to memory of 604	3040	773da871b8296896ffccb40b5c9bd6fc.exe	29
PID 3040 wrote to memory of 604	3040	773da871b8296896ffccb40b5c9bd6fc.exe	29
PID 3040 wrote to memory of 604	3040	773da871b8296896ffccb40b5c9bd6fc.exe	29
PID 604 wrote to memory of 2720	604	773da871b8296896ffccb40b5c9bd6fc.exe	30
PID 604 wrote to memory of 2720	604	773da871b8296896ffccb40b5c9bd6fc.exe	30
PID 604 wrote to memory of 2720	604	773da871b8296896ffccb40b5c9bd6fc.exe	30
PID 604 wrote to memory of 2720	604	773da871b8296896ffccb40b5c9bd6fc.exe	30
PID 604 wrote to memory of 2720	604	773da871b8296896ffccb40b5c9bd6fc.exe	30
PID 604 wrote to memory of 2856	604	773da871b8296896ffccb40b5c9bd6fc.exe	31
PID 604 wrote to memory of 2856	604	773da871b8296896ffccb40b5c9bd6fc.exe	31
PID 604 wrote to memory of 2856	604	773da871b8296896ffccb40b5c9bd6fc.exe	31
PID 604 wrote to memory of 2856	604	773da871b8296896ffccb40b5c9bd6fc.exe	31
PID 604 wrote to memory of 2856	604	773da871b8296896ffccb40b5c9bd6fc.exe	31
PID 604 wrote to memory of 2884	604	773da871b8296896ffccb40b5c9bd6fc.exe	32
PID 604 wrote to memory of 2884	604	773da871b8296896ffccb40b5c9bd6fc.exe	32
PID 604 wrote to memory of 2884	604	773da871b8296896ffccb40b5c9bd6fc.exe	32
PID 604 wrote to memory of 2884	604	773da871b8296896ffccb40b5c9bd6fc.exe	32
PID 604 wrote to memory of 2884	604	773da871b8296896ffccb40b5c9bd6fc.exe	32
PID 604 wrote to memory of 2736	604	773da871b8296896ffccb40b5c9bd6fc.exe	33
PID 604 wrote to memory of 2736	604	773da871b8296896ffccb40b5c9bd6fc.exe	33
PID 604 wrote to memory of 2736	604	773da871b8296896ffccb40b5c9bd6fc.exe	33
PID 604 wrote to memory of 2736	604	773da871b8296896ffccb40b5c9bd6fc.exe	33
PID 604 wrote to memory of 2736	604	773da871b8296896ffccb40b5c9bd6fc.exe	33
PID 604 wrote to memory of 2828	604	773da871b8296896ffccb40b5c9bd6fc.exe	34
PID 604 wrote to memory of 2828	604	773da871b8296896ffccb40b5c9bd6fc.exe	34
PID 604 wrote to memory of 2828	604	773da871b8296896ffccb40b5c9bd6fc.exe	34
PID 604 wrote to memory of 2828	604	773da871b8296896ffccb40b5c9bd6fc.exe	34
PID 604 wrote to memory of 2828	604	773da871b8296896ffccb40b5c9bd6fc.exe	34
PID 604 wrote to memory of 2704	604	773da871b8296896ffccb40b5c9bd6fc.exe	35
PID 604 wrote to memory of 2704	604	773da871b8296896ffccb40b5c9bd6fc.exe	35
PID 604 wrote to memory of 2704	604	773da871b8296896ffccb40b5c9bd6fc.exe	35
PID 604 wrote to memory of 2704	604	773da871b8296896ffccb40b5c9bd6fc.exe	35
PID 604 wrote to memory of 2704	604	773da871b8296896ffccb40b5c9bd6fc.exe	35
PID 604 wrote to memory of 2712	604	773da871b8296896ffccb40b5c9bd6fc.exe	36
PID 604 wrote to memory of 2712	604	773da871b8296896ffccb40b5c9bd6fc.exe	36
PID 604 wrote to memory of 2712	604	773da871b8296896ffccb40b5c9bd6fc.exe	36
PID 604 wrote to memory of 2712	604	773da871b8296896ffccb40b5c9bd6fc.exe	36
PID 604 wrote to memory of 2712	604	773da871b8296896ffccb40b5c9bd6fc.exe	36
PID 604 wrote to memory of 2588	604	773da871b8296896ffccb40b5c9bd6fc.exe	37
PID 604 wrote to memory of 2588	604	773da871b8296896ffccb40b5c9bd6fc.exe	37
PID 604 wrote to memory of 2588	604	773da871b8296896ffccb40b5c9bd6fc.exe	37
PID 604 wrote to memory of 2588	604	773da871b8296896ffccb40b5c9bd6fc.exe	37
PID 604 wrote to memory of 2588	604	773da871b8296896ffccb40b5c9bd6fc.exe	37
PID 604 wrote to memory of 2936	604	773da871b8296896ffccb40b5c9bd6fc.exe	38
PID 604 wrote to memory of 2936	604	773da871b8296896ffccb40b5c9bd6fc.exe	38
PID 604 wrote to memory of 2936	604	773da871b8296896ffccb40b5c9bd6fc.exe	38

