xtremerat | ef7e693bfdbf4795e03e3ada6310982f06fb641c7e7807169cd0cdf245e761d8

Analysis

max time kernel
150s
max time network
19s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
20/08/2024, 14:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe
Size

210KB
MD5

af87ef6f09efa683368bcee63e9c5cd2
SHA1

3b917c4af81922ce075a0c2134e10316d52aa0b6
SHA256

ef7e693bfdbf4795e03e3ada6310982f06fb641c7e7807169cd0cdf245e761d8
SHA512

6b4f6c4c3b430d4629b5c4c4742574f620090a0bd0382d79d67d1e81fffa78fce3c5328c3160503bf0d1f7c6e8196ccaa8238b2b3a88b3f2e52fb1486913d0af
SSDEEP

6144:y0n8ObG2FIMB4TyQOI5JgpcvqNplcT86Sp:yovPOT0Iw5pM86Sp

Score

10^/10

xtremerat bootkit discovery persistence rat spyware upx

Malware Config

Extracted

Family

xtremerat

a411.no-ip.info

Signatures

Detect XtremeRAT payload 2 IoCs

resource	yara_rule
behavioral1/memory/2164-32-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat
behavioral1/memory/1484-41-0x0000000000C80000-0x0000000000C96000-memory.dmp	family_xtremerat

XtremeRAT
The XtremeRAT was developed by xtremecoder and has been available since at least 2010, and written in Delphi.
persistence spyware rat xtremerat

Executes dropped EXE 64 IoCs

pid	Process
1708	tim.exe
2692	tim.exe
3052	tim.exe
2136	tim.exe
2400	tim.exe
1852	tim.exe
1016	tim.exe
2064	tim.exe
1092	tim.exe
2216	tim.exe
2096	tim.exe
1748	tim.exe
2192	tim.exe
2500	tim.exe
3064	tim.exe
1760	tim.exe
1712	tim.exe
2804	tim.exe
2892	tim.exe
2808	tim.exe
2828	tim.exe
2716	tim.exe
1704	tim.exe
316	tim.exe
2136	tim.exe
760	tim.exe
1852	tim.exe
924	tim.exe
2552	tim.exe
1992	tim.exe
1524	tim.exe
2028	tim.exe
2896	tim.exe
2796	tim.exe
2556	tim.exe
2260	tim.exe
760	tim.exe
332	tim.exe
316	tim.exe
2892	tim.exe
2828	tim.exe
2044	tim.exe
1396	tim.exe
2608	tim.exe
2392	tim.exe
924	tim.exe
2300	tim.exe
1248	tim.exe
2140	tim.exe
2828	tim.exe
1272	tim.exe
3108	tim.exe
3132	tim.exe
3296	tim.exe
3364	tim.exe
3388	tim.exe
3504	tim.exe
3524	tim.exe
3592	tim.exe
3656	tim.exe
3692	tim.exe
3716	tim.exe
3952	tim.exe
3976	tim.exe

Loads dropped DLL 25 IoCs

pid	Process
2164	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe
2164	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe
1484	svchost.exe
1484	svchost.exe
1484	svchost.exe
1484	svchost.exe
1484	svchost.exe
1484	svchost.exe
1484	svchost.exe
1484	svchost.exe
1484	svchost.exe
1484	svchost.exe
1484	svchost.exe
1484	svchost.exe
1484	svchost.exe
1484	svchost.exe
1484	svchost.exe
1484	svchost.exe
1484	svchost.exe
1484	svchost.exe
1484	svchost.exe
1484	svchost.exe
1484	svchost.exe
1484	svchost.exe
1484	svchost.exe

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2164-27-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral1/memory/2164-32-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral1/memory/2164-30-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral1/memory/1484-41-0x0000000000C80000-0x0000000000C96000-memory.dmp	upx
behavioral1/memory/1484-313-0x00000000047D0000-0x000000000485B000-memory.dmp	upx

Writes to the Master Boot Record (MBR) 1 TTPs 64 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe
File opened for modification	\??\PhysicalDrive0	tim.exe

Suspicious use of SetThreadContext 64 IoCs

description	pid	Process	procid_target
PID 2908 set thread context of 2164	2908	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	30
PID 1708 set thread context of 2692	1708	tim.exe	41
PID 3052 set thread context of 2136	3052	tim.exe	51
PID 2400 set thread context of 1852	2400	tim.exe	54
PID 2064 set thread context of 1092	2064	tim.exe	72
PID 2216 set thread context of 2096	2216	tim.exe	81
PID 1748 set thread context of 2192	1748	tim.exe	86
PID 2500 set thread context of 3064	2500	tim.exe	89
PID 1760 set thread context of 1712	1760	tim.exe	108
PID 2892 set thread context of 2808	2892	tim.exe	118
PID 2828 set thread context of 2716	2828	tim.exe	120
PID 1704 set thread context of 316	1704	tim.exe	133
PID 760 set thread context of 1852	760	tim.exe	141
PID 2136 set thread context of 924	2136	tim.exe	146
PID 2552 set thread context of 1992	2552	tim.exe	158
PID 1524 set thread context of 2028	1524	tim.exe	168
PID 2896 set thread context of 2796	2896	tim.exe	172
PID 2556 set thread context of 2260	2556	tim.exe	180
PID 2804 set thread context of 760	2804	tim.exe	187
PID 332 set thread context of 316	332	tim.exe	194
PID 2892 set thread context of 2828	2892	tim.exe	208
PID 2044 set thread context of 1396	2044	tim.exe	213
PID 2608 set thread context of 2392	2608	tim.exe	220
PID 2300 set thread context of 1248	2300	tim.exe	237
PID 924 set thread context of 2140	924	tim.exe	244
PID 2828 set thread context of 1272	2828	tim.exe	255
PID 3108 set thread context of 3132	3108	tim.exe	262
PID 3364 set thread context of 3388	3364	tim.exe	282
PID 3504 set thread context of 3524	3504	tim.exe	290
PID 3296 set thread context of 3592	3296	tim.exe	292
PID 3692 set thread context of 3716	3692	tim.exe	298
PID 3952 set thread context of 3976	3952	tim.exe	320
PID 1652 set thread context of 1992	1652	tim.exe	326
PID 3192 set thread context of 2308	3192	tim.exe	329
PID 4020 set thread context of 3364	4020	tim.exe	333
PID 3668 set thread context of 3708	3668	tim.exe	350
PID 3956 set thread context of 4008	3956	tim.exe	357
PID 3656 set thread context of 1652	3656	tim.exe	364
PID 3492 set thread context of 3504	3492	tim.exe	375
PID 3672 set thread context of 3740	3672	tim.exe	381
PID 4000 set thread context of 4044	4000	tim.exe	385
PID 1016 set thread context of 3708	1016	tim.exe	395
PID 3732 set thread context of 4008	3732	tim.exe	399
PID 3772 set thread context of 3304	3772	tim.exe	411
PID 3960 set thread context of 3376	3960	tim.exe	425
PID 1792 set thread context of 3772	1792	tim.exe	429
PID 1052 set thread context of 3712	1052	tim.exe	434
PID 1288 set thread context of 3992	1288	tim.exe	439
PID 4224 set thread context of 4256	4224	tim.exe	453
PID 4380 set thread context of 4404	4380	tim.exe	462
PID 4488 set thread context of 4508	4488	tim.exe	468
PID 4676 set thread context of 4700	4676	tim.exe	482
PID 4808 set thread context of 4832	4808	tim.exe	489
PID 4888 set thread context of 4932	4888	tim.exe	495
PID 5084 set thread context of 5108	5084	tim.exe	508
PID 4224 set thread context of 4172	4224	tim.exe	516
PID 4420 set thread context of 4440	4420	tim.exe	521
PID 4256 set thread context of 4660	4256	tim.exe	526
PID 4828 set thread context of 4808	4828	tim.exe	536
PID 5096 set thread context of 2024	5096	tim.exe	546
PID 4292 set thread context of 4388	4292	tim.exe	549
PID 4696 set thread context of 2436	4696	tim.exe	565
PID 4220 set thread context of 4280	4220	tim.exe	575
PID 4428 set thread context of 4496	4428	tim.exe	578

Drops file in Windows directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\winar\	tim.exe
File opened for modification	C:\Windows\winar\tim.exe	tim.exe
File opened for modification	C:\Windows\winar\	tim.exe
File opened for modification	C:\Windows\winar\tim.exe	tim.exe
File opened for modification	C:\Windows\winar\	tim.exe
File opened for modification	C:\Windows\winar\	tim.exe
File opened for modification	C:\Windows\winar\tim.exe	tim.exe
File opened for modification	C:\Windows\winar\	tim.exe
File opened for modification	C:\Windows\winar\tim.exe	tim.exe
File opened for modification	C:\Windows\winar\	tim.exe
File opened for modification	C:\Windows\winar\	tim.exe
File opened for modification	C:\Windows\winar\tim.exe	tim.exe
File opened for modification	C:\Windows\winar\	tim.exe
File opened for modification	C:\Windows\winar\	tim.exe
File opened for modification	C:\Windows\winar\tim.exe	tim.exe
File opened for modification	C:\Windows\winar\tim.exe	tim.exe
File opened for modification	C:\Windows\winar\tim.exe	tim.exe
File opened for modification	C:\Windows\winar\tim.exe	tim.exe
File opened for modification	C:\Windows\winar\tim.exe	tim.exe
File opened for modification	C:\Windows\winar\tim.exe	tim.exe
File opened for modification	C:\Windows\winar\tim.exe	tim.exe
File opened for modification	C:\Windows\winar\	tim.exe
File opened for modification	C:\Windows\winar\tim.exe	tim.exe
File opened for modification	C:\Windows\winar\tim.exe	tim.exe
File opened for modification	C:\Windows\winar\tim.exe	tim.exe
File opened for modification	C:\Windows\winar\	tim.exe
File opened for modification	C:\Windows\winar\	tim.exe
File opened for modification	C:\Windows\winar\tim.exe	tim.exe
File opened for modification	C:\Windows\winar\	tim.exe
File opened for modification	C:\Windows\winar\	tim.exe
File opened for modification	C:\Windows\winar\	tim.exe
File opened for modification	C:\Windows\winar\tim.exe	tim.exe
File opened for modification	C:\Windows\winar\tim.exe	tim.exe
File opened for modification	C:\Windows\winar\tim.exe	tim.exe
File opened for modification	C:\Windows\winar\	tim.exe
File opened for modification	C:\Windows\winar\	tim.exe
File opened for modification	C:\Windows\winar\tim.exe	tim.exe
File opened for modification	C:\Windows\winar\tim.exe	tim.exe
File opened for modification	C:\Windows\winar\	tim.exe
File opened for modification	C:\Windows\winar\tim.exe	tim.exe
File opened for modification	C:\Windows\winar\	tim.exe
File opened for modification	C:\Windows\winar\	tim.exe
File opened for modification	C:\Windows\winar\	tim.exe
File opened for modification	C:\Windows\winar\tim.exe	tim.exe
File opened for modification	C:\Windows\winar\tim.exe	tim.exe
File opened for modification	C:\Windows\winar\tim.exe	tim.exe
File opened for modification	C:\Windows\winar\tim.exe	tim.exe
File opened for modification	C:\Windows\winar\	tim.exe
File opened for modification	C:\Windows\winar\	tim.exe
File opened for modification	C:\Windows\winar\tim.exe	tim.exe
File opened for modification	C:\Windows\winar\	tim.exe
File opened for modification	C:\Windows\winar\tim.exe	tim.exe
File opened for modification	C:\Windows\winar\	tim.exe
File opened for modification	C:\Windows\winar\tim.exe	tim.exe
File opened for modification	C:\Windows\winar\tim.exe	tim.exe
File opened for modification	C:\Windows\winar\tim.exe	tim.exe
File opened for modification	C:\Windows\winar\tim.exe	tim.exe
File opened for modification	C:\Windows\winar\	tim.exe
File opened for modification	C:\Windows\winar\	tim.exe
File opened for modification	C:\Windows\winar\tim.exe	tim.exe
File opened for modification	C:\Windows\winar\tim.exe	tim.exe
File opened for modification	C:\Windows\winar\tim.exe	tim.exe
File opened for modification	C:\Windows\winar\tim.exe	tim.exe
File opened for modification	C:\Windows\winar\tim.exe	tim.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 64 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tim.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	tim.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	tim.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	tim.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	tim.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	tim.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	tim.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	tim.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	tim.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	tim.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	tim.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	tim.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	tim.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	tim.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	tim.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	tim.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	tim.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	tim.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	tim.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	tim.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	tim.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	tim.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	tim.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	tim.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	tim.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	tim.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	tim.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	tim.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	tim.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	tim.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	tim.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	tim.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	tim.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	tim.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	tim.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	tim.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	tim.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	tim.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	tim.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	tim.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	tim.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	tim.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	tim.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	tim.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	tim.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	tim.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	tim.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	tim.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	tim.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	tim.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	tim.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	tim.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	tim.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	tim.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	tim.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	tim.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	tim.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	tim.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	tim.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\	tim.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	tim.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	tim.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	tim.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.key\ = "regfile"	tim.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.key	tim.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
2908	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe
1708	tim.exe
3052	tim.exe
2400	tim.exe
2064	tim.exe
2216	tim.exe
1748	tim.exe
2500	tim.exe
1760	tim.exe
2892	tim.exe
2828	tim.exe
1704	tim.exe
760	tim.exe
2136	tim.exe
2552	tim.exe
1524	tim.exe
2896	tim.exe
2556	tim.exe
2804	tim.exe
332	tim.exe
2892	tim.exe
2044	tim.exe
2608	tim.exe
2300	tim.exe
924	tim.exe
2828	tim.exe
3108	tim.exe
3364	tim.exe
3504	tim.exe
3296	tim.exe
3692	tim.exe
3952	tim.exe
1652	tim.exe
3192	tim.exe
4020	tim.exe
3668	tim.exe
3956	tim.exe
3656	tim.exe
3492	tim.exe
3672	tim.exe
4000	tim.exe
1016	tim.exe
3732	tim.exe
3772	tim.exe
3960	tim.exe
1792	tim.exe
1052	tim.exe
1288	tim.exe
4224	tim.exe
4380	tim.exe
4488	tim.exe
4676	tim.exe
4808	tim.exe
4888	tim.exe
5084	tim.exe
4224	tim.exe
4420	tim.exe
4256	tim.exe
4828	tim.exe
5096	tim.exe
4292	tim.exe
4696	tim.exe
4220	tim.exe
4428	tim.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2908 wrote to memory of 2164	2908	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	30
PID 2908 wrote to memory of 2164	2908	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	30
PID 2908 wrote to memory of 2164	2908	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	30
PID 2908 wrote to memory of 2164	2908	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	30
PID 2908 wrote to memory of 2164	2908	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	30
PID 2908 wrote to memory of 2164	2908	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	30
PID 2908 wrote to memory of 2164	2908	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	30
PID 2908 wrote to memory of 2164	2908	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	30
PID 2908 wrote to memory of 2164	2908	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	30
PID 2164 wrote to memory of 1484	2164	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	31
PID 2164 wrote to memory of 1484	2164	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	31
PID 2164 wrote to memory of 1484	2164	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	31
PID 2164 wrote to memory of 1484	2164	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	31
PID 2164 wrote to memory of 1484	2164	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	31
PID 2164 wrote to memory of 2856	2164	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	32
PID 2164 wrote to memory of 2856	2164	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	32
PID 2164 wrote to memory of 2856	2164	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	32
PID 2164 wrote to memory of 2856	2164	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	32
PID 2164 wrote to memory of 2856	2164	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	32
PID 2164 wrote to memory of 1932	2164	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	33
PID 2164 wrote to memory of 1932	2164	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	33
PID 2164 wrote to memory of 1932	2164	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	33
PID 2164 wrote to memory of 1932	2164	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	33
PID 2164 wrote to memory of 1932	2164	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	33
PID 2164 wrote to memory of 2952	2164	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	34
PID 2164 wrote to memory of 2952	2164	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	34
PID 2164 wrote to memory of 2952	2164	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	34
PID 2164 wrote to memory of 2952	2164	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	34
PID 2164 wrote to memory of 2952	2164	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	34
PID 2164 wrote to memory of 2524	2164	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	35
PID 2164 wrote to memory of 2524	2164	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	35
PID 2164 wrote to memory of 2524	2164	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	35
PID 2164 wrote to memory of 2524	2164	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	35
PID 2164 wrote to memory of 2524	2164	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	35
PID 2164 wrote to memory of 3036	2164	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	36
PID 2164 wrote to memory of 3036	2164	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	36
PID 2164 wrote to memory of 3036	2164	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	36
PID 2164 wrote to memory of 3036	2164	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	36
PID 2164 wrote to memory of 3036	2164	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	36
PID 2164 wrote to memory of 3048	2164	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	37
PID 2164 wrote to memory of 3048	2164	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	37
PID 2164 wrote to memory of 3048	2164	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	37
PID 2164 wrote to memory of 3048	2164	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	37
PID 2164 wrote to memory of 3048	2164	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	37
PID 2164 wrote to memory of 2848	2164	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	38
PID 2164 wrote to memory of 2848	2164	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	38
PID 2164 wrote to memory of 2848	2164	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	38
PID 2164 wrote to memory of 2848	2164	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	38
PID 2164 wrote to memory of 2848	2164	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	38
PID 2164 wrote to memory of 1488	2164	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	39
PID 2164 wrote to memory of 1488	2164	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	39
PID 2164 wrote to memory of 1488	2164	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	39
PID 2164 wrote to memory of 1488	2164	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	39
PID 2164 wrote to memory of 1708	2164	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	40
PID 2164 wrote to memory of 1708	2164	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	40
PID 2164 wrote to memory of 1708	2164	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	40
PID 2164 wrote to memory of 1708	2164	af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe	40
PID 1708 wrote to memory of 2692	1708	tim.exe	41
PID 1708 wrote to memory of 2692	1708	tim.exe	41
PID 1708 wrote to memory of 2692	1708	tim.exe	41
PID 1708 wrote to memory of 2692	1708	tim.exe	41
PID 1708 wrote to memory of 2692	1708	tim.exe	41
PID 1708 wrote to memory of 2692	1708	tim.exe	41
PID 1708 wrote to memory of 2692	1708	tim.exe	41

C:\Users\Admin\AppData\Local\Temp\af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2908
- C:\Users\Admin\AppData\Local\Temp\af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe
  C:\Users\Admin\AppData\Local\Temp\af87ef6f09efa683368bcee63e9c5cd2_JaffaCakes118.exe
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2164
- - C:\Windows\SysWOW64\svchost.exe
    svchost.exe
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:1484
  - - C:\Windows\winar\tim.exe
      "C:\Windows\winar\tim.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of SetThreadContext
      System Location Discovery: System Language Discovery
      Modifies registry class
      Suspicious use of SetWindowsHookEx
      PID:2400
    - - C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        5⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:1852
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2036
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2760
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1332
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2976
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2988
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1716
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:892
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1764
      - C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:2064
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        7⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:1092
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2396
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2184
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2356
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2120
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1592
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:996
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:448
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2628
        
        C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        8⤵
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:1748
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        9⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:2192
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:784
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2444
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2632
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1536
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1964
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:776
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1576
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1772
        
        C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        10⤵
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:2804
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        11⤵
        Executes dropped EXE
        
        PID:760
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:816
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:636
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:2788
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:2884
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:2240
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:2804
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:2528
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:2664
        
        C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        12⤵
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:924
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        13⤵
        Executes dropped EXE
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:2140
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:2608
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:540
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:2400
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3100
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3204
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3236
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3288
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3324
        
        C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        14⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:3364
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        15⤵
        Executes dropped EXE
        
        PID:3388
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:3440
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:3464
  - - C:\Windows\winar\tim.exe
      "C:\Windows\winar\tim.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of SetThreadContext
      Modifies registry class
      Suspicious use of SetWindowsHookEx
      PID:2216
    - - C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        5⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:2096
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1856
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2624
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2204
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1516
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1324
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1736
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2144
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:400
      - C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        6⤵
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1760
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        7⤵
        Executes dropped EXE
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:1712
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2252
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2852
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2888
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:956
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3040
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2692
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2104
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3052
        
        C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        8⤵
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:1704
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        9⤵
        Executes dropped EXE
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:316
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1604
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:932
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2284
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1924
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2360
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2112
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1748
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2200
        
        C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        10⤵
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:2552
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        11⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:1992
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:908
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:1684
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:2584
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:2672
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:2540
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:2732
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:2080
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:1864
        
        C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        12⤵
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:332
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        13⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:316
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:888
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:2156
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:2108
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:2604
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:2136
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:2236
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:2892
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:1680
        
        C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        14⤵
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:2300
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        15⤵
        Executes dropped EXE
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:1248
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:564
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:1528
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:1508
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:2380
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:3076
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:3196
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:3228
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:3264
        
        C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        16⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3296
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        17⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:3592
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:3640
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:3744
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:3792
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:3816
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:3844
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:3868
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:3896
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:3936
        
        C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        18⤵
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:4020
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        19⤵
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:3364
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:2056
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:3516
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:3548
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:3296
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:3424
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:3728
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:3924
  - - C:\Windows\winar\tim.exe
      "C:\Windows\winar\tim.exe"
      4⤵
      Executes dropped EXE
      Writes to the Master Boot Record (MBR)
      Suspicious use of SetThreadContext
      System Location Discovery: System Language Discovery
      Modifies registry class
      Suspicious use of SetWindowsHookEx
      PID:2500
    - - C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        5⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:3064
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1752
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1984
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1276
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2492
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2516
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1740
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2548
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1328
      - C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        6⤵
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:2892
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        7⤵
        Executes dropped EXE
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:2808
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2708
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2032
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2964
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2700
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2616
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3000
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:704
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:476
        
        C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        8⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2136
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        9⤵
        Executes dropped EXE
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:924
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:708
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1092
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1156
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1784
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1720
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:2288
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3068
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1480
        
        C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        10⤵
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2556
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        11⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2260
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:2780
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:2808
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3020
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:1184
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:572
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:2192
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:2164
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:2640
        
        C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        12⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:2608
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        13⤵
        Executes dropped EXE
        
        PID:2392
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:1916
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:2796
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:2556
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:2500
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:920
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3064
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:316
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:2828
        
        C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        14⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:3108
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        15⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:3132
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:3184
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:3220
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:3252
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:3316
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:3356
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:3456
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:3496
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:3648
        
        C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        16⤵
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:3692
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        17⤵
        Executes dropped EXE
        
        PID:3716
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:3764
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:3800
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:3824
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:3852
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:3876
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:3904
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:3944
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:4064
        
        C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        18⤵
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1652
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        19⤵
        Drops file in Windows directory
        
        PID:1992
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:3148
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:3396
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:1272
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:3540
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:3588
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:3616
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:3676
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:3928
        
        C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        20⤵
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:3956
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        21⤵
        
        PID:4008
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:4028
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:4080
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:4072
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:3112
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:1248
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:3384
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:1788
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        22⤵
        
        PID:4016
        
        C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        22⤵
        Suspicious use of SetThreadContext
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:3672
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        23⤵
        Drops file in Windows directory
        
        PID:3740
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        24⤵
        
        PID:3144
  - - C:\Windows\winar\tim.exe
      "C:\Windows\winar\tim.exe"
      4⤵
      Executes dropped EXE
      Writes to the Master Boot Record (MBR)
      Suspicious use of SetThreadContext
      Suspicious use of SetWindowsHookEx
      PID:2828
    - - C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:2716
  - - C:\Windows\winar\tim.exe
      "C:\Windows\winar\tim.exe"
      4⤵
      Executes dropped EXE
      Writes to the Master Boot Record (MBR)
      Suspicious use of SetThreadContext
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:760
    - - C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        5⤵
        Executes dropped EXE
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:1852
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1908
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:556
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2152
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:840
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1348
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3060
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2620
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2280
      - C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        6⤵
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1524
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        7⤵
        Executes dropped EXE
        
        PID:2028
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2768
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2716
  - - C:\Windows\winar\tim.exe
      "C:\Windows\winar\tim.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of SetThreadContext
      System Location Discovery: System Language Discovery
      Modifies registry class
      Suspicious use of SetWindowsHookEx
      PID:2896
    - - C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        5⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:2796
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1780
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1376
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:592
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2092
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1948
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2752
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1180
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1980
      - C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        6⤵
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:2892
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        7⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:2828
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1644
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2588
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2680
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1572
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2592
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:2840
  - - C:\Windows\winar\tim.exe
      "C:\Windows\winar\tim.exe"
      4⤵
      Executes dropped EXE
      Writes to the Master Boot Record (MBR)
      Suspicious use of SetThreadContext
      Suspicious use of SetWindowsHookEx
      PID:2044
    - - C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        5⤵
        Executes dropped EXE
        
        PID:1396
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:292
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2504
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1724
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1728
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1616
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2408
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2660
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2052
      - C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        6⤵
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:2828
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        7⤵
        Executes dropped EXE
        
        PID:1272
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1396
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3160
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3212
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3244
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3308
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3332
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3448
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3472
        
        C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        8⤵
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:3504
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        9⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:3524
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3576
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3684
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3784
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3808
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3836
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3860
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3888
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:3912
        
        C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        10⤵
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:3952
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        11⤵
        Executes dropped EXE
        Drops file in Windows directory
        
        PID:3976
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4036
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4088
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:1108
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3484
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3536
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3568
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3604
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:3632
        
        C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        12⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3668
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        13⤵
        
        PID:3708
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3932
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3972
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4048
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4084
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3720
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3192
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3352
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:3412
        
        C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        14⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:3492
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        15⤵
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:3504
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:3680
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:3664
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:2392
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:3088
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:3108
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:3284
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:3572
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:3344
        
        C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        16⤵
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:3732
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:4008
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:4012
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:3984
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:3724
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:1016
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:1652
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:3884
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:3524
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:1804
        
        C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        18⤵
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1792
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        19⤵
        System Location Discovery: System Language Discovery
        
        PID:3772
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:3304
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:3704
  - - C:\Windows\winar\tim.exe
      "C:\Windows\winar\tim.exe"
      4⤵
      Executes dropped EXE
      Writes to the Master Boot Record (MBR)
      Suspicious use of SetThreadContext
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3656
    - - C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        5⤵
        Drops file in Windows directory
        
        PID:1652
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3280
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2260
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3404
  - - C:\Windows\winar\tim.exe
      "C:\Windows\winar\tim.exe"
      4⤵
      Writes to the Master Boot Record (MBR)
      Suspicious use of SetThreadContext
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:3192
    - - C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        5⤵
        Drops file in Windows directory
        
        PID:2308
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:2300
  - - C:\Windows\winar\tim.exe
      "C:\Windows\winar\tim.exe"
      4⤵
      Writes to the Master Boot Record (MBR)
      Suspicious use of SetThreadContext
      System Location Discovery: System Language Discovery
      Modifies registry class
      Suspicious use of SetWindowsHookEx
      PID:4000
    - - C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4044
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3400
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3656
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:332
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1936
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1704
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3612
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4004
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3920
      - C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        6⤵
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:1052
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:3712
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1776
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:1052
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4132
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4156
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4184
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4248
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4320
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4344
        
        C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        8⤵
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:4380
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        9⤵
        Drops file in Windows directory
        
        PID:4404
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4448
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4472
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4516
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4572
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4592
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4608
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4628
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4644
        
        C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        10⤵
        Suspicious use of SetThreadContext
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:4676
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        11⤵
        Drops file in Windows directory
        
        PID:4700
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4748
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4768
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4800
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4896
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4912
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4992
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:5016
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:5044
        
        C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        12⤵
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:5084
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        13⤵
        
        PID:5108
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4104
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4212
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4364
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4500
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4408
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4720
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4756
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4544
        
        C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        14⤵
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:4828
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        15⤵
        Drops file in Windows directory
        
        PID:4808
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:4956
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:1368
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5060
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:4732
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:848
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:1496
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:4968
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:4932
        
        C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        16⤵
        Suspicious use of SetThreadContext
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:4696
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        17⤵
        System Location Discovery: System Language Discovery
        
        PID:2436
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:4856
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:4888
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:4112
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:4828
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:4864
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:4460
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:4276
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:1792
        
        C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        18⤵
        
        PID:5056
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        19⤵
        
        PID:4824
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:3992
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:4860
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:4844
  - - C:\Windows\winar\tim.exe
      "C:\Windows\winar\tim.exe"
      4⤵
      Writes to the Master Boot Record (MBR)
      Suspicious use of SetThreadContext
      Modifies registry class
      Suspicious use of SetWindowsHookEx
      PID:3772
    - - C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        5⤵
        
        PID:3304
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3132
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3504
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3732
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4024
  - - C:\Windows\winar\tim.exe
      "C:\Windows\winar\tim.exe"
      4⤵
      Suspicious use of SetThreadContext
      System Location Discovery: System Language Discovery
      Modifies registry class
      Suspicious use of SetWindowsHookEx
      PID:1288
    - - C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        5⤵
        Drops file in Windows directory
        
        PID:3992
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4120
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4148
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4176
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4200
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4312
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4336
  - - C:\Windows\winar\tim.exe
      "C:\Windows\winar\tim.exe"
      4⤵
      Suspicious use of SetThreadContext
      Modifies registry class
      Suspicious use of SetWindowsHookEx
      PID:4488
    - - C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        5⤵
        Drops file in Windows directory
        
        PID:4508
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4556
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4580
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4600
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4616
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4636
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4668
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4760
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4776
      - C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        6⤵
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4808
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        7⤵
        Drops file in Windows directory
        
        PID:4832
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4876
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4904
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4960
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5000
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5028
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5068
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4232
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3376
        
        C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        8⤵
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:4224
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        9⤵
        Drops file in Windows directory
        
        PID:4172
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4400
  - - C:\Windows\winar\tim.exe
      "C:\Windows\winar\tim.exe"
      4⤵
      Suspicious use of SetThreadContext
      Modifies registry class
      Suspicious use of SetWindowsHookEx
      PID:4888
    - - C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        5⤵
        
        PID:4932
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4980
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5008
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5036
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5076
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:3272
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4240
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4384
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4532
      - C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        6⤵
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4256
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        7⤵
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:4660
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4712
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4744
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4564
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4788
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4972
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4736
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4704
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5104
        
        C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        8⤵
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:4292
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        9⤵
        
        PID:4388
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4108
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4172
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4304
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4456
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4524
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4924
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4920
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4836
        
        C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        10⤵
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:4428
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        11⤵
        
        PID:4496
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4696
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:5096
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:2024
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4288
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4420
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4848
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4428
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:5136
        
        C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        12⤵
        Writes to the Master Boot Record (MBR)
        Modifies registry class
        
        PID:5232
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        13⤵
        Drops file in Windows directory
        
        PID:5252
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5292
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5316
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5336
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5352
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5372
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5392
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5412
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5492
        
        C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        14⤵
        Writes to the Master Boot Record (MBR)
        
        PID:5548
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        15⤵
        
        PID:5572
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5620
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5644
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5728
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5752
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5780
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5804
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5832
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5920
        
        C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        16⤵
        Writes to the Master Boot Record (MBR)
        Modifies registry class
        
        PID:5972
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        17⤵
        Drops file in Windows directory
        
        PID:5164
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:5264
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:4824
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:5428
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:5508
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:5612
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:5684
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:5604
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:6032
        
        C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        18⤵
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:6088
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        19⤵
        
        PID:6084
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:5128
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:5976
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        20⤵
        
        PID:5232
  - - C:\Windows\winar\tim.exe
      "C:\Windows\winar\tim.exe"
      4⤵
      Writes to the Master Boot Record (MBR)
      Suspicious use of SetThreadContext
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4420
    - - C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4440
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4488
  - - C:\Windows\winar\tim.exe
      "C:\Windows\winar\tim.exe"
      4⤵
      Suspicious use of SetThreadContext
      Modifies registry class
      Suspicious use of SetWindowsHookEx
      PID:5096
    - - C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        5⤵
        
        PID:2024
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4268
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4528
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4624
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4588
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4656
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4440
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:4872
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5088
      - C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        6⤵
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:4220
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        7⤵
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:4280
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4652
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4224
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5024
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4660
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4360
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3708
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4808
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4852
        
        C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        8⤵
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:5144
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        9⤵
        Drops file in Windows directory
        
        PID:5172
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5220
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5308
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5328
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5344
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5364
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5384
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5404
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5420
        
        C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        10⤵
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        
        PID:5444
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        11⤵
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:5464
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:5512
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:5628
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:5652
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:5736
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:5760
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:5788
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:5812
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:5840
        
        C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        12⤵
        Modifies registry class
        
        PID:5872
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        13⤵
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:5892
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5944
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5992
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:6096
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5188
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5216
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:4684
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5400
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:5172
        
        C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        14⤵
        
        PID:5484
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        15⤵
        
        PID:5304
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5580
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5544
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5936
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:6016
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:6044
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:4256
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5248
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:5108
        
        C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        16⤵
        Writes to the Master Boot Record (MBR)
        Modifies registry class
        
        PID:5932
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        17⤵
        Drops file in Windows directory
        
        PID:5280
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:6028
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:5696
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        18⤵
        
        PID:5912
  - - C:\Windows\winar\tim.exe
      "C:\Windows\winar\tim.exe"
      4⤵
      Writes to the Master Boot Record (MBR)
      Modifies registry class
      PID:5636
    - - C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        5⤵
        Drops file in Windows directory
        
        PID:5672
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5720
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5744
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5772
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5796
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5824
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5864
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5984
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:6008
      - C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        6⤵
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:6104
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        7⤵
        System Location Discovery: System Language Discovery
        
        PID:6128
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4280
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5200
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:4100
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:3712
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5452
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5476
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5592
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5668
        
        C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        8⤵
        Writes to the Master Boot Record (MBR)
        Modifies registry class
        
        PID:5768
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        9⤵
        Drops file in Windows directory
        
        PID:5884
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5600
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:6004
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:6112
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5196
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:4496
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5472
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5692
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:6132
        
        C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        10⤵
        Writes to the Master Boot Record (MBR)
        
        PID:5528
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        11⤵
        Drops file in Windows directory
        
        PID:5900
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:5584
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:6124
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:6104
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:5560
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:5548
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:5484
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:5252
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:4388
        
        C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        12⤵
        Writes to the Master Boot Record (MBR)
        
        PID:532
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        13⤵
        Drops file in Windows directory
        
        PID:6524
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:6560
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:6580
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:6600
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:6616
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:6636
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:6680
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:6752
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        14⤵
        
        PID:6836
        
        C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        14⤵
        Writes to the Master Boot Record (MBR)
        Modifies registry class
        
        PID:6860
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        15⤵
        System Location Discovery: System Language Discovery
        
        PID:6896
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:6932
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        16⤵
        
        PID:6964
  - - C:\Windows\winar\tim.exe
      "C:\Windows\winar\tim.exe"
      4⤵
      Writes to the Master Boot Record (MBR)
      PID:6000
    - - C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        5⤵
        Drops file in Windows directory
        
        PID:6024
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:6072
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5180
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5144
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5288
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5324
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5436
  - - C:\Windows\winar\tim.exe
      "C:\Windows\winar\tim.exe"
      4⤵
      Writes to the Master Boot Record (MBR)
      Modifies registry class
      PID:5712
    - - C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        5⤵
        
        PID:5860
  - - C:\Windows\winar\tim.exe
      "C:\Windows\winar\tim.exe"
      4⤵
      Writes to the Master Boot Record (MBR)
      Modifies registry class
      PID:5980
    - - C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        5⤵
        
        PID:5284
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5672
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:6140
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5588
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5928
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5536
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5932
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:6080
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1808
      - C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        6⤵
        Writes to the Master Boot Record (MBR)
        
        PID:5636
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        7⤵
        Drops file in Windows directory
        
        PID:5464
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5820
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5608
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5712
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:6120
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5164
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5284
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5880
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5568
        
        C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        8⤵
        System Location Discovery: System Language Discovery
        Modifies registry class
        
        PID:6088
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        9⤵
        Drops file in Windows directory
        
        PID:2696
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5176
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1084
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:1816
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:5564
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:6152
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:6176
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:6192
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:6212
        
        C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        10⤵
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        
        PID:6240
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        11⤵
        System Location Discovery: System Language Discovery
        
        PID:6260
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:6304
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:6444
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:6488
  - - C:\Windows\winar\tim.exe
      "C:\Windows\winar\tim.exe"
      4⤵
      PID:5960
    - - C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        5⤵
        Drops file in Windows directory
        
        PID:5236
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5460
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:1152
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5904
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5952
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5964
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5468
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:5768
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:6064
      - C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        6⤵
        Writes to the Master Boot Record (MBR)
        Modifies registry class
        
        PID:5956
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        7⤵
        
        PID:6048
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:6040
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5956
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5980
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:5532
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:6164
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:6184
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:6204
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        8⤵
        
        PID:6284
        
        C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        8⤵
        Writes to the Master Boot Record (MBR)
        Modifies registry class
        
        PID:6332
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        9⤵
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:6352
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:6388
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:6480
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:6504
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:6572
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:6588
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:6608
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:6624
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        10⤵
        
        PID:6644
        
        C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        10⤵
        Writes to the Master Boot Record (MBR)
        System Location Discovery: System Language Discovery
        
        PID:6668
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        11⤵
        Drops file in Windows directory
        System Location Discovery: System Language Discovery
        
        PID:6696
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:6740
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:6800
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:6872
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        12⤵
        
        PID:6948
  - - C:\Windows\winar\tim.exe
      "C:\Windows\winar\tim.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:6404
    - - C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        5⤵
        Drops file in Windows directory
        
        PID:6420
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:6472
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:6496
  - - C:\Windows\winar\tim.exe
      "C:\Windows\winar\tim.exe"
      4⤵
      Writes to the Master Boot Record (MBR)
      System Location Discovery: System Language Discovery
      PID:6760
    - - C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        5⤵
        Drops file in Windows directory
        
        PID:6776
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:6820
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:6888
      - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        6⤵
        
        PID:6956
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:2856
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:1932
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:2952
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:2524
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:3036
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:3048
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:2848
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe"
    3⤵
    PID:1488
- - C:\Windows\winar\tim.exe
    "C:\Windows\winar\tim.exe"
    3⤵
    - Executes dropped EXE
    - Writes to the Master Boot Record (MBR)
    - Suspicious use of SetThreadContext
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1708
  - - C:\Windows\winar\tim.exe
      C:\Windows\winar\tim.exe
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:2692
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:1944
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:2188
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:600
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:1688
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:680
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:1340
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:1596
    - - C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        5⤵
        
        PID:3016
    - - C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:3052
      - C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        6⤵
        Executes dropped EXE
        
        PID:2136
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:1860
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:2720
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:644
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:1608
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:3024
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:2980
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:1436
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        7⤵
        
        PID:1492
        
        C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        7⤵
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Suspicious use of SetWindowsHookEx
        
        PID:1016
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        8⤵
        Drops file in Windows directory
        
        PID:3708
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:1796
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:3956
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:3512
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:2744
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:1960
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:3976
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:3780
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        9⤵
        
        PID:2440
        
        C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        9⤵
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        System Location Discovery: System Language Discovery
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:3960
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        10⤵
        Drops file in Windows directory
        
        PID:3376
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2308
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2836
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:3996
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:2004
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:3772
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:4140
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:4164
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        11⤵
        
        PID:4192
        
        C:\Windows\winar\tim.exe
        
        "C:\Windows\winar\tim.exe"
        11⤵
        Writes to the Master Boot Record (MBR)
        Suspicious use of SetThreadContext
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        
        PID:4224
        
        C:\Windows\winar\tim.exe
        
        C:\Windows\winar\tim.exe
        12⤵
        Drops file in Windows directory
        
        PID:4256
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:4296
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:4328
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:4352
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:4464
        
        C:\Program Files\Internet Explorer\iexplore.exe
        
        "C:\Program Files\Internet Explorer\iexplore.exe"
        13⤵
        
        PID:4480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\((Mutex)).cfg

Filesize
1KB

MD5
b84c6bacadd226389a422c878def902a

SHA1
c8475cfd4b0ff1199a6b02fb213f4fb11886cb07

SHA256
9755f94de1f241c5ac0b1fa9dee88ef18305563510a1d9adb00b3276fadade0d

SHA512
c6146e0ae39aa8f5e3add6d442632dd8e6a451b86ea37676da58f39cb2a46efde3a124f750a084fb1a80560451c42241eaaefb8e5db0564d78cfc6966eee0632

Download Submit
C:\Windows\winar\tim.exe

Filesize
210KB

MD5
af87ef6f09efa683368bcee63e9c5cd2

SHA1
3b917c4af81922ce075a0c2134e10316d52aa0b6

SHA256
ef7e693bfdbf4795e03e3ada6310982f06fb641c7e7807169cd0cdf245e761d8

SHA512
6b4f6c4c3b430d4629b5c4c4742574f620090a0bd0382d79d67d1e81fffa78fce3c5328c3160503bf0d1f7c6e8196ccaa8238b2b3a88b3f2e52fb1486913d0af

Download Submit
memory/332-270-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/760-194-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/924-317-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/1016-119-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/1484-367-0x00000000047E0000-0x000000000486B000-memory.dmp

Filesize
556KB

Download
memory/1484-232-0x00000000045A0000-0x000000000462B000-memory.dmp

Filesize
556KB

Download
memory/1484-41-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/1484-98-0x0000000002850000-0x00000000028DB000-memory.dmp

Filesize
556KB

Download
memory/1484-39-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/1484-388-0x00000000047E0000-0x000000000486B000-memory.dmp

Filesize
556KB

Download
memory/1484-466-0x0000000004980000-0x0000000004A0B000-memory.dmp

Filesize
556KB

Download
memory/1484-127-0x0000000002850000-0x00000000028DB000-memory.dmp

Filesize
556KB

Download
memory/1484-400-0x0000000004960000-0x00000000049EB000-memory.dmp

Filesize
556KB

Download
memory/1484-313-0x00000000047D0000-0x000000000485B000-memory.dmp

Filesize
556KB

Download
memory/1524-227-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/1652-394-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/1652-389-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/1704-181-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/1704-173-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/1708-56-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/1708-48-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/1748-118-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/1760-141-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2044-287-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2064-92-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2136-202-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2164-46-0x0000000003200000-0x000000000328B000-memory.dmp

Filesize
556KB

Download
memory/2164-27-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/2164-30-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/2164-45-0x0000000003200000-0x000000000328B000-memory.dmp

Filesize
556KB

Download
memory/2164-32-0x0000000000C80000-0x0000000000C96000-memory.dmp

Filesize
88KB

Download
memory/2216-106-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2300-307-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2400-79-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2400-72-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2500-131-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2552-215-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2552-209-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2556-244-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2556-252-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2608-298-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2804-261-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2804-178-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2804-148-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2828-162-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2828-167-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2828-326-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2892-278-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2892-275-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2892-157-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2896-239-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2908-10-0x0000000001F30000-0x0000000001F31000-memory.dmp

Filesize
4KB

Download
memory/2908-5-0x0000000001F30000-0x0000000001F31000-memory.dmp

Filesize
4KB

Download
memory/2908-13-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2908-14-0x00000000002C0000-0x00000000002C1000-memory.dmp

Filesize
4KB

Download
memory/2908-15-0x0000000001F00000-0x0000000001F01000-memory.dmp

Filesize
4KB

Download
memory/2908-16-0x00000000002F0000-0x00000000002F1000-memory.dmp

Filesize
4KB

Download
memory/2908-17-0x00000000002E0000-0x00000000002E1000-memory.dmp

Filesize
4KB

Download
memory/2908-18-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/2908-19-0x00000000003A0000-0x00000000003A1000-memory.dmp

Filesize
4KB

Download
memory/2908-20-0x0000000001F40000-0x0000000001F41000-memory.dmp

Filesize
4KB

Download
memory/2908-0-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2908-21-0x0000000001F50000-0x0000000001F51000-memory.dmp

Filesize
4KB

Download
memory/2908-22-0x0000000001F70000-0x0000000001F71000-memory.dmp

Filesize
4KB

Download
memory/2908-23-0x00000000005D0000-0x00000000005D1000-memory.dmp

Filesize
4KB

Download
memory/2908-24-0x0000000000390000-0x0000000000391000-memory.dmp

Filesize
4KB

Download
memory/2908-28-0x0000000002AA0000-0x0000000002B2B000-memory.dmp

Filesize
556KB

Download
memory/2908-31-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2908-25-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/2908-26-0x0000000001F60000-0x0000000001F61000-memory.dmp

Filesize
4KB

Download
memory/2908-8-0x0000000001F30000-0x0000000001F31000-memory.dmp

Filesize
4KB

Download
memory/2908-9-0x0000000001F30000-0x0000000001F31000-memory.dmp

Filesize
4KB

Download
memory/2908-7-0x0000000001F40000-0x0000000001F41000-memory.dmp

Filesize
4KB

Download
memory/2908-6-0x0000000001F40000-0x0000000001F41000-memory.dmp

Filesize
4KB

Download
memory/2908-4-0x0000000001F30000-0x0000000001F31000-memory.dmp

Filesize
4KB

Download
memory/2908-12-0x00000000005B0000-0x00000000005B1000-memory.dmp

Filesize
4KB

Download
memory/2908-2-0x00000000005C0000-0x00000000005C2000-memory.dmp

Filesize
8KB

Download
memory/2908-11-0x00000000002D0000-0x00000000002E0000-memory.dmp

Filesize
64KB

Download
memory/3052-59-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/3052-67-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/3108-334-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/3108-329-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/3192-407-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/3296-364-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/3364-346-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/3364-339-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/3492-447-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/3492-454-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/3504-355-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/3656-395-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/3656-442-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/3668-423-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/3672-463-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/3692-368-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/3692-373-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/3952-383-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/3956-435-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/3956-428-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/4000-473-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/4020-416-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/4020-387-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads