xtremerat | 4820c9a787707d31ed70c14fb1b99adf71d1de5f8f9f562f8292289fc2e9f1e7

Analysis

max time kernel
149s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
19-06-2024 22:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe
Size

479KB
MD5

00f8af51c599a1c587db96baa968e306
SHA1

85cf2d60a0e9254792e2122b0fffb563ae36ccbb
SHA256

4820c9a787707d31ed70c14fb1b99adf71d1de5f8f9f562f8292289fc2e9f1e7
SHA512

846f42baea812e412021e47a94963edd05feabe2e6d3e0ee62cbcdd4c9af66659068e1c0027b0dd000d3902e928b92dc16c78fc972f8de3da3cfa8242fd59357
SSDEEP

12288:RJVVod+G5B3K4FAtuHF//6oExJ7f+qy+38u:Ryf5B35FA6F36oExpGEsu

Score

10^/10

xtremerat persistence rat spyware

Malware Config

Signatures

Detect XtremeRAT payload 12 IoCs

Processes:

resource	yara_rule
behavioral1/memory/1808-14-0x0000000000C80000-0x0000000000CBC000-memory.dmp	family_xtremerat
behavioral1/memory/1808-15-0x0000000000C80000-0x0000000000CBC000-memory.dmp	family_xtremerat
behavioral1/memory/1808-11-0x0000000000C80000-0x0000000000CBC000-memory.dmp	family_xtremerat
behavioral1/memory/1808-10-0x0000000000C80000-0x0000000000CBC000-memory.dmp	family_xtremerat
behavioral1/memory/1808-9-0x0000000000C80000-0x0000000000CBC000-memory.dmp	family_xtremerat
behavioral1/memory/1808-8-0x0000000000C80000-0x0000000000CBC000-memory.dmp	family_xtremerat
behavioral1/memory/1808-7-0x0000000000C80000-0x0000000000CBC000-memory.dmp	family_xtremerat
behavioral1/memory/1808-16-0x0000000000C80000-0x0000000000CBC000-memory.dmp	family_xtremerat
behavioral1/memory/2628-27-0x0000000000C80000-0x0000000000CBC000-memory.dmp	family_xtremerat
behavioral1/memory/2628-321-0x0000000002DF0000-0x0000000002E4B000-memory.dmp	family_xtremerat
behavioral1/memory/2628-437-0x0000000002E20000-0x0000000002E7B000-memory.dmp	family_xtremerat
behavioral1/memory/2628-727-0x0000000004610000-0x000000000466B000-memory.dmp	family_xtremerat

XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
persistence spyware rat xtremerat

Boot or Logon Autostart Execution: Active Setup 2 TTPs 64 IoCs

Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

persistence

Active Setup

T1547.014

Modify Registry

T1112

Processes:

rundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exe00f8af51c599a1c587db96baa968e306_JaffaCakes118.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exesvchost.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}\StubPath = "C:\\Windows\\Updater\\rundll.exe restart"	rundll.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}	rundll.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}	rundll.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}	rundll.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}	rundll.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}\StubPath = "C:\\Windows\\Updater\\rundll.exe restart"	rundll.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}\StubPath = "C:\\Windows\\Updater\\rundll.exe restart"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}\StubPath = "C:\\Windows\\Updater\\rundll.exe restart"	rundll.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}\StubPath = "C:\\Windows\\Updater\\rundll.exe restart"	rundll.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}	rundll.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}\StubPath = "C:\\Windows\\Updater\\rundll.exe restart"	rundll.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}\StubPath = "C:\\Windows\\Updater\\rundll.exe restart"	rundll.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}\StubPath = "C:\\Windows\\Updater\\rundll.exe restart"	rundll.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}\StubPath = "C:\\Windows\\Updater\\rundll.exe restart"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}\StubPath = "C:\\Windows\\Updater\\rundll.exe restart"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}\StubPath = "C:\\Windows\\Updater\\rundll.exe restart"	rundll.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}\StubPath = "C:\\Windows\\Updater\\rundll.exe restart"	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}\StubPath = "C:\\Windows\\Updater\\rundll.exe restart"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}\StubPath = "C:\\Windows\\Updater\\rundll.exe restart"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}\StubPath = "C:\\Windows\\Updater\\rundll.exe restart"	rundll.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}	rundll.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}	rundll.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}\StubPath = "C:\\Windows\\Updater\\rundll.exe"	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}\StubPath = "C:\\Windows\\Updater\\rundll.exe restart"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}\StubPath = "C:\\Windows\\Updater\\rundll.exe restart"	rundll.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}	rundll.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}\StubPath = "C:\\Windows\\Updater\\rundll.exe restart"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}\StubPath = "C:\\Windows\\Updater\\rundll.exe restart"	rundll.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}\StubPath = "C:\\Windows\\Updater\\rundll.exe restart"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}\StubPath = "C:\\Windows\\Updater\\rundll.exe restart"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}\StubPath = "C:\\Windows\\Updater\\rundll.exe restart"	rundll.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}\StubPath = "C:\\Windows\\Updater\\rundll.exe restart"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}\StubPath = "C:\\Windows\\Updater\\rundll.exe restart"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}\StubPath = "C:\\Windows\\Updater\\rundll.exe restart"	rundll.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}	rundll.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}\StubPath = "C:\\Windows\\Updater\\rundll.exe restart"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}\StubPath = "C:\\Windows\\Updater\\rundll.exe restart"	rundll.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}	rundll.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}\StubPath = "C:\\Windows\\Updater\\rundll.exe restart"	rundll.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}	rundll.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}\StubPath = "C:\\Windows\\Updater\\rundll.exe restart"	rundll.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}	rundll.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}	rundll.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}	rundll.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}\StubPath = "C:\\Windows\\Updater\\rundll.exe restart"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{013RC1Y6-Q78I-P1OY-81YD-00HNLUDGW1N4}\StubPath = "C:\\Windows\\Updater\\rundll.exe restart"	rundll.exe

Executes dropped EXE 64 IoCs

Processes:

rundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exe

pid	process
2460	rundll.exe
2436	rundll.exe
1932	rundll.exe
2292	rundll.exe
1916	rundll.exe
2812	rundll.exe
1816	rundll.exe
1040	rundll.exe
2140	rundll.exe
2252	rundll.exe
1532	rundll.exe
752	rundll.exe
2844	rundll.exe
2004	rundll.exe
2856	rundll.exe
1860	rundll.exe
2448	rundll.exe
2080	rundll.exe
2788	rundll.exe
1912	rundll.exe
2392	rundll.exe
1084	rundll.exe
1300	rundll.exe
2252	rundll.exe
3052	rundll.exe
2844	rundll.exe
2432	rundll.exe
2824	rundll.exe
1000	rundll.exe
1732	rundll.exe
1616	rundll.exe
1504	rundll.exe
1952	rundll.exe
1676	rundll.exe
2736	rundll.exe
2440	rundll.exe
576	rundll.exe
300	rundll.exe
2104	rundll.exe
1532	rundll.exe
988	rundll.exe
2372	rundll.exe
2064	rundll.exe
1732	rundll.exe
2492	rundll.exe
2328	rundll.exe
2380	rundll.exe
1776	rundll.exe
1844	rundll.exe
1368	rundll.exe
3160	rundll.exe
3272	rundll.exe
3300	rundll.exe
3464	rundll.exe
3492	rundll.exe
3652	rundll.exe
3824	rundll.exe
3924	rundll.exe
3972	rundll.exe
4056	rundll.exe
3076	rundll.exe
3356	rundll.exe
3584	rundll.exe
3568	rundll.exe

Loads dropped DLL 13 IoCs

Processes:

00f8af51c599a1c587db96baa968e306_JaffaCakes118.exesvchost.exe

pid	process
1808	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe
1808	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe
2628	svchost.exe
2628	svchost.exe
2628	svchost.exe
2628	svchost.exe
2628	svchost.exe
2628	svchost.exe
2628	svchost.exe
2628	svchost.exe
2628	svchost.exe
2628	svchost.exe
2628	svchost.exe

Adds Run key to start application 2 TTPs 64 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

rundll.exerundll.exerundll.exe00f8af51c599a1c587db96baa968e306_JaffaCakes118.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\Startup = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows = "C:\\Windows\\Updater\\rundll.exe"	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\Startup = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\Startup = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\Startup = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\Startup = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\Startup = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\Startup = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\Startup = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\Startup = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\Startup = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\Startup = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\Startup = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\Startup = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\Startup = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\Startup = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\Startup = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\Startup = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\Startup = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\Startup = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\Startup = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\Startup = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\Startup = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\Startup = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\Startup = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\Startup = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\Startup = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\Startup = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\Startup = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\Startup = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\Startup = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\Startup = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\Startup = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Windows = "C:\\Windows\\Updater\\rundll.exe"	rundll.exe

Suspicious use of SetThreadContext 55 IoCs

Processes:

00f8af51c599a1c587db96baa968e306_JaffaCakes118.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exerundll.exe

description	pid	process	target process
PID 2844 set thread context of 1808	2844	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe
PID 2460 set thread context of 2436	2460	rundll.exe	rundll.exe
PID 1932 set thread context of 1916	1932	rundll.exe	rundll.exe
PID 2292 set thread context of 2812	2292	rundll.exe	rundll.exe
PID 1816 set thread context of 2140	1816	rundll.exe	rundll.exe
PID 1040 set thread context of 1532	1040	rundll.exe	rundll.exe
PID 2252 set thread context of 752	2252	rundll.exe	rundll.exe
PID 2844 set thread context of 2856	2844	rundll.exe	rundll.exe
PID 2004 set thread context of 2448	2004	rundll.exe	rundll.exe
PID 1860 set thread context of 2788	1860	rundll.exe	rundll.exe
PID 2080 set thread context of 1912	2080	rundll.exe	rundll.exe
PID 2392 set thread context of 1084	2392	rundll.exe	rundll.exe
PID 1300 set thread context of 3052	1300	rundll.exe	rundll.exe
PID 2252 set thread context of 2844	2252	rundll.exe	rundll.exe
PID 2432 set thread context of 2824	2432	rundll.exe	rundll.exe
PID 1000 set thread context of 1732	1000	rundll.exe	rundll.exe
PID 1616 set thread context of 1952	1616	rundll.exe	rundll.exe
PID 1504 set thread context of 2736	1504	rundll.exe	rundll.exe
PID 1676 set thread context of 2440	1676	rundll.exe	rundll.exe
PID 576 set thread context of 300	576	rundll.exe	rundll.exe
PID 2104 set thread context of 988	2104	rundll.exe	rundll.exe
PID 1532 set thread context of 2064	1532	rundll.exe	rundll.exe
PID 2372 set thread context of 2492	2372	rundll.exe	rundll.exe
PID 1732 set thread context of 2380	1732	rundll.exe	rundll.exe
PID 2328 set thread context of 1776	2328	rundll.exe	rundll.exe
PID 1844 set thread context of 1368	1844	rundll.exe	rundll.exe
PID 3160 set thread context of 3300	3160	rundll.exe	rundll.exe
PID 3272 set thread context of 3492	3272	rundll.exe	rundll.exe
PID 3464 set thread context of 3652	3464	rundll.exe	rundll.exe
PID 3824 set thread context of 3972	3824	rundll.exe	rundll.exe
PID 3924 set thread context of 3076	3924	rundll.exe	rundll.exe
PID 4056 set thread context of 3356	4056	rundll.exe	rundll.exe
PID 3584 set thread context of 3708	3584	rundll.exe	rundll.exe
PID 3568 set thread context of 3648	3568	rundll.exe	rundll.exe
PID 1776 set thread context of 4060	1776	rundll.exe	rundll.exe
PID 3192 set thread context of 3728	3192	rundll.exe	rundll.exe
PID 3692 set thread context of 3096	3692	rundll.exe	rundll.exe
PID 3084 set thread context of 3472	3084	rundll.exe	iexplore.exe
PID 1940 set thread context of 3972	1940	rundll.exe	rundll.exe
PID 2580 set thread context of 3852	2580	rundll.exe	iexplore.exe
PID 3820 set thread context of 3928	3820	rundll.exe	rundll.exe
PID 3652 set thread context of 3348	3652	rundll.exe	iexplore.exe
PID 4108 set thread context of 4236	4108	rundll.exe	rundll.exe
PID 4180 set thread context of 4380	4180	rundll.exe	iexplore.exe
PID 4336 set thread context of 4584	4336	rundll.exe	rundll.exe
PID 4768 set thread context of 4896	4768	rundll.exe	rundll.exe
PID 4820 set thread context of 5032	4820	rundll.exe	iexplore.exe
PID 5004 set thread context of 4364	5004	rundll.exe	rundll.exe
PID 4260 set thread context of 4428	4260	rundll.exe	iexplore.exe
PID 4276 set thread context of 4784	4276	rundll.exe	iexplore.exe
PID 4776 set thread context of 5100	4776	rundll.exe	iexplore.exe
PID 4112 set thread context of 4180	4112	rundll.exe	rundll.exe
PID 4256 set thread context of 4748	4256	rundll.exe	rundll.exe
PID 5024 set thread context of 4448	5024	rundll.exe	rundll.exe
PID 4460 set thread context of 4768	4460	rundll.exe	iexplore.exe

Drops file in Windows directory 64 IoCs

Processes:

description	ioc	process
File opened for modification	C:\Windows\Updater\rundll.exe	rundll.exe
File created	C:\Windows\Updater\rundll.exe-up.txt	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe-up.txt	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe-up.txt	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe-up.txt	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe	rundll.exe
File created	C:\Windows\Updater\rundll.exe-up.txt	rundll.exe
File created	C:\Windows\Updater\rundll.exe-up.txt	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe-up1.txt	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe-up.txt	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe-up1.txt	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe-up1.txt	rundll.exe
File created	C:\Windows\Updater\rundll.exe-up.txt	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe-up.txt	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe-up.txt	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe-up.txt	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe-up.txt	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe-up.txt	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe-up.txt	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe-up.txt	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe-up.txt	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe-up1.txt	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe-up1.txt	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe	rundll.exe
File created	C:\Windows\Updater\rundll.exe-up.txt	rundll.exe
File created	C:\Windows\Updater\rundll.exe-up.txt	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe-up.txt	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe-up1.txt	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe-up.txt	rundll.exe
File opened for modification	C:\Windows\Updater\rundll.exe	rundll.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 56 IoCs

Processes:

pid	process
2844	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe
2460	rundll.exe
1932	rundll.exe
2292	rundll.exe
1816	rundll.exe
1040	rundll.exe
2252	rundll.exe
2844	rundll.exe
2004	rundll.exe
1860	rundll.exe
2080	rundll.exe
2392	rundll.exe
1300	rundll.exe
2252	rundll.exe
2432	rundll.exe
1000	rundll.exe
1616	rundll.exe
1504	rundll.exe
1676	rundll.exe
576	rundll.exe
2104	rundll.exe
1532	rundll.exe
2372	rundll.exe
1732	rundll.exe
2328	rundll.exe
1844	rundll.exe
3160	rundll.exe
3272	rundll.exe
3464	rundll.exe
3824	rundll.exe
3924	rundll.exe
4056	rundll.exe
3584	rundll.exe
3568	rundll.exe
1776	rundll.exe
3192	rundll.exe
3692	rundll.exe
3084	rundll.exe
1940	rundll.exe
2580	rundll.exe
3820	rundll.exe
3652	rundll.exe
4108	rundll.exe
4180	rundll.exe
4336	rundll.exe
4768	rundll.exe
4820	rundll.exe
5004	rundll.exe
4260	rundll.exe
4276	rundll.exe
4776	rundll.exe
4112	rundll.exe
4256	rundll.exe
5024	rundll.exe
4460	rundll.exe
4588	rundll.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe00f8af51c599a1c587db96baa968e306_JaffaCakes118.exerundll.exe

description	pid	process	target process
PID 2844 wrote to memory of 1808	2844	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe
PID 2844 wrote to memory of 1808	2844	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe
PID 2844 wrote to memory of 1808	2844	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe
PID 2844 wrote to memory of 1808	2844	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe
PID 2844 wrote to memory of 1808	2844	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe
PID 2844 wrote to memory of 1808	2844	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe
PID 2844 wrote to memory of 1808	2844	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe
PID 2844 wrote to memory of 1808	2844	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe
PID 2844 wrote to memory of 1808	2844	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe
PID 2844 wrote to memory of 1808	2844	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe
PID 2844 wrote to memory of 1808	2844	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe
PID 2844 wrote to memory of 1808	2844	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe
PID 1808 wrote to memory of 2628	1808	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	svchost.exe
PID 1808 wrote to memory of 2628	1808	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	svchost.exe
PID 1808 wrote to memory of 2628	1808	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	svchost.exe
PID 1808 wrote to memory of 2628	1808	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	svchost.exe
PID 1808 wrote to memory of 2628	1808	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	svchost.exe
PID 1808 wrote to memory of 2664	1808	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	iexplore.exe
PID 1808 wrote to memory of 2664	1808	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	iexplore.exe
PID 1808 wrote to memory of 2664	1808	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	iexplore.exe
PID 1808 wrote to memory of 2664	1808	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	iexplore.exe
PID 1808 wrote to memory of 2664	1808	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	iexplore.exe
PID 1808 wrote to memory of 2868	1808	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	iexplore.exe
PID 1808 wrote to memory of 2868	1808	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	iexplore.exe
PID 1808 wrote to memory of 2868	1808	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	iexplore.exe
PID 1808 wrote to memory of 2868	1808	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	iexplore.exe
PID 1808 wrote to memory of 2868	1808	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	iexplore.exe
PID 1808 wrote to memory of 2596	1808	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	iexplore.exe
PID 1808 wrote to memory of 2596	1808	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	iexplore.exe
PID 1808 wrote to memory of 2596	1808	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	iexplore.exe
PID 1808 wrote to memory of 2596	1808	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	iexplore.exe
PID 1808 wrote to memory of 2596	1808	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	iexplore.exe
PID 1808 wrote to memory of 2584	1808	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	iexplore.exe
PID 1808 wrote to memory of 2584	1808	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	iexplore.exe
PID 1808 wrote to memory of 2584	1808	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	iexplore.exe
PID 1808 wrote to memory of 2584	1808	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	iexplore.exe
PID 1808 wrote to memory of 2584	1808	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	iexplore.exe
PID 1808 wrote to memory of 2280	1808	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	iexplore.exe
PID 1808 wrote to memory of 2280	1808	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	iexplore.exe
PID 1808 wrote to memory of 2280	1808	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	iexplore.exe
PID 1808 wrote to memory of 2280	1808	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	iexplore.exe
PID 1808 wrote to memory of 2280	1808	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	iexplore.exe
PID 1808 wrote to memory of 2740	1808	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	iexplore.exe
PID 1808 wrote to memory of 2740	1808	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	iexplore.exe
PID 1808 wrote to memory of 2740	1808	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	iexplore.exe
PID 1808 wrote to memory of 2740	1808	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	iexplore.exe
PID 1808 wrote to memory of 2740	1808	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	iexplore.exe
PID 1808 wrote to memory of 2748	1808	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	iexplore.exe
PID 1808 wrote to memory of 2748	1808	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	iexplore.exe
PID 1808 wrote to memory of 2748	1808	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	iexplore.exe
PID 1808 wrote to memory of 2748	1808	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	iexplore.exe
PID 1808 wrote to memory of 2748	1808	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	iexplore.exe
PID 1808 wrote to memory of 2776	1808	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	iexplore.exe
PID 1808 wrote to memory of 2776	1808	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	iexplore.exe
PID 1808 wrote to memory of 2776	1808	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	iexplore.exe
PID 1808 wrote to memory of 2776	1808	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	iexplore.exe
PID 1808 wrote to memory of 2460	1808	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	rundll.exe
PID 1808 wrote to memory of 2460	1808	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	rundll.exe
PID 1808 wrote to memory of 2460	1808	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	rundll.exe
PID 1808 wrote to memory of 2460	1808	00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe	rundll.exe
PID 2460 wrote to memory of 2436	2460	rundll.exe	rundll.exe
PID 2460 wrote to memory of 2436	2460	rundll.exe	rundll.exe
PID 2460 wrote to memory of 2436	2460	rundll.exe	rundll.exe
PID 2460 wrote to memory of 2436	2460	rundll.exe	rundll.exe

C:\Users\Admin\AppData\Local\Temp\00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2844
- C:\Users\Admin\AppData\Local\Temp\00f8af51c599a1c587db96baa968e306_JaffaCakes118.exe
  2⤵
  - Boot or Logon Autostart Execution: Active Setup
  - Loads dropped DLL
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:1808
- - C:\Windows\SysWOW64\svchost.exe
    svchost.exe
    3⤵
    - Boot or Logon Autostart Execution: Active Setup
    - Loads dropped DLL
    PID:2628
  - - C:\Windows\Updater\rundll.exe
      "C:\Windows\Updater\rundll.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of SetThreadContext
      Suspicious use of SetWindowsHookEx
      PID:1932
    - - C:\Windows\Updater\rundll.exe
        
        5⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Adds Run key to start application
        
        PID:1916
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2816
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2040
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2112
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1964
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:336
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2404
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2416
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2036
      - C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        Suspicious use of SetWindowsHookEx
        
        PID:1040
        
        C:\Windows\Updater\rundll.exe
        
        7⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Adds Run key to start application
        Drops file in Windows directory
        
        PID:1532
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:764
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1500
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1708
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1624
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1600
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1244
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1188
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2320
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        8⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        Suspicious use of SetWindowsHookEx
        
        PID:1860
        
        C:\Windows\Updater\rundll.exe
        
        9⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Adds Run key to start application
        
        PID:2788
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2832
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2132
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1144
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3040
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:292
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1816
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:452
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1656
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        10⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        Suspicious use of SetWindowsHookEx
        
        PID:2252
        
        C:\Windows\Updater\rundll.exe
        
        11⤵
        Executes dropped EXE
        
        PID:2844
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:1828
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:1612
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:2684
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:1792
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:2524
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:1260
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:2452
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:2164
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        12⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        Suspicious use of SetWindowsHookEx
        
        PID:1676
        
        C:\Windows\Updater\rundll.exe
        
        13⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        
        PID:2440
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:1808
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:1304
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:1160
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:1124
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:2572
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:1400
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:1440
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:1284
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        14⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        Suspicious use of SetWindowsHookEx
        
        PID:2328
        
        C:\Windows\Updater\rundll.exe
        
        15⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Adds Run key to start application
        
        PID:1776
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:1544
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:1228
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:944
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:3212
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:3396
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:3596
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:3752
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:3864
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        16⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        Suspicious use of SetWindowsHookEx
        
        PID:4056
        
        C:\Windows\Updater\rundll.exe
        
        17⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Adds Run key to start application
        
        PID:3356
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:3276
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:3468
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:3964
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:3108
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:3528
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:3828
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:3376
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:3280
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        18⤵
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        Suspicious use of SetWindowsHookEx
        
        PID:1940
        
        C:\Windows\Updater\rundll.exe
        
        19⤵
        Boot or Logon Autostart Execution: Active Setup
        Adds Run key to start application
        
        PID:3972
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:3904
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:3844
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:3488
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:3336
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:4224
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:4536
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:4700
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:4812
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        20⤵
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        Suspicious use of SetWindowsHookEx
        
        PID:5004
        
        C:\Windows\Updater\rundll.exe
        
        21⤵
        Boot or Logon Autostart Execution: Active Setup
        Adds Run key to start application
        
        PID:4364
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:4644
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:5072
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:4408
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:4664
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:4244
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:4636
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:4240
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:5032
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        22⤵
        
        PID:4840
        
        C:\Windows\Updater\rundll.exe
        
        23⤵
        
        PID:5124
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:5308
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:5428
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:5748
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:5972
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:5048
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:5676
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:6132
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:5504
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        24⤵
        
        PID:5860
        
        C:\Windows\Updater\rundll.exe
        
        25⤵
        
        PID:4840
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:5948
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:5424
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:4956
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:5872
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:6448
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:6692
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:6980
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:6312
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        26⤵
        
        PID:6372
        
        C:\Windows\Updater\rundll.exe
        
        27⤵
        
        PID:5192
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        28⤵
        
        PID:5884
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        28⤵
        
        PID:6936
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        28⤵
        
        PID:6096
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        28⤵
        
        PID:6756
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        28⤵
        
        PID:5740
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        28⤵
        
        PID:7244
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        28⤵
        
        PID:7488
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        28⤵
        
        PID:7852
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        28⤵
        
        PID:7892
        
        C:\Windows\Updater\rundll.exe
        
        29⤵
        
        PID:8176
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        30⤵
        
        PID:7528
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        30⤵
        
        PID:7904
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        30⤵
        
        PID:7344
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        30⤵
        
        PID:7736
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        30⤵
        
        PID:7700
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        30⤵
        
        PID:6440
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        30⤵
        
        PID:8352
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        30⤵
        
        PID:8712
  - - C:\Windows\Updater\rundll.exe
      "C:\Windows\Updater\rundll.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of SetThreadContext
      Drops file in Windows directory
      Suspicious use of SetWindowsHookEx
      PID:1816
    - - C:\Windows\Updater\rundll.exe
        
        5⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Adds Run key to start application
        
        PID:2140
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2152
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:928
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1728
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2908
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2208
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1604
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2160
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1280
      - C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2004
        
        C:\Windows\Updater\rundll.exe
        
        7⤵
        Executes dropped EXE
        Adds Run key to start application
        
        PID:2448
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1908
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1904
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2796
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2724
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:840
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2200
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:640
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2276
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        8⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        Suspicious use of SetWindowsHookEx
        
        PID:1300
        
        C:\Windows\Updater\rundll.exe
        
        9⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Adds Run key to start application
        
        PID:3052
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2744
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:872
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2720
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1788
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1520
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:860
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1752
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:692
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        10⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        Suspicious use of SetWindowsHookEx
        
        PID:1504
        
        C:\Windows\Updater\rundll.exe
        
        11⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Adds Run key to start application
        Drops file in Windows directory
        
        PID:2736
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:2640
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:636
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:1152
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:1756
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:2272
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:752
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:2088
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:2004
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        12⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1732
        
        C:\Windows\Updater\rundll.exe
        
        13⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Adds Run key to start application
        
        PID:2380
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:1888
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:2644
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:2512
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3204
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3364
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3588
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3744
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3856
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        14⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        Suspicious use of SetWindowsHookEx
        
        PID:3924
        
        C:\Windows\Updater\rundll.exe
        
        15⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Adds Run key to start application
        
        PID:3076
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:3312
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:2252
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:3808
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:3952
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:3124
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:3460
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:3540
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:3292
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        16⤵
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        Suspicious use of SetWindowsHookEx
        
        PID:3084
        
        C:\Windows\Updater\rundll.exe
        
        17⤵
        Boot or Logon Autostart Execution: Active Setup
        Adds Run key to start application
        
        PID:3472
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:3640
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:3672
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:4008
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:3296
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:4172
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:4352
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:4552
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:4712
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        18⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4768
        
        C:\Windows\Updater\rundll.exe
        
        19⤵
        Boot or Logon Autostart Execution: Active Setup
        
        PID:4896
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:3960
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:4416
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:5056
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:4452
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:4616
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:5020
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:4516
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:4288
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        20⤵
        
        PID:3724
        
        C:\Windows\Updater\rundll.exe
        
        21⤵
        
        PID:4592
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:4588
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:5332
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:5532
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:5756
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:5980
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:5156
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:5480
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:5824
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        22⤵
        
        PID:5616
        
        C:\Windows\Updater\rundll.exe
        
        23⤵
        
        PID:4448
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:5624
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:1952
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:4988
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:5568
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:5228
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:5300
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:6472
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:6716
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        24⤵
        
        PID:6796
        
        C:\Windows\Updater\rundll.exe
        
        25⤵
        
        PID:6884
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:7104
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:6328
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:6632
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:7004
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:6344
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:6020
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:7052
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        26⤵
        
        PID:7100
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        26⤵
        
        PID:6364
        
        C:\Windows\Updater\rundll.exe
        
        27⤵
        
        PID:6544
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        28⤵
        
        PID:7384
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        28⤵
        
        PID:7664
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        28⤵
        
        PID:8024
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        28⤵
        
        PID:5856
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        28⤵
        
        PID:7660
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        28⤵
        
        PID:8144
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        28⤵
        
        PID:7612
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        28⤵
        
        PID:7628
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        28⤵
        
        PID:7092
        
        C:\Windows\Updater\rundll.exe
        
        29⤵
        
        PID:7564
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        30⤵
        
        PID:8404
  - - C:\Windows\Updater\rundll.exe
      "C:\Windows\Updater\rundll.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of SetThreadContext
      Suspicious use of SetWindowsHookEx
      PID:2844
    - - C:\Windows\Updater\rundll.exe
        
        5⤵
        Executes dropped EXE
        
        PID:2856
  - - C:\Windows\Updater\rundll.exe
      "C:\Windows\Updater\rundll.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of SetThreadContext
      Suspicious use of SetWindowsHookEx
      PID:2392
    - - C:\Windows\Updater\rundll.exe
        
        5⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Adds Run key to start application
        Drops file in Windows directory
        
        PID:1084
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2884
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2624
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2480
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1800
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2692
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2696
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1292
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1564
      - C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        Suspicious use of SetWindowsHookEx
        
        PID:1616
        
        C:\Windows\Updater\rundll.exe
        
        7⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Adds Run key to start application
        Drops file in Windows directory
        
        PID:1952
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2660
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2460
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:884
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1724
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2756
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2544
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1576
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1712
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        8⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2372
        
        C:\Windows\Updater\rundll.exe
        
        9⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Adds Run key to start application
        Drops file in Windows directory
        
        PID:2492
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2568
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3016
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1912
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3032
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3196
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3264
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3556
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3736
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        10⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        Suspicious use of SetWindowsHookEx
        
        PID:3824
        
        C:\Windows\Updater\rundll.exe
        
        11⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        
        PID:3972
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:2072
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3512
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3628
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4040
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3924
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3272
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3980
  - - C:\Windows\Updater\rundll.exe
      "C:\Windows\Updater\rundll.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of SetThreadContext
      Suspicious use of SetWindowsHookEx
      PID:1000
    - - C:\Windows\Updater\rundll.exe
        
        5⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Adds Run key to start application
        
        PID:1732
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1780
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2424
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:564
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1100
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2812
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3068
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1252
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2844
      - C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        Suspicious use of SetWindowsHookEx
        
        PID:1532
        
        C:\Windows\Updater\rundll.exe
        
        7⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        
        PID:2064
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2780
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2552
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2536
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2328
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2016
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3176
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3236
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3440
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        8⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        Suspicious use of SetWindowsHookEx
        
        PID:3464
        
        C:\Windows\Updater\rundll.exe
        
        9⤵
        Executes dropped EXE
        Adds Run key to start application
        Drops file in Windows directory
        
        PID:3652
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3784
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3880
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4088
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3340
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3484
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1532
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4072
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3172
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        10⤵
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        Suspicious use of SetWindowsHookEx
        
        PID:3692
        
        C:\Windows\Updater\rundll.exe
        
        11⤵
        Boot or Logon Autostart Execution: Active Setup
        Adds Run key to start application
        
        PID:3096
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3492
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3452
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3496
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3084
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3936
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3692
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3052
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4216
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        12⤵
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        Suspicious use of SetWindowsHookEx
        
        PID:4336
        
        C:\Windows\Updater\rundll.exe
        
        13⤵
        Boot or Logon Autostart Execution: Active Setup
        Adds Run key to start application
        
        PID:4584
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4688
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4804
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4904
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4292
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4924
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4708
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4388
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4992
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        14⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:5024
        
        C:\Windows\Updater\rundll.exe
        
        15⤵
        Adds Run key to start application
        
        PID:4448
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:4608
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:4392
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5096
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5236
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5516
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5712
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5964
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5148
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        16⤵
        
        PID:940
        
        C:\Windows\Updater\rundll.exe
        
        17⤵
        
        PID:5492
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:5692
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:6140
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:5656
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:5196
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:5316
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:6124
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:2180
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:5648
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        18⤵
        
        PID:6264
        
        C:\Windows\Updater\rundll.exe
        
        19⤵
        
        PID:6560
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:6672
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:6876
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:6304
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:6268
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:6964
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:6252
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:5248
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:6752
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        20⤵
        
        PID:6544
        
        C:\Windows\Updater\rundll.exe
        
        21⤵
        
        PID:6504
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:6384
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:7424
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:7764
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:8048
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:7352
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:5192
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:7360
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:7780
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        22⤵
        
        PID:7892
        
        C:\Windows\Updater\rundll.exe
        
        23⤵
        
        PID:7916
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:6932
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:8372
  - - C:\Windows\Updater\rundll.exe
      "C:\Windows\Updater\rundll.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of SetThreadContext
      Suspicious use of SetWindowsHookEx
      PID:2104
    - - C:\Windows\Updater\rundll.exe
        
        5⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Adds Run key to start application
        
        PID:988
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1048
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1976
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1452
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2828
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2848
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2788
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3152
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3228
      - C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        Suspicious use of SetWindowsHookEx
        
        PID:3272
        
        C:\Windows\Updater\rundll.exe
        
        7⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Adds Run key to start application
        
        PID:3492
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3632
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3800
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3896
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2468
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3408
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3676
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4016
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3116
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        8⤵
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        Suspicious use of SetWindowsHookEx
        
        PID:3192
        
        C:\Windows\Updater\rundll.exe
        
        9⤵
        Boot or Logon Autostart Execution: Active Setup
        
        PID:3728
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2380
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4064
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3772
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4048
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2104
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3500
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3708
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4100
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        10⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4180
        
        C:\Windows\Updater\rundll.exe
        
        11⤵
        Adds Run key to start application
        Drops file in Windows directory
        
        PID:4380
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4520
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4576
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4760
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4872
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4136
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4368
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:5064
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:2588
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        12⤵
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        Suspicious use of SetWindowsHookEx
        
        PID:4256
        
        C:\Windows\Updater\rundll.exe
        
        13⤵
        Boot or Logon Autostart Execution: Active Setup
        Adds Run key to start application
        
        PID:4748
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3348
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:2368
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3520
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3060
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3724
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5324
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5540
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5764
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        14⤵
        
        PID:5828
        
        C:\Windows\Updater\rundll.exe
        
        15⤵
        
        PID:6064
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:4848
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5404
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5820
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:4836
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5628
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5184
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5124
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5436
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        16⤵
        
        PID:4996
        
        C:\Windows\Updater\rundll.exe
        
        17⤵
        
        PID:5920
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:6376
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:6644
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:6840
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:6188
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:6568
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:6892
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:6064
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:5272
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        18⤵
        
        PID:6052
        
        C:\Windows\Updater\rundll.exe
        
        19⤵
        
        PID:5604
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:6740
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:6416
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:7228
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:7620
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:8012
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:7192
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:7652
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:8136
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        20⤵
        
        PID:7144
        
        C:\Windows\Updater\rundll.exe
        
        21⤵
        
        PID:7616
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:7184
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:7988
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:7936
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:8360
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:8720
  - - C:\Windows\Updater\rundll.exe
      "C:\Windows\Updater\rundll.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of SetThreadContext
      Suspicious use of SetWindowsHookEx
      PID:3160
    - - C:\Windows\Updater\rundll.exe
        
        5⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Adds Run key to start application
        
        PID:3300
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3416
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3604
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3760
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3872
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2432
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3504
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3580
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4012
      - C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        6⤵
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        Suspicious use of SetWindowsHookEx
        
        PID:1776
        
        C:\Windows\Updater\rundll.exe
        
        7⤵
        Boot or Logon Autostart Execution: Active Setup
        Adds Run key to start application
        
        PID:4060
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3680
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4036
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3160
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2760
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3428
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1940
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3732
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3548
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        8⤵
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        Suspicious use of SetWindowsHookEx
        
        PID:4108
        
        C:\Windows\Updater\rundll.exe
        
        9⤵
        Boot or Logon Autostart Execution: Active Setup
        Adds Run key to start application
        
        PID:4236
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4472
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4560
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4728
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4852
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4128
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4316
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3472
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5088
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        10⤵
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        Suspicious use of SetWindowsHookEx
        
        PID:4112
        
        C:\Windows\Updater\rundll.exe
        
        11⤵
        Adds Run key to start application
        
        PID:4180
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4320
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3972
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4232
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4380
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3572
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4428
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:5368
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:5592
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        12⤵
        
        PID:5616
        
        C:\Windows\Updater\rundll.exe
        
        13⤵
        
        PID:5872
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:6008
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5256
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5660
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:6092
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5688
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5216
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:2264
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5784
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        14⤵
        
        PID:5920
        
        C:\Windows\Updater\rundll.exe
        
        15⤵
        
        PID:5188
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:6212
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:6520
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:6824
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:6232
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5816
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:6952
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:6368
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:6968
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        16⤵
        
        PID:5176
        
        C:\Windows\Updater\rundll.exe
        
        17⤵
        
        PID:5832
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:5496
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:6036
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:7480
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:7844
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:8128
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:7568
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:8116
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:6900
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        18⤵
        
        PID:7952
        
        C:\Windows\Updater\rundll.exe
        
        19⤵
        
        PID:7544
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:7976
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:7460
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:8604
  - - C:\Windows\Updater\rundll.exe
      "C:\Windows\Updater\rundll.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of SetThreadContext
      Drops file in Windows directory
      Suspicious use of SetWindowsHookEx
      PID:3568
    - - C:\Windows\Updater\rundll.exe
        
        5⤵
        Boot or Logon Autostart Execution: Active Setup
        Adds Run key to start application
        Drops file in Windows directory
        
        PID:3648
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4000
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3092
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3128
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3988
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3248
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3712
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3644
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2064
      - C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        6⤵
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        Suspicious use of SetWindowsHookEx
        
        PID:3652
        
        C:\Windows\Updater\rundll.exe
        
        7⤵
        Boot or Logon Autostart Execution: Active Setup
        Adds Run key to start application
        
        PID:3348
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3552
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4152
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4480
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4568
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4736
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4864
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4168
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4512
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        8⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4776
        
        C:\Windows\Updater\rundll.exe
        
        9⤵
        Boot or Logon Autostart Execution: Active Setup
        Adds Run key to start application
        Drops file in Windows directory
        
        PID:5100
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3648
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3852
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4776
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1156
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4192
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4984
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4820
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5344
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        10⤵
        
        PID:5392
        
        C:\Windows\Updater\rundll.exe
        
        11⤵
        
        PID:5648
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:5796
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:6024
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:5160
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4656
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:6048
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:5456
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:5880
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:5100
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        12⤵
        
        PID:5868
        
        C:\Windows\Updater\rundll.exe
        
        13⤵
        
        PID:5176
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5792
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5400
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:6388
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:6652
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:6848
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4996
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:6496
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:6940
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        14⤵
        
        PID:5952
        
        C:\Windows\Updater\rundll.exe
        
        15⤵
        
        PID:6276
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:6744
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5944
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:6372
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:6424
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:7416
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:7772
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:8056
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5188
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        16⤵
        
        PID:7628
        
        C:\Windows\Updater\rundll.exe
        
        17⤵
        
        PID:6168
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:7324
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:5952
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:6364
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:7548
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:8260
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:8660
  - - C:\Windows\Updater\rundll.exe
      "C:\Windows\Updater\rundll.exe"
      4⤵
      Suspicious use of SetThreadContext
      Drops file in Windows directory
      Suspicious use of SetWindowsHookEx
      PID:2580
    - - C:\Windows\Updater\rundll.exe
        
        5⤵
        Boot or Logon Autostart Execution: Active Setup
        Drops file in Windows directory
        
        PID:3852
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1368
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3652
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4144
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4344
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4544
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4720
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4880
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3920
      - C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        6⤵
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        Suspicious use of SetWindowsHookEx
        
        PID:4276
        
        C:\Windows\Updater\rundll.exe
        
        7⤵
        Adds Run key to start application
        
        PID:4784
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5040
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4252
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4444
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5012
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3956
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4860
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4124
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4680
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        8⤵
        
        PID:5228
        
        C:\Windows\Updater\rundll.exe
        
        9⤵
        
        PID:5420
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5560
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5772
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5988
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4784
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5668
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:6080
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5512
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5220
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        10⤵
        
        PID:5192
        
        C:\Windows\Updater\rundll.exe
        
        11⤵
        
        PID:5740
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:5208
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:5180
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:5460
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:6456
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:6700
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:6972
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:6320
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:6624
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        12⤵
        
        PID:6928
        
        C:\Windows\Updater\rundll.exe
        
        13⤵
        
        PID:6584
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:6732
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4980
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:6804
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:7048
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:7260
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:7504
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:7868
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:8164
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        14⤵
        
        PID:7456
        
        C:\Windows\Updater\rundll.exe
        
        15⤵
        
        PID:7804
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:1344
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5320
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:7800
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:7716
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:8080
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:8344
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:8704
  - - C:\Windows\Updater\rundll.exe
      "C:\Windows\Updater\rundll.exe"
      4⤵
      Suspicious use of SetThreadContext
      Drops file in Windows directory
      Suspicious use of SetWindowsHookEx
      PID:4820
    - - C:\Windows\Updater\rundll.exe
        
        5⤵
        Boot or Logon Autostart Execution: Active Setup
        Adds Run key to start application
        Drops file in Windows directory
        
        PID:5032
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4060
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4108
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4944
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3996
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4464
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5000
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3244
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3012
      - C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        6⤵
        Drops file in Windows directory
        Suspicious use of SetWindowsHookEx
        
        PID:4588
        
        C:\Windows\Updater\rundll.exe
        
        7⤵
        
        PID:4604
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4248
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4056
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5352
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5576
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5836
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4832
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5384
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5732
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        8⤵
        
        PID:5640
        
        C:\Windows\Updater\rundll.exe
        
        9⤵
        
        PID:5832
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:940
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5620
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5408
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4800
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:6056
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5868
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:6464
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:6708
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        10⤵
        
        PID:6764
        
        C:\Windows\Updater\rundll.exe
        
        11⤵
        
        PID:7136
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:6204
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:5396
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:6904
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:7132
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:5008
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:6552
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:5276
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:6172
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        12⤵
        
        PID:7236
        
        C:\Windows\Updater\rundll.exe
        
        13⤵
        
        PID:7512
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:7692
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:8032
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:7312
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:6772
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:7468
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:7448
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:7444
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:7060
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        14⤵
        
        PID:8588
  - - C:\Windows\Updater\rundll.exe
      "C:\Windows\Updater\rundll.exe"
      4⤵
      Suspicious use of SetThreadContext
      Drops file in Windows directory
      Suspicious use of SetWindowsHookEx
      PID:4460
    - - C:\Windows\Updater\rundll.exe
        
        5⤵
        Boot or Logon Autostart Execution: Active Setup
        Adds Run key to start application
        
        PID:4768
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3968
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4972
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4492
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5360
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5584
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5848
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:6072
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4308
      - C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        6⤵
        
        PID:5112
        
        C:\Windows\Updater\rundll.exe
        
        7⤵
        
        PID:5812
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:6112
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4080
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4372
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2492
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5440
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5392
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5140
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:6488
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        8⤵
        
        PID:6512
        
        C:\Windows\Updater\rundll.exe
        
        9⤵
        
        PID:6988
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:6156
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:6356
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:6808
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:6180
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5144
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:6668
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:6280
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:6660
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        10⤵
        
        PID:5780
        
        C:\Windows\Updater\rundll.exe
        
        11⤵
        
        PID:7288
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:7588
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:8004
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:6884
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:5700
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:7020
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:7600
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:7320
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:6992
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        12⤵
        
        PID:7412
        
        C:\Windows\Updater\rundll.exe
        
        13⤵
        
        PID:8496
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:8680
  - - C:\Windows\Updater\rundll.exe
      "C:\Windows\Updater\rundll.exe"
      4⤵
      PID:6032
    - - C:\Windows\Updater\rundll.exe
        
        5⤵
        
        PID:5132
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4304
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5708
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:6100
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5788
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5168
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4976
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4324
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5924
      - C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        6⤵
        
        PID:6064
        
        C:\Windows\Updater\rundll.exe
        
        7⤵
        
        PID:6292
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:6432
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:6684
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:6860
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5128
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:6576
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:6916
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4768
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:7164
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        8⤵
        
        PID:5496
        
        C:\Windows\Updater\rundll.exe
        
        9⤵
        
        PID:6768
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:6428
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:6148
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:7432
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:7756
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:8040
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:7340
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:7880
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:7380
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        10⤵
        
        PID:6584
        
        C:\Windows\Updater\rundll.exe
        
        11⤵
        
        PID:7944
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:6948
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:5604
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:7128
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:8612
  - - C:\Windows\Updater\rundll.exe
      "C:\Windows\Updater\rundll.exe"
      4⤵
      PID:5008
    - - C:\Windows\Updater\rundll.exe
        
        5⤵
        
        PID:5640
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5888
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:6220
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:6528
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:6832
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:7112
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:6336
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:6556
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:6512
      - C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        6⤵
        
        PID:6768
        
        C:\Windows\Updater\rundll.exe
        
        7⤵
        
        PID:6924
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:7156
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5904
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:6792
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5176
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:7252
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:7496
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:7860
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:8156
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        8⤵
        
        PID:6364
        
        C:\Windows\Updater\rundll.exe
        
        9⤵
        
        PID:7524
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:7640
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:7400
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:6596
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:8124
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:6176
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:8252
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:8648
  - - C:\Windows\Updater\rundll.exe
      "C:\Windows\Updater\rundll.exe"
      4⤵
      PID:6640
    - - C:\Windows\Updater\rundll.exe
        
        5⤵
        
        PID:7016
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:7120
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:6764
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:6540
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:6040
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:6052
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:7304
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:7788
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:8064
      - C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        6⤵
        
        PID:8120
        
        C:\Windows\Updater\rundll.exe
        
        7⤵
        
        PID:7224
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:7740
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:8096
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:7476
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:6588
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:6924
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:8236
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:8696
  - - C:\Windows\Updater\rundll.exe
      "C:\Windows\Updater\rundll.exe"
      4⤵
      PID:7448
    - - C:\Windows\Updater\rundll.exe
        
        5⤵
        
        PID:7672
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:7832
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:8104
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:7404
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:7888
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:7208
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:7824
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:6816
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:7212
      - C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        6⤵
        
        PID:7392
        
        C:\Windows\Updater\rundll.exe
        
        7⤵
        
        PID:8268
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:8464
  - - C:\Windows\Updater\rundll.exe
      "C:\Windows\Updater\rundll.exe"
      4⤵
      PID:7460
    - - C:\Windows\Updater\rundll.exe
        
        5⤵
        
        PID:7560
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:8208
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:8688
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:2664
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:2868
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:2596
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:2584
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:2280
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:2740
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:2748
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:2776
- - C:\Windows\Updater\rundll.exe
    "C:\Windows\Updater\rundll.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetThreadContext
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2460
  - - C:\Windows\Updater\rundll.exe
      4⤵
      Executes dropped EXE
      PID:2436
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2316
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:1508
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:808
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2912
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2944
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2932
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2980
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:3000
    - - C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        Suspicious use of SetWindowsHookEx
        
        PID:2292
      - C:\Windows\Updater\rundll.exe
        
        6⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:2812
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:1692
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:2248
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:2056
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:1652
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:488
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:2620
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:1968
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:984
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2252
        
        C:\Windows\Updater\rundll.exe
        
        8⤵
        Executes dropped EXE
        
        PID:752
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:304
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:2136
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:1256
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:804
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:1716
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:2028
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:356
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:2456
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        9⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        Suspicious use of SetWindowsHookEx
        
        PID:2080
        
        C:\Windows\Updater\rundll.exe
        
        10⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Adds Run key to start application
        
        PID:1912
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2216
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2764
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:1796
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2020
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:1640
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:1380
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2220
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:1868
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        11⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2432
        
        C:\Windows\Updater\rundll.exe
        
        12⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Adds Run key to start application
        Drops file in Windows directory
        
        PID:2824
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:1332
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:1632
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:1812
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:1324
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:676
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:308
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:1540
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:2772
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        13⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        Suspicious use of SetWindowsHookEx
        
        PID:576
        
        C:\Windows\Updater\rundll.exe
        
        14⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Adds Run key to start application
        
        PID:300
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:2148
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:696
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:2156
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:2940
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:1556
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:1396
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:2616
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        15⤵
        
        PID:1732
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        15⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        Suspicious use of SetWindowsHookEx
        
        PID:1844
        
        C:\Windows\Updater\rundll.exe
        
        16⤵
        Boot or Logon Autostart Execution: Active Setup
        Executes dropped EXE
        Adds Run key to start application
        
        PID:1368
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:3144
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:3220
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:3432
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:3612
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:3792
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:3888
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:1312
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        17⤵
        
        PID:3288
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        17⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Drops file in Windows directory
        Suspicious use of SetWindowsHookEx
        
        PID:3584
        
        C:\Windows\Updater\rundll.exe
        
        18⤵
        Adds Run key to start application
        
        PID:3708
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:3836
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:3932
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:628
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:3916
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:3404
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:3668
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:3184
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        19⤵
        
        PID:1916
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        19⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:3820
        
        C:\Windows\Updater\rundll.exe
        
        20⤵
        Drops file in Windows directory
        
        PID:3928
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        21⤵
        
        PID:3188
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        21⤵
        
        PID:3384
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        21⤵
        
        PID:4208
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        21⤵
        
        PID:4528
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        21⤵
        
        PID:4668
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        21⤵
        
        PID:4788
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        21⤵
        
        PID:4888
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        21⤵
        
        PID:4140
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        21⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4260
        
        C:\Windows\Updater\rundll.exe
        
        22⤵
        Drops file in Windows directory
        
        PID:4428
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:4756
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:5080
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:3944
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:4280
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:3728
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:4260
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:4112
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        23⤵
        
        PID:4256
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        23⤵
        
        PID:3576
        
        C:\Windows\Updater\rundll.exe
        
        24⤵
        
        PID:4932
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:5284
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:5524
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:5720
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:5956
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:3576
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:5448
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:5632
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        25⤵
        
        PID:6108
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        25⤵
        
        PID:2180
        
        C:\Windows\Updater\rundll.exe
        
        26⤵
        
        PID:5892
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        27⤵
        
        PID:6044
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        27⤵
        
        PID:5476
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        27⤵
        
        PID:844
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        27⤵
        
        PID:5804
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        27⤵
        
        PID:5996
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        27⤵
        
        PID:6480
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        27⤵
        
        PID:6724
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        27⤵
        
        PID:6868
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        27⤵
        
        PID:7084
        
        C:\Windows\Updater\rundll.exe
        
        28⤵
        
        PID:5700
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        29⤵
        
        PID:6608
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        29⤵
        
        PID:6788
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        29⤵
        
        PID:4840
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        29⤵
        
        PID:7012
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        29⤵
        
        PID:6748
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        29⤵
        
        PID:6896
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        29⤵
        
        PID:6164
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        29⤵
        
        PID:7296
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        29⤵
        
        PID:7640
        
        C:\Windows\Updater\rundll.exe
        
        30⤵
        
        PID:7920
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        31⤵
        
        PID:8084
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        31⤵
        
        PID:6228
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        31⤵
        
        PID:7688
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        31⤵
        
        PID:8188
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        31⤵
        
        PID:7572
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        31⤵
        
        PID:7280
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        31⤵
        
        PID:7028
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        31⤵
        
        PID:8244
        
        C:\Windows\Updater\rundll.exe
        
        "C:\Windows\Updater\rundll.exe"
        31⤵
        
        PID:8472

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Active Setup

T1547.014

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\7YFjJfU.cfg

Filesize
1KB

MD5
f27385ccae7e26cfc0872f59fabdb06d

SHA1
50f9422d7c529e3249deb166a960cd7008096cce

SHA256
4718ed0b51accc3ff9f07eae3cb6807c7dd4e52d893abb0ce51431616028d480

SHA512
0c880ac581e0f7e145760571eba7f6d21e3ca060377f1da88ec15ba2f4184a42c5e75c82add1e4515ff8b1f82c87b442cf3410d019a38e4ffa0ecc07c8add8ad

Download Submit
C:\Windows\Updater\rundll.exe

Filesize
479KB

MD5
00f8af51c599a1c587db96baa968e306

SHA1
85cf2d60a0e9254792e2122b0fffb563ae36ccbb

SHA256
4820c9a787707d31ed70c14fb1b99adf71d1de5f8f9f562f8292289fc2e9f1e7

SHA512
846f42baea812e412021e47a94963edd05feabe2e6d3e0ee62cbcdd4c9af66659068e1c0027b0dd000d3902e928b92dc16c78fc972f8de3da3cfa8242fd59357

Download Submit
C:\Windows\Updater\rundll.exe-up.txt

Filesize
30KB

MD5
5fdf4efe9b80d2ae168ca343f30368b8

SHA1
62b1bf41c7c038a68aea3d80710c339a17235b91

SHA256
542ded2bafb8e83313d7a8d66e0b2b9ddcda39f4c63e1e7589179beda0080541

SHA512
5d8562d89fddcca217fa4c0bae1c8d79f2618042773e6955882add30213640804b077df194b60f6aaf64bd388f8d581530cdf54922a899038fc6eeac898e663f

Download Submit
C:\Windows\Updater\rundll.exe-up.txt

Filesize
30KB

MD5
473cd35c26c7b2ffee45fbdd3f647ce2

SHA1
0f5f9da6d1d4605635902520d7f3dc10440889d8

SHA256
0f0ee180e5dec289c355cfa6590bd408c33670518246e719a894dc0f3331d912

SHA512
cdd2a6c2c23ceac93476a71c74d419a42ffdea6b49bbb1ad8c565d21d48e3919ab6b86e8c70264a05135ea9e8258183430a49d42e5ca1694dec4e558c2fc397c

Download Submit
C:\Windows\Updater\rundll.exe-up.txt

Filesize
14B

MD5
098d16d669a3a0417f4cb67a3533ae4f

SHA1
3c0df988da33343f439f16d5f5da444817c6ff25

SHA256
ec33c089493f71bc4a510081918e8721e024ef0817ecfb9f2897dce432196fdb

SHA512
7cd7048793ff9aadcfd4fc9ccb975477755ff8e7e4440e270428a1fa94d6f4087f747446c83411e068bd0ec79f2533a14f4a9e7f621dada044bd0aef7efa9cb2

Download Submit
C:\Windows\Updater\rundll.exe-up.txt

Filesize
30KB

MD5
d33906a2de403fd297327050557fd581

SHA1
da216413e4bf55d9be70e589c62659c6610d7693

SHA256
d94d0bc0cd814df71299fb222c4b30ed79284fad2805d8ff4e1ce3a6653b9edf

SHA512
2e2e7fd24523bc535f788ece8f10b8ef0bfa8ebad09792d108c0b5220f0e7f6575e86e6d766008442a343e1ab95efe7eda841dc5cfecb61a737e90273fc6af29

Download Submit
C:\Windows\Updater\rundll.exe-up.txt

Filesize
192B

MD5
f4cb6ccac42403da34ebf37194896890

SHA1
54db307dc8803bf9771fe9a3a1ba7bcc68314f4c

SHA256
40df1e4c6b9dd66217c8425ef6fac45ae1ad22dec6ae3a0f5878cdce3d974a90

SHA512
0e216fa506a5b89901057079c296a41e4b431c41493f56c8ab1dd660587424051ca529dec1868565a86b666f10c1b367651d73d37cb940ef5498615e04887cbe

Download Submit
C:\Windows\Updater\rundll.exe-up.txt

Filesize
5KB

MD5
8f28c40cbd3034b347395657f88f2e6a

SHA1
a5e664ce3736c0cccf0cc6f96235647923fea1a1

SHA256
e922e7b10e5f99ec5618ae62c001745f11001deefd1433dc61fe8d9fe5b029d2

SHA512
11031ef6a69bc4294f85ef3d87df324b408cf7b39598e427e36577111537125e40f0130ae0e56e54757db669d18de736defaf60fe5f849862616f93964bbf171

Download Submit
C:\Windows\Updater\rundll.exe-up.txt

Filesize
26KB

MD5
bab1a120cc100d42ac4b65092e552129

SHA1
8215f27d77bd6c0cc774a24ae9e0f35fe9ad4dbe

SHA256
6f35e4db669ac56ba49726c866aa97f28e24914303153c60ce5bf2fb66e83bdf

SHA512
9eec49ff8877244fffe206bbcba7744c6261df3656382d84f432990986742d029d02d9980a1d96d57b664b50e9f9803eaedf55f86ee18e6419b47e57f23d2180

Download Submit
C:\Windows\Updater\rundll.exe-up.txt

Filesize
6KB

MD5
5d26c9b8e474545d903ce68ec1e5bd0c

SHA1
b27f25be02a1025e2f7dfe321c835c46702e59fb

SHA256
15f3741a17c8e534cd24b50fd02b7a1048858899600efb1ea99cfad3c52baac0

SHA512
63cfcb598387f3567409f3b48577cbdd17f4dbb8d47c6339cb1fd5d2553f72272708c6ba93cfb84d10690e969c65d0579d77630e34ad798a6642c58f0aa73a85

Download Submit
C:\Windows\Updater\rundll.exe-up.txt

Filesize
28KB

MD5
7270b41b0c5248ea960d4dc309382adf

SHA1
1eb1bc22513ddb9de0c0b507adf4ecbf5b5e4410

SHA256
19913d0bc91bb813f6508f4e3bc4b7ae383163912b81c98ea76ebe3c92bf7bf7

SHA512
f03427a23aa5a9c08e9c22fa51a676934a17a8aa4aaf58ce4ec1c7c46e4c84152c40014107ef5c8d0ef91bab3e6906a08121c24f0d12819f5673568d067bb29f

Download Submit
C:\Windows\Updater\rundll.exe-up1.txt

Filesize
30KB

MD5
79afbe48e3f5d689315e80031fe25f4d

SHA1
cc5e17e049b74d62aa8e4cbb9998a8f7db2e4427

SHA256
15e5031836f57f423229f2980512001cc5a215aa5fc954b28d6db4608ac2129a

SHA512
7779442f5db0c67ec38337f2d914c4623177dc6f2f204205c36fffc4cf960a7076d7a76813fbc55e7d6a97d8058d7764ff5f123bc98ce9f733d665cfd1c65def

Download Submit
C:\Windows\Updater\rundll.exe-up1.txt

Filesize
30KB

MD5
c5ca62a6ca769bb9aab7bb86cb6bf879

SHA1
95193fc84e0f90b18412e34fd8a78671b9524ee2

SHA256
9f4f8bb2d6476e3f303894d6b31c5d3ebb0dcfcb20a12a9c8d2477a30b87395e

SHA512
0f8f898f4148d9d1ba2673ed72f9a608de50b16988a7565c6f5ebec8a925dea3b1a0a190ccc1415ffdffc592830bcbb4c526d3d60bfe759ee9699512a9c1d857

Download Submit
C:\Windows\Updater\rundll.exe-up1.txt

Filesize
30KB

MD5
a41f6637c05f95d344fb7b9cca78495a

SHA1
c21a3c9255a297f9713359c527b526465918a00e

SHA256
cd36c4b054988e9f58824857ce014f0fd16150e35b4cd5888a5e58a5021252c4

SHA512
e5bc33123a72029753748dd08ddce6329c2ca881abf0bafb17c3609b773767721e695e0cae3f90e5e55e9e04481fd14c70571537f444ffa67cc69760fade0e98

Download Submit
C:\Windows\Updater\rundll.exe-up1.txt

Filesize
30KB

MD5
086f68ef8bf121c4d0bfb5388eb3cf65

SHA1
712e070872f9bd6c773b100d68a4c7450683da2a

SHA256
7bf68d5f4fd95a4b86d12d7b1db8545cd6ae3224d8a594575aa888f3d9646fd4

SHA512
219bf75dedc0562c2ed32151274fd4295e24037c29964ab76bf1c10cb08deeecfa96c5b9a39d55e3bfc7113b7458edf78bbef991466a99de8892fac8605a7929

Download Submit
\??\PIPE\srvsvc

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/576-566-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1000-462-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1040-180-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1300-384-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1300-353-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1504-473-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1504-520-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1532-578-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1532-625-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1616-467-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1616-494-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1676-499-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1676-541-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1732-676-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1732-647-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1776-937-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1776-963-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1808-8-0x0000000000C80000-0x0000000000CBC000-memory.dmp

Filesize
240KB

Download
memory/1808-12-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/1808-7-0x0000000000C80000-0x0000000000CBC000-memory.dmp

Filesize
240KB

Download
memory/1808-6-0x0000000000C80000-0x0000000000CBC000-memory.dmp

Filesize
240KB

Download
memory/1808-9-0x0000000000C80000-0x0000000000CBC000-memory.dmp

Filesize
240KB

Download
memory/1808-10-0x0000000000C80000-0x0000000000CBC000-memory.dmp

Filesize
240KB

Download
memory/1808-11-0x0000000000C80000-0x0000000000CBC000-memory.dmp

Filesize
240KB

Download
memory/1808-33-0x0000000003D00000-0x0000000003D5B000-memory.dmp

Filesize
364KB

Download
memory/1808-15-0x0000000000C80000-0x0000000000CBC000-memory.dmp

Filesize
240KB

Download
memory/1808-19-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1808-5-0x0000000000C80000-0x0000000000CBC000-memory.dmp

Filesize
240KB

Download
memory/1808-16-0x0000000000C80000-0x0000000000CBC000-memory.dmp

Filesize
240KB

Download
memory/1808-14-0x0000000000C80000-0x0000000000CBC000-memory.dmp

Filesize
240KB

Download
memory/1816-122-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1816-150-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1844-724-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1844-702-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1860-294-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1860-244-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1932-65-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1932-93-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1932-63-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1940-1067-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/1940-1022-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2004-216-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2004-268-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2080-316-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2080-275-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2104-599-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2104-573-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2252-202-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2252-362-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2252-155-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2252-404-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2292-73-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2292-70-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2292-115-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2328-694-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2372-651-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2372-604-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2392-346-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2432-432-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2460-57-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2460-35-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2460-34-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2580-1093-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2580-1046-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2628-64-0x0000000002620000-0x000000000267B000-memory.dmp

Filesize
364KB

Download
memory/2628-321-0x0000000002DF0000-0x0000000002E4B000-memory.dmp

Filesize
364KB

Download
memory/2628-245-0x00000000029B0000-0x0000000002A0B000-memory.dmp

Filesize
364KB

Download
memory/2628-27-0x0000000000C80000-0x0000000000CBC000-memory.dmp

Filesize
240KB

Download
memory/2628-200-0x0000000002620000-0x000000000267B000-memory.dmp

Filesize
364KB

Download
memory/2628-1226-0x0000000004830000-0x000000000488B000-memory.dmp

Filesize
364KB

Download
memory/2628-572-0x00000000044D0000-0x000000000452B000-memory.dmp

Filesize
364KB

Download
memory/2628-437-0x0000000002E20000-0x0000000002E7B000-memory.dmp

Filesize
364KB

Download
memory/2628-721-0x00000000044D0000-0x000000000452B000-memory.dmp

Filesize
364KB

Download
memory/2628-571-0x0000000002E20000-0x0000000002E7B000-memory.dmp

Filesize
364KB

Download
memory/2628-727-0x0000000004610000-0x000000000466B000-memory.dmp

Filesize
364KB

Download
memory/2628-344-0x0000000002CE0000-0x0000000002D3B000-memory.dmp

Filesize
364KB

Download
memory/2628-472-0x0000000002DF0000-0x0000000002E4B000-memory.dmp

Filesize
364KB

Download
memory/2844-2-0x0000000000401000-0x0000000000422000-memory.dmp

Filesize
132KB

Download
memory/2844-18-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2844-0-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2844-237-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/2844-1-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3084-1041-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3084-1015-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3160-755-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3192-989-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3192-942-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3272-734-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3272-781-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3464-762-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3464-801-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3568-931-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3568-890-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3584-911-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3584-884-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3652-1140-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3652-1096-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3692-970-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3692-1010-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3820-1073-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3820-1119-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3824-832-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3824-807-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3924-814-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/3924-859-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4056-836-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4056-880-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4108-1145-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4108-1170-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4180-1196-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4336-1173-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4336-1217-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download
memory/4820-1227-0x0000000000400000-0x000000000045B000-memory.dmp

Filesize
364KB

Download