C:\Users\Admin\AppData\Local\Temp\773da871b8296896ffccb40b5c9bd6fc.exe
"C:\Users\Admin\AppData\Local\Temp\773da871b8296896ffccb40b5c9bd6fc.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2976
- C:\Users\Admin\AppData\Local\Temp\773da871b8296896ffccb40b5c9bd6fc.exe
  "C:\Users\Admin\AppData\Local\Temp\773da871b8296896ffccb40b5c9bd6fc.exe"
  2⤵
  - Writes to the Master Boot Record (MBR)
  - Suspicious use of SetThreadContext
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3040
- - C:\Users\Admin\AppData\Local\Temp\773da871b8296896ffccb40b5c9bd6fc.exe
    "C:\Users\Admin\AppData\Local\Temp\773da871b8296896ffccb40b5c9bd6fc.exe"
    3⤵
    - Modifies Installed Components in the registry
    - Loads dropped DLL
    - Adds Run key to start application
    - Suspicious use of WriteProcessMemory
    PID:604
  - - C:\Windows\SysWOW64\svchost.exe
      svchost.exe
      4⤵
      Modifies Installed Components in the registry
      Loads dropped DLL
      Adds Run key to start application
      PID:2720
    - - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2584
      - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        6⤵
        
        PID:524
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        7⤵
        
        PID:328
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1664
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2568
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2680
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2324
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2156
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2368
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2776
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:584
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        8⤵
        
        PID:820
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        9⤵
        
        PID:2444
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        10⤵
        
        PID:2564
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:752
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:1680
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:612
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:272
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2756
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2248
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:440
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2484
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        11⤵
        
        PID:2328
    - - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        5⤵
        
        PID:2036
      - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        6⤵
        
        PID:2356
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        7⤵
        
        PID:2960
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1616
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2144
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1600
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:772
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2276
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3000
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2200
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2660
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        8⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        9⤵
        
        PID:2792
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        10⤵
        
        PID:1928
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2412
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2016
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:1232
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:332
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2988
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:1488
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        11⤵
        
        PID:2616
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        12⤵
        
        PID:800
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        13⤵
        
        PID:1652
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:1308
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2668
    - - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        5⤵
        
        PID:2316
      - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        6⤵
        
        PID:864
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        7⤵
        
        PID:1740
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2168
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3044
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2272
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2600
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2640
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2780
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2508
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:444
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        8⤵
        
        PID:1668
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        9⤵
        
        PID:832
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        10⤵
        
        PID:1672
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:1088
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:1532
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2340
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:1332
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2904
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2648
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2372
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        11⤵
        
        PID:2380
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2148
    - - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        5⤵
        
        PID:2304
      - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        6⤵
        
        PID:1952
    - - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        5⤵
        
        PID:2904
      - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        6⤵
        
        PID:952
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        7⤵
        
        PID:1148
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2012
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1456
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1700
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2556
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1528
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3056
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1172
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2844
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        8⤵
        
        PID:1372
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        9⤵
        
        PID:1396
    - - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        5⤵
        
        PID:700
      - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        6⤵
        
        PID:1924
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        7⤵
        
        PID:796
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1936
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2300
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:640
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:632
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2112
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2920
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1668
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1816
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        8⤵
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        9⤵
        
        PID:2260
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        10⤵
        
        PID:1908
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2196
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2932
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2992
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:1696
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2796
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:1672
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2860
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:988
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        11⤵
        
        PID:932
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        12⤵
        
        PID:2232
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        13⤵
        
        PID:2548
    - - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        5⤵
        
        PID:1340
      - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        6⤵
        
        PID:2604
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        7⤵
        
        PID:2788
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1372
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:944
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1944
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:912
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1404
    - - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        5⤵
        
        PID:2760
      - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        6⤵
        
        PID:1992
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        7⤵
        
        PID:1556
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3016
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1912
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1060
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2004
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2240
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2080
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1604
    - - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        5⤵
        
        PID:456
    - - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        5⤵
        
        PID:932
      - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        6⤵
        
        PID:2716
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        7⤵
        
        PID:2812
    - - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        5⤵
        
        PID:1736
    - - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        5⤵
        
        PID:1944
      - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        6⤵
        
        PID:1144
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        7⤵
        
        PID:2448
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2376
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1108
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:676
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2940
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1112
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1928
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2120
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2264
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        8⤵
        
        PID:1140
    - - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        5⤵
        
        PID:1536
    - - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        5⤵
        
        PID:2896
    - - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        5⤵
        
        PID:2544
      - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        6⤵
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        7⤵
        
        PID:824
    - - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        5⤵
        
        PID:1104
    - - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        5⤵
        
        PID:2584
      - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        6⤵
        
        PID:2332
    - - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        5⤵
        
        PID:1940
    - - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        5⤵
        
        PID:1148
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:2856
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:2884
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:2736
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:2828
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:2704
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:2712
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:2588
  - - C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe"
      4⤵
      PID:2936
  - - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
      "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetThreadContext
      Suspicious use of SetWindowsHookEx
      PID:2780
    - - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2700
      - C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        6⤵
        Modifies Installed Components in the registry
        Executes dropped EXE
        Adds Run key to start application
        
        PID:2024
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:2524
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:2512
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:1972
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:2040
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:2020
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:1460
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:304
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:1860
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        7⤵
        
        PID:2808
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        8⤵
        
        PID:688
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        9⤵
        
        PID:1920
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1880
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2440
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2664
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2500
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2768
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2740
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2636
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2212
        
        C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe
        
        "C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe"
        10⤵
        
        PID:1072

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\InstallDir\hub.exe

Filesize
196KB

MD5
773da871b8296896ffccb40b5c9bd6fc

SHA1
0060f821272f2d8baa30a91e13dabc4bf72d3289

SHA256
ba7d960521c3c9a912e49973443180266fadfc366ca3aa0b5211e0673cb976aa

SHA512
7f8f2d51b0ac63b1d63110996499ddc8df0b3600033822b70e52599525c74e5bc9815de9035c1d990a9764f1a1e9e880f014ce6ae7a32e94a26cec080242e20c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\nhk7zhmn.cfg

Filesize
1KB

MD5
9e0b41b27b0acdbe7301109e6e678001

SHA1
2851d407bb5c707c32115d18e9f15665e5c36c92

SHA256
ce4e87ac27537b6eb44f883197d60cb8ac35810e70245bd08e710b09ef47bbc6

SHA512
c45158eedb468da552635173cb3f7e08419786219f73b3f9f798804327088c484b2bb0d3da10c9f6719621b2fc69299539263788961b0a20a03a61a092625652

Download Submit
memory/328-161-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/328-124-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/524-127-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/604-19-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/604-17-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/604-44-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/604-20-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/604-21-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/604-22-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/604-23-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/604-26-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/604-27-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/604-28-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/604-18-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/604-31-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/688-372-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/796-515-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/796-468-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/832-421-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/864-450-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/952-374-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/1144-630-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/1148-377-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1148-441-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1556-721-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1672-422-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1672-502-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1740-319-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1740-251-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1908-642-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1908-583-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1920-216-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1920-285-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1924-478-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/1924-453-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/1928-503-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1928-479-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/1992-704-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/2024-131-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2024-86-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2232-714-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/2356-200-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/2444-475-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/2448-634-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2448-746-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2564-302-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2564-370-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2700-84-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/2720-39-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2788-702-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2792-486-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/2960-267-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/2960-191-0x0000000000C80000-0x0000000000C92000-memory.dmp

Filesize
72KB

Download
memory/3036-742-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/3040-10-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/3040-12-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/3040-6-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/3040-2-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/3040-14-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/3040-4-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/3040-29-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads